Votre question

comment supprimer les virus !

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Mai 2007 15:59:18

Bonjour,

J'ai antivir comme antivirus, j'ai sans arrêt des fenêtres qui s'affichent disant que j'ai des virus. qu'est ce qu'il faut faire mettre en quarantaine, supprimer.... ?Je ne m'y connais pas du tout en infomatique. j'ai essayer de chercher sur quelques forums. il est écrit dans la plupart d'utiliser hijackthis est mettre le rapport


le voici:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:35:03, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\uwa6pcw.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WinAntiVirus Pro 2006\unins000.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_iu14D2N.tmp
C:\Program Files\WinAntiVirus Pro 2006\winav.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\vbwjlffe.dll
O2 - BHO: Buyertools - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8071E65A-3F56-4426-8372-8667CD213057} - C:\WINDOWS\system32\efcayvu.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
O2 - BHO: (no name) - {D97C70AC-07D4-4C2E-86C9-40D504835392} - C:\WINDOWS\system32\ssqrq.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [saap] c:\program files\180searchassistant\saap.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\qomqeqlp.dll",realset
O4 - HKLM\..\Run: [NI.UWAS6V_0001_N91M2208] "C:\Documents and Settings\HP_Propriétaire\Application Data\winantispyware2006freeinstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Monopoly3.exe] C:\DOCUME~1\HP_PRO~1\MESDOC~1\MSNAND~1\MONOPO~1.EXE /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [L03FDXRC_1079671] C:\Program Files\Microsoft Encarta\Collection Encarta 2003\EDICT.EXE -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\dptracker.exe (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB98931-3DCE-4696-BD0A-81A2C7119168}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{6DB98931-3DCE-4696-BD0A-81A2C7119168}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: efcayvu - C:\WINDOWS\SYSTEM32\efcayvu.dll
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 14214 bytes


En vous remerciant.

Autres pages sur : supprimer virus

a b 8 Sécurité
30 Mai 2007 17:08:23

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    30 Mai 2007 17:39:10

    revoici le rapport:


    Logfile of HijackThis v1.99.1
    Scan saved at 17:33:06, on 30/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\adjlugky.dll",realset
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [L03FDXRC_91406] C:\Program Files\Microsoft Encarta\Collection Encarta 2003\EDICT.EXE -m
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB98931-3DCE-4696-BD0A-81A2C7119168}: NameServer = 194.117.200.10,194.117.200.15
    O17 - HKLM\System\CS1\Services\Tcpip\..\{6DB98931-3DCE-4696-BD0A-81A2C7119168}: NameServer = 194.117.200.10,194.117.200.15
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    _________________________


    VundoFix V6.4.1

    Checking Java version...

    Scan started at 17:10:01 30/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\janeqmlp.ini
    C:\WINDOWS\system32\plmqenaj.dll
    C:\WINDOWS\system32\plqeqmoq.ini
    C:\WINDOWS\system32\qomqeqlp.dll
    C:\WINDOWS\system32\qrqss.bak1
    C:\WINDOWS\system32\qrqss.bak2
    C:\WINDOWS\system32\qrqss.ini
    C:\WINDOWS\system32\qrqss.ini2
    C:\WINDOWS\system32\qrqss.tmp
    C:\WINDOWS\system32\ssqrq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\janeqmlp.ini
    C:\WINDOWS\system32\janeqmlp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\plmqenaj.dll
    C:\WINDOWS\system32\plmqenaj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\plqeqmoq.ini
    C:\WINDOWS\system32\plqeqmoq.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomqeqlp.dll
    C:\WINDOWS\system32\qomqeqlp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.bak1
    C:\WINDOWS\system32\qrqss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.bak2
    C:\WINDOWS\system32\qrqss.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.ini
    C:\WINDOWS\system32\qrqss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.ini2
    C:\WINDOWS\system32\qrqss.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qrqss.tmp
    C:\WINDOWS\system32\qrqss.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqrq.dll
    C:\WINDOWS\system32\ssqrq.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.4.1

    Checking Java version...

