almiros

Merci pour l`analyse Falkra C`est bien KIS 8.0.054 qui est installe, adepte depuis le debut a Kaspersky. Pour le SP3 je l`avais installe suite au formatage mais j`ai rencontre des problemes avec les drivers de la carte mere, le retour au SP2 avec mise a jour a tout fait rentrer dans l`ordre. Le brico Pack ne me cause pas trop de soucis, je m`en sers depuis pas mal d`annee ( version 1 ). En compensation des consommations de ressources, j`ai desactive pas mal de fonction au demarrage de l`OS ( Services.msc) avec l`aide de votre tutorial, tres bien fait d`ailleurs Sympa le lien pour arreter le fameux CTFMon, je n`ai jamais reussi a le retirer ce truc la. malgre la fonction HijackThis, il revenait tout le temps. Au moins j`aurai appris un truc de plus. Merci d`avoir consacre un peu de temps Falkra, tres bon week end a toi Cordialement

Merci Falkra de cette reponse tres rapide ! Voici donc mon rapport avec la nouvelle version HijckThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:48, on 08/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User 'Default user') O4 - .DEFAULT Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (User 'Default user') O4 - .DEFAULT Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1225338889343 O17 - HKLM\System\CCS\Services\Tcpip\..\{9124AAF9-882F-4590-B3EF-E94B108ABAEC}: NameServer = 193.92.150.3,194.219.227.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7790 bytes

Bonjour a tous, je viens de refaire mon pc avec changement carte mere, carte graphique, memoire etc... je voudrai savoir si suite a l`installation des divers drivers notamment Logitech, Creative ou autres, mon rapport est propre ou si je dois eliminer quelques elements notamment au demarrage. Les fabricants ayant la facheuse manie d`installer des maj avec leur sites pas toujours utiles.... J`utilise un webcam Logitech Fusion uniquement avec Skype et j`aimerai pouvoir desactiver tous " trucs " installe qui ne sont pas forcement d`une grande utilite. Je n`utilise que TuneUp Utilities et Kaspersky Internet Security associe a un routeur Lynksys WAG 200. Sur mon ancienne configuration cela me suffisait. CONFIGURATION PC : - Carte mere : Asus P5Q - CPU : E8400 Dual core Intel - Ram : Crucial Ballystic DDR2 800 - Carte graphique: Sapphire PCI HD 4870 Merci d`avance pour vos eventuelles reponse et bon week end a tous. Cordialement. Mon rapport Logfile of HijackThis v1.99.1 Scan saved at 15:41:39, on 08/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1225338889343 O17 - HKLM\System\CCS\Services\Tcpip\..\{9124AAF9-882F-4590-B3EF-E94B108ABAEC}: NameServer = 193.92.150.3,194.219.227.2 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\ O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Bonsoir Charles, Merci pour tous ces precieux conseils, le Pc a regagne de la vigueur. Je vous soumet le rapport Hiackthis...le dernier j`espere L`outil de desinstallation Norton a ete passe. Encore merci pour tout Amicalement Logfile of HijackThis v1.99.1 Scan saved at 15:26, on 2007-07-20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\GUY\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdat...ault.aspx?ln=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Traduire la page avec Google - C:\Documents and Settings\GUY\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Bonsoir Charles, voila les deux rapports, je post un peu tard, j`espere que vous aurez le temps de jeter un oeil. Apparament il y a encore du monde a bord Cordialement. Incident Statut Analyse Outil indésirable:Application/NirCmd.A No Désinfecté C:\Documents and Settings\GUY\Bureau\ComboFix.exe[nircmd.exe] Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\GUY\Cookies\guy@weborama[2].txt Virus:Trj/Downloader.OZB Désinfecté C:\QooBox\Quarantine\C\WINDOWS\system32\bvpfqatb.exe.vir Virus:Trj/Downloader.OZB Désinfecté C:\QooBox\Quarantine\C\WINDOWS\system32\fwnxnumo.exe.vir Virus:Trj/Downloader.OZB Désinfecté C:\QooBox\Quarantine\C\WINDOWS\system32\iixdvuca.exe.vir Virus:Trj/Downloader.OZB Désinfecté C:\QooBox\Quarantine\C\WINDOWS\system32\jcfvadoq.exe.vir Virus:Trj/Downloader.OZB Désinfecté C:\QooBox\Quarantine\C\WINDOWS\system32\pxasmnrb.exe.vir Virus:Trj/Downloader.OZB Désinfecté C:\QooBox\Quarantine\C\WINDOWS\system32\vhemclgx.exe.vir Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- - 2007-07-19 7:56:55 - ComboFix 07-07-14.6 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\GUY\Bureau\CFScript.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\System32\aljrdbre.ini C:\WINDOWS\System32\atsvhjgm.ini C:\WINDOWS\System32\kpffrywb.ini C:\WINDOWS\System32\lgriyrnc.ini C:\WINDOWS\System32\lrfkpwuu.ini C:\WINDOWS\System32\ntbrwtnx.ini C:\WINDOWS\System32\oqtss.ini C:\WINDOWS\System32\qgfrtbgv.ini C:\WINDOWS\System32\qqdrdgla.ini C:\WINDOWS\System32\rllonxhp.ini C:\WINDOWS\System32\rlsflxwo.ini C:\WINDOWS\System32\ututv.tmp2 C:\WINDOWS\System32\vduywsky.ini ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 ))))))))))))))))))))))))))))))) 2007-07-18 12:01 853 --a------ C:\reboot.cmd 2007-07-18 12:01 68,096 --a------ C:\diff.exe 2007-07-18 12:01 103,424 --a------ C:\grep.exe 2007-07-17 12:50 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-07-17 12:50 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-07-17 12:49 29,728 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-07-17 12:49 2,696,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-07-17 12:49 <REP> d-------- C:\Program Files\Kaspersky Lab 2007-07-17 12:49 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-07-17 12:48 <REP> d-------- C:\kav 2007-07-17 10:15 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-16 00:07 <REP> d-------- C:\VundoFix Backups 2007-07-15 17:02 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-15 17:02 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-15 17:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-15 14:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-14 17:27 <REP> d-------- C:\WINDOWS\Prefetch 2007-07-13 13:15 <REP> d-------- C:\Program Files\QuickTime 2007-07-13 13:14 <REP> d-------- C:\Program Files\Apple Software Update 2007-07-13 13:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-07-10 23:10 53,248 -r------- C:\WINDOWS\system32\BrMfNt.dll 2007-07-10 23:10 53,248 --------- C:\WINDOWS\system32\BrNetSti.dll 2007-07-10 23:10 34,816 --------- C:\WINDOWS\system32\BrWiaNCp.dll 2007-07-10 23:10 31,744 --------- C:\WINDOWS\system32\Brnsplg.dll 2007-07-10 23:10 163,840 --------- C:\WINDOWS\system32\NSSearch.dll 2007-07-10 23:10 122,880 --------- C:\WINDOWS\system32\BrfxD05a.dll 2007-07-10 23:10 106,496 --------- C:\WINDOWS\system32\BrMuSNMP.dll 2007-07-10 23:10 0 --a------ C:\WINDOWS\brdfxspd.dat 2007-06-26 16:53 206,088 --a------ C:\WINDOWS\system32\klogon.dll 2007-06-26 16:52 22,457 --a------ C:\WINDOWS\system32\drivers\klop.dat (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-18 22:26:05 3,692 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-07-18 22:26:04 36,812 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-07-18 22:02:32 107,008 -c--a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-07-17 10:44:55 -------- d-----w C:\Program Files\Norton AntiVirus 2007-07-17 10:44:55 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-07-17 10:44:00 -------- d-----w C:\Program Files\Symantec 2007-07-15 17:47:21 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\Skype 2007-07-15 12:57:08 -------- d-----w C:\Program Files\3B Software 2007-07-14 15:19:22 -------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-07-13 11:20:33 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\Apple Computer 2007-07-12 22:24:16 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-07-12 07:02:04 84,122 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-12 07:02:04 507,486 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-10 21:11:37 50 ----a-w C:\WINDOWS\system32\bridf05a.dat 2007-07-06 12:31:04 -------- d-----w C:\Program Files\Windows Live Safety Center 2007-07-04 16:02:17 33,792 ----a-w C:\WINDOWS\system32\rundll32.exe 2007-07-04 15:44:09 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-17 14:50:09 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-06-17 14:40:10 -------- d-----w C:\Program Files\Pense-bete 2007-06-16 08:10:05 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\Lavasoft 2007-06-09 14:28:03 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\TaoUSign 2007-06-05 20:26:25 -------- d-----w C:\Program Files\Fichiers communs\Skype 2007-05-29 15:44:27 -------- d-----w C:\Program Files\LG PC Suite 2007-05-29 15:42:15 -------- d-----w C:\Program Files\LG Electronics 2007-05-29 14:41:50 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\LG Electronics 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-28 21:33:23 1,036,288 ----a-w C:\WINDOWS\explorer.exe 2007-04-28 19:48:53 47,887 ----a-w C:\WINDOWS\OptimizerXP.dll 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2005-10-24 19:43:16 59,720 -c----w C:\DOCUME~1\GUY\APPLIC~1\GDIPFONTCACHEV1.DAT 2005-08-21 10:23:59 5,832 -c----w C:\DOCUME~1\GUY\APPLIC~1\wklnhst.dat 2005-07-07 15:36:40 12 -c--a-w C:\Program Files\config.cfg ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "EditLevel"=0 (0x0) "NoClose"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoFileMenu"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoSharedDocuments"=00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc Usnsvc usnsvc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp Contents of the 'Scheduled Tasks' folder 2007-07-13 11:14:26 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-19 08:01:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-19 8:03:37 C:\ComboFix-quarantined-files.txt ... 2007-07-19 08:03 C:\ComboFix2.txt ... 2007-07-17 10:24 --- E O F ---

Bonsoir et merci encore Charles, c`est vraiment tres sympathique de ta part d`aller jusqu`au bout des choses. Je m`en occupe demain et je te tiens au courant, pas mecontent d`arrivee au bout

Bonjour Charles, escusez moi de ne pas l`avoir fait plutot mais voila je donne signe de vie, je post les deux rapports ci contre en esperant que je ne vais trop vous soumettre a contribution sans cesse. Petite precision que vous avez du remarquer, j`ai enleve Norton pour mettre Kaspersky. D`avance merci, DiagHelp version v1.1.2 - http://www.malekal.com excute le 18/07/2007 à 11:59:18,68 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\fidbox2.dat -->18/07/2007 11:56:47 C:\WINDOWS\System32/drivers\fidbox.dat -->18/07/2007 11:54:38 C:\WINDOWS\System32/drivers\fidbox2.idx -->18/07/2007 10:15:37 C:\WINDOWS\System32/drivers\fidbox.idx -->18/07/2007 10:15:36 C:\WINDOWS\System32/drivers\klin.dat -->17/07/2007 12:50:00 C:\WINDOWS\System32/drivers\klick.dat -->17/07/2007 12:50:00 C:\WINDOWS\System32/drivers\klop.dat -->26/06/2007 16:52:48 C:\WINDOWS\System32\OODBS.lor -->18/07/2007 11:54:08 C:\WINDOWS\System32\FNTCACHE.DAT -->17/07/2007 17:00:54 C:\WINDOWS\System32\oqtss.ini -->17/07/2007 02:03:06 C:\WINDOWS\System32\wpa.dbl -->15/07/2007 16:30:33 C:\WINDOWS\System32\PerfStringBackup.INI -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfh00C.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfh009.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfc00C.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfc009.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\swreg.exe -->11/07/2007 16:59:04 C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT -->11/07/2007 15:25:16 C:\WINDOWS\System32\bridf05a.dat -->10/07/2007 23:11:37 C:\WINDOWS\System32\ututv.tmp2 -->08/07/2007 20:03:16 C:\WINDOWS\System32\qgfrtbgv.ini -->08/07/2007 11:15:54 C:\WINDOWS\System32\vduywsky.ini -->08/07/2007 10:10:37 C:\WINDOWS\System32\lgriyrnc.ini -->08/07/2007 09:49:26 C:\WINDOWS\System32\rlsflxwo.ini -->08/07/2007 09:42:14 C:\WINDOWS\System32\ntbrwtnx.ini -->08/07/2007 09:35:00 C:\WINDOWS\System32\kpffrywb.ini -->08/07/2007 09:17:12 C:\WINDOWS\System32\qqdrdgla.ini -->08/07/2007 08:45:49 C:\WINDOWS\System32\lrfkpwuu.ini -->07/07/2007 08:46:33 C:\WINDOWS\System32\atsvhjgm.ini -->06/07/2007 13:44:55 C:\WINDOWS\System32\aljrdbre.ini -->06/07/2007 13:33:12 C:\WINDOWS\System32\rllonxhp.ini -->06/07/2007 10:30:32 C:\WINDOWS\System32\rundll32.exe -->04/07/2007 18:02:17 C:\WINDOWS\WindowsUpdate.log -->18/07/2007 11:55:12 C:\WINDOWS\wiadebug.log -->18/07/2007 11:54:28 C:\WINDOWS\wiaservc.log -->18/07/2007 11:54:18 C:\WINDOWS.log -->18/07/2007 11:54:15 C:\WINDOWS\bootstat.dat -->18/07/2007 11:54:13 C:\WINDOWS\SchedLgU.Txt -->18/07/2007 10:15:28 C:\WINDOWS\Sti_Trace.log -->16/07/2007 00:02:02 C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -->15/07/2007 17:30:25 C:\WINDOWS\QTFont.for -->15/07/2007 10:23:05 C:\WINDOWS\QTFont.qfn -->15/07/2007 10:23:04 C:\WINDOWS\Ultimate Cleaner.ico -->12/07/2007 21:14:13 C:\WINDOWS\Casino.ico -->12/07/2007 21:14:13 C:\WINDOWS\Spyware Remover.ico -->12/07/2007 21:14:11 C:\WINDOWS\win.ini -->11/07/2007 08:36:24 C:\WINDOWS\BRWMARK.INI -->10/07/2007 23:31:55 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\WINDOWS\system 17/07/2002 16:22 4 672 WOWPOST.EXE 1 fichier(s) 4 672 octets 0 Rép(s) 42 847 182 848 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\WINDOWS\system32 20/08/2004 01:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 42 847 182 848 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\WINDOWS\Downloaded Program Files 16/07/2007 10:31 <REP> . 