    Scan started at 17:18:20 30/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ssqrq.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ssqrq.dll
    C:\WINDOWS\system32\ssqrq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    encore merci de m'aider !
    Contenus similaires
    a b 8 Sécurité
    30 Mai 2007 17:41:17

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    3 Juin 2007 17:55:53

    voici le rapport:
    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\npcoebbx.dll
    C:\WINDOWS\system32\cccdd.bak1
    C:\WINDOWS\system32\cccdd.bak2
    C:\WINDOWS\system32\cccdd.ini
    C:\WINDOWS\system32\cccdd.ini2
    C:\WINDOWS\system32\cccdd.tmp
    C:\WINDOWS\system32\xbbeocpn.ini
    C:\WINDOWS\system32\cccdd.bak1
    C:\WINDOWS\system32\cccdd.bak2
    C:\WINDOWS\system32\cccdd.ini
    C:\WINDOWS\system32\cccdd.ini2
    C:\WINDOWS\system32\cccdd.tmp
    C:\WINDOWS\system32\cccdd.bak1
    C:\WINDOWS\system32\cccdd.bak2
    C:\WINDOWS\system32\cccdd.ini
    C:\WINDOWS\system32\cccdd.ini2
    C:\WINDOWS\system32\cccdd.tmp
    C:\WINDOWS\system32\ddccc.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))


    2007-06-03 13:14 2,580 --a------ C:\WINDOWS\system32\ytppusnj.exe
    2007-06-03 12:56 <REP> d-------- C:\WINDOWS\system32\Virus trŠs m‚chant
    2007-06-03 12:49 2,580 --a------ C:\WINDOWS\system32\ihptkwow.exe
    2007-06-02 11:48 2,580 --a------ C:\WINDOWS\system32\amrnkrgs.exe
    2007-06-01 10:31 11,776 --a------ C:\WINDOWS\system32\drivers\wasfsd.sys
    2007-05-31 09:18 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\Error Safe
    2007-05-31 09:17 <REP> d-------- C:\Program Files\Fichiers communs\Error Safe
    2007-05-31 09:17 <REP> d-------- C:\Program Files\Error Safe
    2007-05-31 09:11 3,694,412 --a------ C:\WINDOWS\system32\ErrorSafeSetup.exe
    2007-05-31 09:05 92,360 --a------ C:\DOCUME~1\HP_PRO~1\APPLIC~1\errorsafefrenchnewreleaseinstall[1].exe
    2007-05-31 09:05 <REP> d-------- C:\Program Files\ErrorSafe Free
    2007-05-30 20:22 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-05-30 17:10 <REP> d-------- C:\VundoFix Backups
    2007-05-30 16:35 <REP> d-------- C:\WINDOWS\pss
    2007-05-30 14:29 <REP> d--hs---- C:\WA6P
    2007-05-30 14:28 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\WinAntiVirus Pro 2006
    2007-05-30 14:28 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
    2007-05-30 14:26 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-05-30 14:26 <REP> d-------- C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
    2007-05-30 14:07 <REP> d-------- C:\Documents and Settings\HP_Propri‚taire\.housecall6.6
    2007-05-30 14:07 <REP> d-------- C:\DOCUME~1\HP_PRO~1\.housecall6.6
    2007-05-30 12:34 <REP> d-------- C:\Program Files\Alwil Software
    2007-05-30 10:49 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\DriveCleaner Free
    2007-05-30 10:39 <REP> d-------- C:\Program Files\Fichiers communs\DriveCleaner Free
    2007-05-30 10:31 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\WinAntiSpyware 2006
    2007-05-30 10:30 92,880 --a------ C:\DOCUME~1\HP_PRO~1\APPLIC~1\winantispyware2006freeinstall_fr[1].exe
    2007-05-30 10:30 <REP> d-------- C:\Program Files\WinAntiSpyware 2006 Free
    2007-05-28 21:12 53,248 --a------ C:\WINDOWS\StillCap.exe
    2007-05-28 21:12 307,200 --a------ C:\WINDOWS\vidcap32.Exe
    2007-05-28 21:12 <REP> d-------- C:\WINDOWS\CatRoot
    2007-05-28 21:12 <REP> d-------- C:\Program Files\Vimicro
    2007-05-28 21:01 29,206 --------- C:\WINDOWS\system32\efcayvu.dll
    2007-05-28 20:54 10,624 --a------ C:\WINDOWS\system32\drivers\vcam.sys
    2007-05-27 21:14 <REP> d-------- C:\Program Files\Club-Internet
    2007-05-21 10:04 <REP> d-------- C:\DOCUME~1\HP_PRO~1\APPLIC~1\TaoUSign
    2007-05-18 16:12 51,200 --a------ C:\WINDOWS\system32\drivers\UsbSagCom.sys
    2007-05-18 16:12 <REP> d-------- C:\Program Files\SAGEM