16/07/2007 10:31 <REP> .. 27/07/2005 01:00 2 390 catalog.dat 16/06/2007 10:07 <REP> CONFLICT.1 16/07/2003 08:18 65 desktop.ini 25/07/2002 17:13 24 576 dwusplay.dll 25/07/2002 17:13 196 608 dwusplay.exe 27/07/2005 01:00 6 899 ecbootil.vxd 27/07/2005 01:00 210 552 ecmsvr32.dll 23/03/2007 12:17 1 292 erma.inf 03/05/2005 21:24 86 808 HPGetDownloadManager.ocx 08/07/2004 11:53 73 728 HPISComputerInfo.dll 08/07/2004 12:49 560 HPISComputerInfo.inf 16/10/2003 13:55 299 008 isusweb.dll 29/09/2004 13:21 740 jinstall-1_4_2_06.inf 11/10/2005 16:49 752 jinstall-1_5_0_05.inf 10/11/2005 14:05 876 jinstall-1_5_0_06.inf 26/07/2006 04:00 896 jinstall-1_5_0_08.inf 20/01/2000 16:25 1 162 Microsoft XML Parser for Java.osd 27/07/2005 01:00 124 576 naveng32.dll 27/07/2005 01:00 685 728 navex32a.dll 27/07/2005 01:00 91 264 scrauth.dat 10/05/2004 12:50 202 setup.inf 26/06/2006 19:21 169 672 SymAData.dll 27/07/2005 01:00 8 137 symaveng.cat 27/07/2005 01:00 901 symaveng.inf 27/07/2005 01:00 12 401 tcdefs.dat 27/07/2005 01:00 679 409 tcscan7.dat 27/07/2005 01:00 153 417 tcscan8.dat 27/07/2005 01:00 380 534 tcscan9.dat 27/07/2005 01:00 453 tinf.dat 27/07/2005 01:00 148 tinfidx.dat 27/07/2005 01:00 1 957 tinfl.dat 27/07/2005 01:00 38 531 tscan1.dat 27/07/2005 01:00 1 237 tscan1hd.dat 27/07/2005 01:00 5 516 v.grd 27/07/2005 01:00 2 225 v.sig 27/07/2005 01:00 106 244 virscan.inf 27/07/2005 01:00 953 660 virscan1.dat 27/07/2005 01:00 557 749 virscan2.dat 27/07/2005 01:00 145 136 virscan3.dat 27/07/2005 01:00 319 575 virscan4.dat 27/07/2005 01:00 1 052 511 virscan5.dat 27/07/2005 01:00 384 165 virscan6.dat 27/07/2005 01:00 2 399 158 virscan7.dat 27/07/2005 01:00 1 363 015 virscan8.dat 27/07/2005 01:00 2 496 002 virscan9.dat 27/07/2005 01:00 32 virscant.dat 31/07/2005 11:50 2 072 vscanmsx.dat 27/07/2005 01:00 224 zdone.dat 47 fichier(s) 13 042 763 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 16/06/2007 10:07 <REP> . 16/06/2007 10:07 <REP> .. 0 fichier(s) 0 octets Total des fichiers listés : 47 fichier(s) 13 042 763 octets 5 Rép(s) 42 847 178 752 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-18 12:00:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 212 - snmp.exe 236 - svchost.exe 304 - explorer.exe 800 - csrss.exe 824 - winlogon.exe 868 - services.exe 880 - lsass.exe 1036 - svchost.exe 1112 - svchost.exe 1164 - svchost.exe 1552 - alg.exe 1632 - brss01a.exe 1644 - spoolsv.exe 1748 - avp.exe 1760 - CDAC11BA.EXE 1912 - oodag.exe 2004 - hpzipm12.exe 2404 - Apoint.exe 2492 - avp.exe 2604 - UberIcon Manage 2612 - wcescomm.exe 2716 - ctfmon.exe 2744 - wmpnscfg.exe 2988 - ApntEx.exe 3044 - rapimgr.exe 3548 - OUTLOOK.EXE 3640 - cmd.exe Total number of processes = 28 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806FD000 - \WINDOWS\system32\hal.dll F8A36000 - \WINDOWS\system32\KDCOM.DLL F8946000 - \WINDOWS\system32\BOOTVID.dll F84E6000 - ACPI.sys F8A38000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F84D5000 - pci.sys F8536000 - isapnp.sys F8546000 - ohci1394.sys F8556000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F894A000 - compbatt.sys F894E000 - \WINDOWS\System32\DRIVERS\BATTC.SYS F8AFE000 - pciide.sys F87B6000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F8A3A000 - viaide.sys F8A3C000 - intelide.sys F84B7000 - pcmcia.sys F8566000 - MountMgr.sys F8498000 - ftdisk.sys F8952000 - ACPIEC.sys F8AFF000 - \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS F87BE000 - PartMgr.sys F8576000 - VolSnap.sys F8480000 - atapi.sys F8586000 - disk.sys F8596000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F8460000 - fltmgr.sys F844E000 - sr.sys F8437000 - KSecDD.sys F83AA000 - Ntfs.sys F837D000 - NDIS.sys F8362000 - Mup.sys F8346000 - kl1.sys F87C6000 - \WINDOWS\system32\drivers\TDI.SYS F8956000 - tiumflt.sys F895A000 - atisgkaf.sys F86A6000 - \SystemRoot\System32\DRIVERS\intelppm.sys F830E000 - \SystemRoot\System32\DRIVERS\wmiacpi.sys F7032000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys F701E000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F891E000 - \SystemRoot\System32\DRIVERS\usbohci.sys F6FFB000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F86B6000 - \SystemRoot\System32\DRIVERS\imapi.sys F86C6000 - \SystemRoot\System32\Drivers\AFS2K.SYS F86D6000 - \SystemRoot\System32\DRIVERS\cdrom.sys F86E6000 - \SystemRoot\System32\DRIVERS\redbook.sys F6FD8000 - \SystemRoot\System32\DRIVERS\ks.sys F86F6000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F8926000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F6FC1000 - \SystemRoot\System32\DRIVERS\Apfiltr.sys F892E000 - \SystemRoot\System32\DRIVERS\mouclass.sys F8936000 - \SystemRoot\System32\DRIVERS\fdc.sys F6FAD000 - \SystemRoot\System32\DRIVERS\parport.sys F8302000 - \SystemRoot\System32\DRIVERS\CmBatt.sys F6F19000 - \SystemRoot\System32\DRIVERS\bcmwl5.sys F893E000 - \SystemRoot\system32\drivers\tiumfwl.sys F87D6000 - \SystemRoot\System32\DRIVERS\usbehci.sys F6E83000 - \SystemRoot\system32\drivers\smwdm.sys F6E5F000 - \SystemRoot\system32\drivers\portcls.sys F8716000 - \SystemRoot\system32\drivers\drmk.sys F6E47000 - \SystemRoot\system32\drivers\aeaudio.sys F6D42000 - \SystemRoot\System32\DRIVERS\AGRSM.sys F87EE000 - \SystemRoot\System32\Drivers\Modem.SYS F8B11000 - \SystemRoot\System32\DRIVERS\audstub.sys F87FE000 - \SystemRoot\System32\DRIVERS\rasirda.sys F7154000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F749E000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F6CEB000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F7144000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F7134000 - \SystemRoot\System32\DRIVERS\raspptp.sys F6CDA000 - \SystemRoot\System32\DRIVERS\psched.sys F7124000 - \SystemRoot\System32\DRIVERS\msgpc.sys F8806000 - \SystemRoot\System32\DRIVERS\ptilink.sys F880E000 - \SystemRoot\System32\DRIVERS\raspti.sys F7114000 - \SystemRoot\System32\DRIVERS\termdd.sys F8A86000 - \SystemRoot\System32\DRIVERS\swenum.sys F6C70000 - \SystemRoot\System32\DRIVERS\update.sys F7496000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F70F4000 - \SystemRoot\System32\Drivers\NDProxy.SYS F8786000 - \SystemRoot\System32\DRIVERS\usbhub.sys F8A8C000 - \SystemRoot\System32\DRIVERS\USBD.SYS F8AB0000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8B67000 - \SystemRoot\System32\Drivers\Null.SYS F8AB2000 - \SystemRoot\System32\Drivers\Beep.SYS F8846000 - \SystemRoot\System32\drivers\vga.sys F8AB4000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8AB6000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F884E000 - \SystemRoot\System32\Drivers\Msfs.SYS F8856000 - \SystemRoot\System32\Drivers\Npfs.SYS F8A0E000 - \SystemRoot\System32\DRIVERS\rasacd.sys F0407000 - \SystemRoot\System32\DRIVERS\ipsec.sys F03AF000 - \SystemRoot\System32\DRIVERS\tcpip.sys F0387000 - \SystemRoot\System32\DRIVERS\netbt.sys F0366000 - \SystemRoot\System32\DRIVERS\ipnat.sys F85C6000 - \SystemRoot\System32\DRIVERS\wanarp.sys F028E000 - \SystemRoot\system32\DRIVERS\tcpip6.sys F026C000 - \SystemRoot\System32\drivers\afd.sys F885E000 - \SystemRoot\system32\drivers\ip6fw.sys F85D6000 - \SystemRoot\System32\DRIVERS\netbios.sys F0241000 - \SystemRoot\System32\DRIVERS\rdbss.sys F01D2000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F0195000 - \??\C:\WINDOWS\system32\drivers\klif.sys F8606000 - \SystemRoot\System32\Drivers\Fips.SYS F8AB8000 - \??\C:\WINDOWS\System32\drivers\EABFiltr.sys F6D3A000 - \SystemRoot\System32\DRIVERS\hidusb.sys F8616000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS F886E000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F6D36000 - \SystemRoot\System32\DRIVERS\mouhid.sys F02F6000 - \SystemRoot\System32\Drivers\Cdfs.SYS EE5D4000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8A60000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys EFD81000 - \SystemRoot\System32\drivers\Dxapi.sys F88F6000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F8B2A000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA3B000 - \SystemRoot\System32\ati3duag.dll BFB8C000 - \SystemRoot\System32\ativvaxx.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL EE546000 - \SystemRoot\System32\DRIVERS\irda.sys EE5C8000 - \SystemRoot\System32\DRIVERS\ndisuio.sys EE311000 - \SystemRoot\System32\DRIVERS\mrxdav.sys EE83B000 - \SystemRoot\System32\Drivers\ParVdm.SYS EE4DA000 - \SystemRoot\System32\drivers\aspi32.sys EE4D2000 - \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS EE2A8000 - \SystemRoot\System32\Drivers\HTTP.sys EE243000 - \SystemRoot\system32\drivers\wdmaud.sys EE456000 - \SystemRoot\system32\drivers\sysaudio.sys EE0FF000 - \SystemRoot\System32\DRIVERS\srv.sys ED7E6000 - \SystemRoot\system32\drivers\kmixer.sys F8B23000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 132 Liste des programmes installes Adobe Common File Installer Adobe Flash Player ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Photoshop CS2 Adobe Reader 8.1.0 - Français Adobe Stock Photos 1.0 Apple Software Update Archiveur WinRAR ATI - Utilitaire de désinstallation du logiciel ATI Control Panel ATI Display Driver Bibliorom Broadcom 802.11 Wireless LAN Adapter Brother MFL-Pro Suite C-Media USB WDM Audio Driver CCleaner (remove only) Cda Product Service - shared component Client Windows Rights Management avec Service Pack 2 Connexion Facile à Internet Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB890923 DVD Shrink 3.2 Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP FreeGo 3 GdiplusUpgrade Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB909394) HP Help and Support HP Software Update InterVideo WinDVD Java SE Runtime Environment 6 Update 1 Kaspersky Anti-Virus 7.0 Kaspersky Anti-Virus 7.0 Lecteur Windows Media 11 Lexibase Standard LG PhoneManager LG SyncManager LG USB Modem driver Logiciel QuickCam de Logitech Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 French Language Pack Microsoft ActiveSync 4.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (French) 2007 Microsoft Office Excel MUI (French) 2007 Microsoft Office InfoPath MUI (French) 2007 Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Publisher MUI (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Picture It! Photo Premium 9 Microsoft Reader Text-to-Speech pour le français Microsoft Software Update for Web Folders (French) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB912945) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 6.0 Parser Nero 7 Demo O&O Defrag Professional Edition Package de base Microsoft de service de chiffrement pour cartes à puce PaperPort PCI 1620 Cardbus Controller and Software PDFCreator Pilotes ATI Programme de gestion Camera de Logitech® QFolder Quick Launch Buttons 5.10 B5 QuickTime Real Alternative 1.52 Realtek RTL8139/810x Fast Ethernet NIC Driver Setup Scan Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB936509) Security Update for Office 2007 (KB934062) Security Update for Office 2007 (KB936514) Security Update for Publisher 2007 (KB936646) Security Update pour Microsoft .NET Framework 2.0 (KB928365) Shockwave Skype™ 3.2 SoundMAX SP2 de compatibilité descendante du client Windows Rights Management Spelling Dictionaries Support For Adobe Reader 8 Spybot - Search & Destroy 1.4 TuneUp Utilities 2007 UberIcon 1.0.3 Update for Office 2007 (KB932080) Update for Office 2007 (KB934391) Update for Office 2007 (KB934393) Update for Outlook 2007 (KB937608) Update for Outlook 2007 Junk Email Filter (kb936558) Update for Word 2007 (KB934173) Utilitaire de sauvegarde Windows Windows Communication Foundation Windows Communication Foundation Language Pack - FRA Windows Genuine Advantage v1.3.0254.0 Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live OneCare safety scanner Windows Live Sign-in Assistant Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Workflow Foundation Windows Workflow Foundation FR Language Pack Windows XP Service Pack 2 WinPcap 4.0 alpha1 XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\Program Files 17/07/2007 12:49 <REP> . 17/07/2007 12:49 <REP> .. 15/07/2007 14:57 <REP> 3B Software 06/06/2007 22:08 <REP> Adobe 27/09/2006 17:27 <REP> Ahead 13/01/2005 23:00 <REP> Analog Devices 20/01/2007 22:00 <REP> Apoint2K 13/07/2007 13:14 <REP> Apple Software Update 13/01/2005 23:15 <REP> ATI Technologies 18/10/2006 21:35 <REP> Brother 10/01/2007 21:03 <REP> CCleaner 18/10/2006 21:34 <REP> Common Files 07/07/2005 17:36 12 config.cfg 14/02/2006 21:38 <REP> DVD Shrink 17/07/2007 16:05 <REP> Fichiers communs 14/12/2006 21:54 <REP> Free 17/02/2007 12:58 <REP> FreeGo 11/01/2007 23:15 <REP> HardwareDetection 21/10/2006 11:35 <REP> Hewlett-Packard 16/04/2005 22:00 <REP> HighMAT CD Writing Wizard 21/10/2006 11:34 <REP> HP 09/09/2006 22:51 <REP> HPQ 13/06/2007 18:46 <REP> Internet Explorer 13/01/2005 23:20 <REP> InterVideo 07/05/2007 17:37 <REP> Java 17/07/2007 12:49 <REP> Kaspersky Lab 29/05/2007 17:42 <REP> LG Electronics 29/05/2007 17:44 <REP> LG PC Suite 24/04/2005 11:23 <REP> Logitech 30/03/2007 21:02 <REP> Media Player Classic 08/02/2005 22:27 <REP> Messenger 22/10/2006 21:36 <REP> Microsoft ActiveSync 19/11/2006 20:03 <REP> Microsoft Baseline Security Analyzer 08/05/2007 23:14 <REP> Microsoft CAPICOM 2.1.0.2 24/08/2005 22:43 <REP> microsoft frontpage 08/03/2007 22:56 <REP> Microsoft Office 07/06/2005 21:19 <REP> Microsoft Picture It! 9 05/05/2007 22:12 <REP> Microsoft Référence 08/03/2007 22:56 <REP> Microsoft Visual Studio 08/03/2007 22:43 <REP> Microsoft Visual Studio 8 08/03/2007 22:58 <REP> Microsoft Works 23/11/2005 22:36 <REP> Microsoft.NET 14/10/2004 20:43 <REP> Movie Maker 08/03/2007 22:57 <REP> MSBuild 28/03/2006 21:55 <REP> MSN 13/05/2004 20:10 <REP> MSN Gaming Zone 20/08/2006 12:44 <REP> MSN Messenger 26/04/2007 22:46 <REP> MSXML 6.0 27/09/2006 17:32 <REP> Nero 05/05/2007 22:12 <REP> NetMeeting 17/07/2007 12:44 <REP> Norton AntiVirus 09/03/2007 22:35 <REP> OO Software 13/06/2007 18:42 <REP> Outlook Express 05/05/2007 22:12 <REP> PDFCreator 17/06/2007 16:40 <REP> Pense-bete 13/07/2007 13:18 <REP> QuickTime 30/03/2007 21:02 <REP> Real Alternative 30/01/2007 22:04 <REP> Reference Assemblies 18/10/2006 21:07 <REP> ScanSoft 08/08/2006 21:27 <REP> Services en ligne 25/03/2007 18:11 <REP> Skype 11/11/2005 18:54 <REP> Softissimo 15/07/2007 14:55 <REP> Spybot - Search & Destroy 17/07/2007 12:44 <REP> Symantec 14/07/2007 17:19 <REP> TuneUp Utilities 2007 05/05/2007 09:06 <REP> UberIcon 06/07/2007 14:31 <REP> Windows Live Safety Center 30/11/2005 23:34 <REP> Windows Media Connect 28/11/2006 22:57 <REP> Windows Media Connect 2 28/11/2006 22:57 <REP> Windows Media Player 28/03/2006 21:59 <REP> Windows NT 17/02/2007 12:58 <REP> WinPcap 23/01/2007 21:48 <REP> WinRAR 13/05/2004 20:10 <REP> xerox 1 fichier(s) 12 octets 73 Rép(s) 42 846 629 888 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\Program Files\fichiers communs 17/07/2007 16:05 <REP> . 17/07/2007 16:05 <REP> .. 13/08/2006 15:55 <REP> Acronis 06/06/2007 22:08 <REP> Adobe 24/09/2006 15:10 <REP> Adobe Systems Shared 27/09/2006 17:37 <REP> Ahead 08/05/2005 20:53 <REP> AOL 17/07/2007 16:05 <REP> DESIGNER 13/05/2004 13:12 <REP> Hewlett-Packard 13/05/2004 13:10 <REP> HP 18/10/2006 21:34 <REP> InstallShield 04/12/2004 23:37 <REP> Java 03/07/2006 21:27 <REP> L&H 24/04/2005 11:23 <REP> Logitech 05/01/2005 23:11 <REP> Macrovision Shared 17/07/2007 16:08 <REP> Microsoft Shared 13/05/2004 20:10 <REP> MSSoap 24/03/2005 22:37 <REP> ODBC 25/07/2005 18:43 <REP> Real 18/10/2006 21:08 <REP> ScanSoft Shared 08/06/2006 20:28 <REP> Services 05/06/2007 22:26 <REP> Skype 13/05/2004 20:10 <REP> SpeechEngines 17/07/2007 12:44 <REP> Symantec Shared 13/06/2007 18:42 <REP> System 13/07/2007 00:24 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 26 Rép(s) 42 846 625 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 08/03/2007 23:10 <REP> . 08/03/2007 23:10 <REP> .. 23/11/2005 22:37 <REP> 1033 08/03/2007 23:14 <REP> 1036 26/10/2006 20:49 970 528 MSONSEXT.DLL 26/10/2006 21:12 40 256 MSOSV.DLL 03/06/1999 09:09 122 937 MSOWS409.DLL 07/03/2001 04:00 127 033 MSOWS40c.DLL 11/07/2003 03:25 80 448 PKMWS.DLL 18/03/1999 07:37 593 977 RAGENT.DLL 6 fichier(s) 1 935 179 octets 4 Rép(s) 42 846 625 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\Program Files\common files 18/10/2006 21:34 <REP> . 18/10/2006 21:34 <REP> .. 18/10/2006 21:34 <REP> InstallShield 10/02/2005 23:12 <REP> Motive 0 fichier(s) 0 octets 4 Rép(s) 42 846 625 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 42 846 625 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\ c:\Documents and Settings\All Users\Application Data\BeInSync Settings\BeInSync_Setup.exe c:\Documents and Settings\All Users\Application Data\BeInSync Settings\BISUninstall.exe c:\Documents and Settings\All Users\Application Data\BeInSync Settings\RestartMsg.exe c:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe c:\Documents and Settings\GUY\Bureau\ComboFix.exe c:\Documents and Settings\GUY\Bureau\VundoFix.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\diff.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\find2.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\grep.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\streams.exe c:\Documents and Settings\GUY\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\GUY\Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\WindowsUpdateAgent20-x86.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\BootVis-Tool.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\error_killer_7B89-9806-01C8-27C9.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\kaspersky7.0.0.124fr.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\LexibaseCollinsFrEn_XIFR8-77L7W-LWLIO-VN0NG.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\NAV061200FR_NORTON 06.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\NAV071400FR.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\NORTON 06.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\OODefrag_FRA_V85.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\pdfcreator_pdfcreator_0.9.3_francais_11085.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\Pense-bête_ Mise à jour.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\Pense-bête_agenda.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\realalt152.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\Registry_Repair_pro.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\setup NORTON 07.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\spybot-search-destroy_spybot_-_search_destroy_1.4_francais_10965.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\Tune up_2007TrialFR.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\UberIcon-v1.0.3.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\VisuIco.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\winoptimizerplatinum320_se_AWPSC0-7703C5-83AEE1.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\wrar362fr.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\oodefrag_DPD1-0G9I-U062-S638-2CKU\oodpe_6_5_851_fra.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\ScanSoft converter 3 pro\French\PDFProfessional\instmsia.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\ScanSoft converter 3 pro\French\PDFProfessional\instmsiw.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\ScanSoft converter 3 pro\French\PDFProfessional\setup.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\ScanSoft converter 3 pro\French\PDFProfessional\Tools\MkMst.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\ScanSoft converter 3 pro\French\PDFProfessional\Tools\OPDIRDEL.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\ScanSoft converter 3 pro\French\PDFProfessional\Tools\Remover.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\SupportPlusFR_software_V3\France_4in_RS200MHz\Alturion GPS.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\SupportPlusFR_software_V3\France_4in_RS200MHz\ReleaseGPS.exe c:\Documents and Settings\GUY\Mes documents\Mes logiciels\SupportPlusFR_software_V3\France_4in_RS200MHz\ShutDown.exe c:\Documents and Settings\All Users\Application Data\BeInSync Settings\mfc71u.dll c:\Documents and Settings\All Users\Application Data\BeInSync Settings\msvcr71.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\GUY\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\GUY\Application Data\OfficeUpdate12\oudetect.dll c:\Documents and Settings\GUY\Application Data\TaoUSign\jseccapi.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 12:04:13, on 18/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Apoint2K\Apntex.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\WINDOWS\system32\LVComsX.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\GUY\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdat...ault.aspx?ln=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Traduire la page avec Google - C:\Documents and Settings\GUY\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Merci Charles, je le fait le plus tot possible

Bonsoir Charles, je me permet un petit Up car je vais etre absent dans les prochains jours, merci de votre aide. Cordialement. almiros

Bonjour Charles, je vous post le rapport combofix ci dessous, ce matin demarrage du pc et plein de nouvelles dll Merci de votre aide. - 2007-07-17 10:15:44 - ComboFix 07-07-14.6 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\iifebax.dll C:\WINDOWS\system32\khfdcda.dll C:\WINDOWS\system32\pmnnkhg.dll C:\WINDOWS\system32\ssqnonn.dll C:\WINDOWS\system32\iifebax.dll C:\WINDOWS\system32\khfdcda.dll C:\WINDOWS\system32\pmnnkhg.dll C:\WINDOWS\system32\ssqnonn.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\bvpfqatb.exe C:\WINDOWS\system32\fwnxnumo.exe C:\WINDOWS\system32\iixdvuca.exe C:\WINDOWS\system32\jcfvadoq.exe C:\WINDOWS\system32\pxasmnrb.exe C:\WINDOWS\system32\syswin.exe C:\WINDOWS\system32\vhemclgx.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_IPRIP -------\Iprip ((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 ))))))))))))))))))))))))))))))) 2007-07-17 10:15 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-17 01:55 6,369 ---hs---- C:\WINDOWS\system32\oqtss.bak1 2007-07-16 00:07 <REP> d-------- C:\VundoFix Backups 2007-07-15 17:02 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-15 17:02 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-15 17:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-15 14:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-14 17:27 <REP> d-------- C:\WINDOWS\Prefetch 2007-07-13 13:15 <REP> d-------- C:\Program Files\QuickTime 2007-07-13 13:14 <REP> d-------- C:\Program Files\Apple Software Update 2007-07-13 13:14 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple 2007-07-10 23:10 53,248 -r------- C:\WINDOWS\system32\BrMfNt.dll 2007-07-10 23:10 53,248 --------- C:\WINDOWS\system32\BrNetSti.dll 2007-07-10 23:10 34,816 --------- C:\WINDOWS\system32\BrWiaNCp.dll 2007-07-10 23:10 31,744 --------- C:\WINDOWS\system32\Brnsplg.dll 2007-07-10 23:10 163,840 --------- C:\WINDOWS\system32\NSSearch.dll 2007-07-10 23:10 122,880 --------- C:\WINDOWS\system32\BrfxD05a.dll 2007-07-10 23:10 106,496 --------- C:\WINDOWS\system32\BrMuSNMP.dll 2007-07-10 23:10 0 --a------ C:\WINDOWS\brdfxspd.dat 2007-06-17 16:50 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-16 23:58:17 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-07-15 17:47:21 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\Skype 2007-07-15 12:57:08 -------- d-----w C:\Program Files\3B Software 2007-07-14 15:19:22 -------- d-----w C:\Program Files\TuneUp Utilities 2007 2007-07-13 11:20:33 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\Apple Computer 2007-07-12 22:24:16 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-07-12 07:02:04 84,122 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-12 07:02:04 507,486 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-11 13:25:16 107,008 -c--a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT 2007-07-10 21:11:37 50 ----a-w C:\WINDOWS\system32\bridf05a.dat 2007-07-06 12:31:04 -------- d-----w C:\Program Files\Windows Live Safety Center 2007-07-04 16:02:17 33,792 ----a-w C:\WINDOWS\system32\rundll32.exe 2007-07-04 15:44:09 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-17 14:40:10 -------- d-----w C:\Program Files\Pense-bete 2007-06-16 08:10:05 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\Lavasoft 2007-06-09 14:28:03 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\TaoUSign 2007-06-05 20:26:25 -------- d-----w C:\Program Files\Fichiers communs\Skype 2007-05-29 15:44:27 -------- d-----w C:\Program Files\LG PC Suite 2007-05-29 15:42:15 -------- d-----w C:\Program Files\LG Electronics 2007-05-29 14:41:50 -------- d-----w C:\DOCUME~1\GUY\APPLIC~1\LG Electronics 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-28 21:33:23 1,036,288 ----a-w C:\WINDOWS\explorer.exe 2007-04-28 19:48:53 47,887 ----a-w C:\WINDOWS\OptimizerXP.dll 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2005-10-24 19:43:16 59,720 -c----w C:\DOCUME~1\GUY\APPLIC~1\GDIPFONTCACHEV1.DAT 2005-08-21 10:23:59 5,832 -c----w C:\DOCUME~1\GUY\APPLIC~1\wklnhst.dat 2005-07-07 15:36:40 12 -c--a-w C:\Program Files\config.cfg ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40] "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "EditLevel"=0 (0x0) "NoClose"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoFileMenu"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoSharedDocuments"=00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe "Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc Usnsvc usnsvc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp Contents of the 'Scheduled Tasks' folder 2007-07-13 11:14:26 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-07-06 17:00:41 C:\WINDOWS\tasks\Norton AntiVirus - Analyse système complète - GUY.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-17 10:23:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-17 10:24:54 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-17 10:24 --- E O F ---

Mes escuses Charles mais n`etant pas souvent devant le pc, merci encore du devouement sincerement. Rapport Vundo ----------------- VundoFix V6.5.4 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.4.2.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 00:07:15 16/07/2007 Listing files found while scanning.... C:\windows\system32\ofepayvm.dll C:\WINDOWS\system32\oqstv.bak1 C:\WINDOWS\system32\oqstv.ini C:\WINDOWS\system32\vtsqo.dll Beginning removal... Attempting to delete C:\windows\system32\ofepayvm.dll C:\windows\system32\ofepayvm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\oqstv.bak1 C:\WINDOWS\system32\oqstv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\oqstv.ini C:\WINDOWS\system32\oqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vtsqo.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\oqstv.ini C:\WINDOWS\system32\oqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vtsqo.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.4.2.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 08:05:37 16/07/2007 Listing files found while scanning.... C:\windows\system32\hqqsjxha.dll C:\WINDOWS\system32\hqqsjxha.dll__BHODemonDisabled C:\WINDOWS\system32\oqstv.ini C:\WINDOWS\system32\vtsqo.dll Beginning removal... Attempting to delete C:\windows\system32\hqqsjxha.dll C:\windows\system32\hqqsjxha.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\oqstv.ini C:\WINDOWS\system32\oqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vtsqo.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.4.2.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 08:18:49 16/07/2007 Listing files found while scanning.... C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\yycdd.bak1 C:\WINDOWS\system32\yycdd.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\ddcyy.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\yycdd.bak1 C:\WINDOWS\system32\yycdd.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\yycdd.ini C:\WINDOWS\system32\yycdd.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\ddcyy.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.4.2.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 08:57:14 16/07/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.4.2.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 09:37:50 16/07/2007 Listing files found while scanning.... C:\WINDOWS\system32\npqss.bak1 C:\WINDOWS\system32\npqss.ini C:\WINDOWS\system32\ssqpn.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\npqss.bak1 C:\WINDOWS\system32\npqss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\npqss.ini C:\WINDOWS\system32\npqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\ssqpn.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\ssqpn.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.6 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Java version is 1.4.2.6 Old versions of java are exploitable and should be removed. Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Scan started at 18:57:27 16/07/2007 Listing files found while scanning.... C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\nqtwa.bak1 C:\WINDOWS\system32\nqtwa.ini2 C:\WINDOWS\system32\nqtwa.tmp Beginning removal... Attempting to delete C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\awtqn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nqtwa.bak1 C:\WINDOWS\system32\nqtwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\nqtwa.ini2 C:\WINDOWS\system32\nqtwa.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\nqtwa.tmp C:\WINDOWS\system32\nqtwa.tmp Has been deleted! Performing Repairs to the registry. Done! Fichier DailHelp ------------------ DiagHelp version v1.1.2 - http://www.malekal.com excute le 16/07/2007 à 18:23:38,01 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\update.sys -->23/04/2007 12:32:54 C:\WINDOWS\System32/drivers\COH_Mon.cat -->15/03/2007 23:37:34 C:\WINDOWS\System32/drivers\COH_Mon.inf -->12/03/2007 11:19:08 C:\WINDOWS\System32/drivers\COH_Mon.sys -->20/02/2007 18:05:48 C:\WINDOWS\System32/drivers\ntfs.sys -->09/02/2007 13:10:35 C:\WINDOWS\System32/drivers\srtspx.inf -->12/01/2007 19:02:18 C:\WINDOWS\System32/drivers\srtspx.cat -->12/01/2007 19:02:18 C:\WINDOWS\System32\nqtwa.ini -->16/07/2007 18:23:38 C:\WINDOWS\System32\ssqnonn.dll -->16/07/2007 18:23:09 C:\WINDOWS\System32\OODBS.lor -->16/07/2007 18:15:06 C:\WINDOWS\System32\nqtwa.bak1 -->16/07/2007 10:50:26 C:\WINDOWS\System32\awtqn.dll -->16/07/2007 10:50:17 C:\WINDOWS\System32\khfdcda.dll -->16/07/2007 08:56:19 C:\WINDOWS\System32\pmnnkhg.dll -->15/07/2007 19:43:52 C:\WINDOWS\System32\jcfvadoq.exe -->15/07/2007 16:56:39 C:\WINDOWS\System32\wvuvsts.dll -->15/07/2007 16:47:49 C:\WINDOWS\System32\wpa.dbl -->15/07/2007 16:30:33 C:\WINDOWS\System32\pxasmnrb.exe -->15/07/2007 07:48:38 C:\WINDOWS\System32\vhemclgx.exe -->14/07/2007 15:38:55 C:\WINDOWS\System32\fwnxnumo.exe -->13/07/2007 23:44:21 C:\WINDOWS\System32\bvpfqatb.exe -->13/07/2007 00:28:46 C:\WINDOWS\System32\syswin.exe -->12/07/2007 21:09:09 C:\WINDOWS\System32\iixdvuca.exe -->12/07/2007 21:01:43 C:\WINDOWS\System32\PerfStringBackup.INI -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfh00C.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfh009.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfc00C.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\perfc009.dat -->12/07/2007 09:02:04 C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT -->11/07/2007 15:25:16 C:\WINDOWS\System32\FNTCACHE.DAT -->11/07/2007 09:33:54 C:\WINDOWS\System32\bridf05a.dat -->10/07/2007 23:11:37 C:\WINDOWS\System32\ututv.tmp2 -->08/07/2007 20:03:16 C:\WINDOWS\wiadebug.log -->16/07/2007 18:16:20 C:\WINDOWS\WindowsUpdate.log -->16/07/2007 18:15:43 C:\WINDOWS\wiaservc.log -->16/07/2007 18:15:40 C:\WINDOWS.log -->16/07/2007 18:15:19 C:\WINDOWS\bootstat.dat -->16/07/2007 18:15:17 C:\WINDOWS\SchedLgU.Txt -->16/07/2007 11:19:46 C:\WINDOWS\Sti_Trace.log -->16/07/2007 00:02:02 C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -->15/07/2007 17:30:25 C:\WINDOWS\QTFont.for -->15/07/2007 10:23:05 C:\WINDOWS\QTFont.qfn -->15/07/2007 10:23:04 C:\WINDOWS\Ultimate Cleaner.ico -->12/07/2007 21:14:13 C:\WINDOWS\Casino.ico -->12/07/2007 21:14:13 C:\WINDOWS\Spyware Remover.ico -->12/07/2007 21:14:11 C:\WINDOWS\win.ini -->11/07/2007 08:36:24 C:\WINDOWS\BRWMARK.INI -->10/07/2007 23:31:55 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\WINDOWS\system 17/07/2002 16:22 4 672 WOWPOST.EXE 1 fichier(s) 4 672 octets 0 Rép(s) 42 879 000 576 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\WINDOWS\system32 20/08/2004 01:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 42 879 000 576 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 7155-322C Répertoire de C:\WINDOWS\Downloaded Program Files 16/07/2007 10:31 <REP> . 16/07/2007 10:31 <REP> .. 27/07/2005 01:00 2 390 catalog.dat 16/06/2007 10:07 <REP> CONFLICT.1 16/07/2003 08:18 65 desktop.ini 25/07/2002 17:13 24 576 dwusplay.dll 25/07/2002 17:13 196 608 dwusplay.exe 27/07/2005 01:00 6 899 ecbootil.vxd 27/07/2005 01:00 210 552 ecmsvr32.dll 23/03/2007 12:17 1 292 erma.inf 03/05/2005 21:24 86 808 HPGetDownloadManager.ocx 08/07/2004 11:53 73 728 HPISComputerInfo.dll 08/07/2004 12:49 560 HPISComputerInfo.inf 16/10/2003 13:55 299 008 isusweb.dll 29/09/2004 13:21 740 jinstall-1_4_2_06.inf 11/10/2005 16:49 752 jinstall-1_5_0_05.inf 10/11/2005 14:05 876 jinstall-1_5_0_06.inf 26/07/2006 04:00 896 jinstall-1_5_0_08.inf 20/01/2000 16:25 1 162 Microsoft XML Parser for Java.osd 27/07/2005 01:00 124 576 naveng32.dll 27/07/2005 01:00 685 728 navex32a.dll 27/07/2005 01:00 91 264 scrauth.dat 10/05/2004 12:50 202 setup.inf 26/06/2006 19:21 169 672 SymAData.dll 27/07/2005 01:00 8 137 symaveng.cat 27/07/2005 01:00 901 symaveng.inf 27/07/2005 01:00 12 401 tcdefs.dat 27/07/2005 01:00 679 409 tcscan7.dat 27/07/2005 01:00 153 417 tcscan8.dat 27/07/2005 01:00 380 534 tcscan9.dat 27/07/2005 01:00 453 tinf.dat 27/07/2005 01:00 148 tinfidx.dat 27/07/2005 01:00 1 957 tinfl.dat 27/07/2005 01:00 38 531 tscan1.dat 27/07/2005 01:00 1 237 tscan1hd.dat 27/07/2005 01:00 5 516 v.grd 27/07/2005 01:00 2 225 v.sig 27/07/2005 01:00 106 244 virscan.inf 27/07/2005 01:00 953 660 virscan1.dat 27/07/2005 01:00 557 749 virscan2.dat 27/07/2005 01:00 145 136 virscan3.dat 27/07/2005 01:00 319 575 virscan4.dat 27/07/2005 01:00 1 052 511 virscan5.dat 27/07/2005 01:00 384 165 virscan6.dat 27/07/2005 01:00 2 399 158 virscan7.dat 27/07/2005 01:00 1 363 015 virscan8.dat 27/07/2005 01:00 2 496 002 virscan9.dat 27/07/2005 01:00 32 virscant.dat 31/07/2005 11:50 2 072 vscanmsx.dat 27/07/2005 01:00 224 zdone.dat 47 fichier(s) 13 042 763 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 16/06/2007 10:07 <REP> . 16/06/2007 10:07 <REP> .. 0 fichier(s) 0 octets Total des fichiers listés : 47 fichier(s) 13 042 763 octets 5 Rép(s) 42 878 996 480 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows® NetMeeting®" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Exécuter une DLL en tant qu'application" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Disabled:Microsoft ® HTML Application host" "C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Disabled:HP Software Update Client" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Video\\Launcher.exe"="C:\\Program Files\\Logitech\\Video\\Launcher.exe:*:Disabled:Logitech QuickCam" "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... REGEDIT4 [taskmgr.exe]

Bonjour Charles, la suite, apres la manip, Spybot detecte virtumonde...et tous les fichiers Vundo reviennent instantanements Merci pour l`aide Charles Logfile of HijackThis v1.99.1 Scan saved at 10:10:32, on 16/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\GUY\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdat...ault.aspx?ln=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3499C256-C196-4257-A4EE-1763F60AB0BD} - (no file) O2 - BHO: (no name) - {3F4F125D-F31E-4D37-AC35-E50128670469} - C:\WINDOWS\system32\wvuvsts.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Traduire la page avec Google - C:\Documents and Settings\GUY\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: winyvn32 - C:\WINDOWS\SYSTEM32\winyvn32.dll O20 - Winlogon Notify: wvuvsts - C:\WINDOWS\SYSTEM32\wvuvsts.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-16 18:26:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0

Merci charles, je fais ca demain et je te tiens au courant Sincerement

Bonjour a tous, Le PC a ete contamine par Trojan.Win32.Dialer.qn et un autre du style winlau... Scan online KIS fait car le pc est dote de Norton qui n`a rien vu, CCleaner ensuite, Easycleaner, Spybot et le PC est toujours lent, si une personne peut jeter un oeil aux differents rapports je lui sera reconnaissant. Il y a t`il des processus de demarrage inutile aussi ? Merci, Logfile of HijackThis v1.99.1 Scan saved at 19:05:59, on 15/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\GUY\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\GUY\LOCALS~1\Temp\Rar$EX01.203\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\GUY\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdat...ault.aspx?ln=fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0978FB19-10BD-438E-8D53-EAA99A16ECB0} - (no file) O2 - BHO: (no name) - {0F3C5BA3-26AE-4870-A839-821309ED01DE} - (no file) O2 - BHO: (no name) - {3F4F125D-F31E-4D37-AC35-E50128670469} - C:\WINDOWS\system32\wvuvsts.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {838F3CBC-43A9-4D39-B87D-7D9DEDC15807} - (no file) O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\hqqsjxha.dll O2 - BHO: (no name) - {A8E5FB18-B6F6-4B55-BD7F-495327E7E400} - (no file) O2 - BHO: (no name) - {C87ADBCF-39B2-4369-8BBE-9B0767B30815} - (no file) O2 - BHO: (no name) - {E2D11E86-B6FE-442F-92E5-02C7BB470B73} - (no file) O2 - BHO: (no name) - {EC426657-9012-4B0A-BE04-930D4FAC908A} - C:\WINDOWS\system32\vtsqo.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Traduire la page avec Google - C:\Documents and Settings\GUY\Application Data\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop O16 - DPF: {00000005-0000-0000-0000-100009000004} - http://c.imputati.com/l/0ebc32a4a17387a7d5...19c15c29_35.exe O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll O20 - Winlogon Notify: wvuvsts - C:\WINDOWS\SYSTEM32\wvuvsts.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, July 15, 2007 9:22:42 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 15/07/2007 Enregistrements dans la base antivirus Kaspersky : 339988 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Zones critiques: C:\WINDOWS C:\DOCUME~1\GUY\LOCALS~1\Temp\ Statistiques de l'analyse: Total d'objets analysés: 23836 Nombre de virus trouvés: 1 Nombre d'objets infectés: 1 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:21:19 Nom de l'objet infecté / Nom du virus / Dernière action C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\winyvn32.dll Infecté : Trojan.Win32.Dialer.qn ignoré C:\WINDOWS\Temp\Perflib_Perfdata_63c.dat L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré C:\DOCUME~1\GUY\LOCALS~1\Temp\WCESLog.log L'objet est verrouillé ignoré ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-07-15 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-05-23 advcheck.dll (1.5.3.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-07-11 Includes\Cookies.sbi 2007-05-30 Includes\Dialer.sbi 2007-07-11 Includes\DialerC.sbi 2007-07-11 Includes\Hijackers.sbi 2007-07-11 Includes\HijackersC.sbi 2007-07-11 Includes\Keyloggers.sbi 2007-07-11 Includes\KeyloggersC.sbi