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-03 12:38:35 -------- d-----w C:\DOCUME~1\HP_PRO~1\APPLIC~1\Skype
    2007-06-03 10:49:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-30 15:17:26 -------- d-----w C:\Program Files\Google
    2007-05-30 15:00:24 -------- d-----w C:\Program Files\Ulead Systems
    2007-05-30 14:59:51 -------- d-----w C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ulead Systems
    2007-05-30 14:56:40 -------- d-----w C:\Program Files\PC-Doctor 5 for Windows
    2007-05-30 14:48:18 -------- d-----w C:\Program Files\Buyertools Reminder
    2007-05-29 11:10:27 -------- d-----w C:\Program Files\eChanblard
    2007-05-28 19:08:25 -------- d-----w C:\Program Files\Fake Webcam
    2007-04-26 15:35:09 -------- d-----w C:\Program Files\StuffPlug3
    2007-04-26 15:26:25 -------- d-----w C:\DOCUME~1\HP_PRO~1\APPLIC~1\Screenshot Sender
    2007-04-26 11:00:41 -------- d-----w C:\DOCUME~1\HP_PRO~1\APPLIC~1\Image Zone Express
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 11:04:08 -------- d-----w C:\Program Files\Club-Internet(2)
    2007-04-17 10:51:21 -------- d-----w C:\Program Files\Talkway
    2007-03-25 12:36:16 64,724 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-25 12:36:16 446,984 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {8071E65A-3F56-4426-8372-8667CD213057}=C:\WINDOWS\system32\efcayvu.dll [2007-05-28 21:01]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]
    {988B07F5-7392-455A-8A1F-64935CB8B6ED}=C:\Program Files\BarreConfCMCIC\TAPBar.dll [2005-08-24 08:07]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uerscw"="C:\Program Files\ErrorSafe Free\uerscw.exe" [2006-09-21 15:33]
    "Error Safe"="C:\Program Files\Error Safe\ers.exe" [2006-02-08 16:20]
    "erscw"="C:\Program Files\Fichiers communs\Error Safe\erscw.exe" [2006-09-27 14:36]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 01:24]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00]
    "AdwareProtector"="C:\Program Files\Error Safe\AdwareProtector.exe" [2006-12-13 15:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{8071E65A-3F56-4426-8372-8667CD213057}"="C:\WINDOWS\system32\efcayvu.dll" [2007-05-28 21:01]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcayvu]
    efcayvu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Propriétaire^Menu Démarrer^Programmes^Démarrage^Démarrage d'Office.lnk]
    path=C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Démarrage d'Office.lnk
    backup=C:\WINDOWS\pss\Démarrage d'Office.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
    "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
    C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    C:\HP\KBD\KBD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopoly3.exe]
    C:\DOCUME~1\HP_PRO~1\MESDOC~1\MSNAND~1\MONOPO~1.EXE /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWAS6V_0001_N91M2208]

    "C:\Documents and Settings\HP_Propriétaire\Application Data\winantispyware2006freeinstall_fr[1].exe" -nag

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet /keeploaded /nodetect

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    HDAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\saap]
    c:\program files\180searchassistant\saap.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
    "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
    rundll32.exe "C:\WINDOWS\system32\qomqeqlp.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]
    C:\WINDOWS\svchost.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
    C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas6cw]
    "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PV_Check]
    "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    Contents of the 'Scheduled Tasks' folder
    2005-01-03 05:22:50 C:\WINDOWS\tasks\Symantec NetDetect.job

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-03 17:47:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-06-03 17:49:43 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-03 17:49
    C:\ComboFix2.txt ... 2007-05-30 20:22

    --- E O F ---

    désolé de le mettre si tard j'éspère que quelqu'un sera tjrs là pour me répondre
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS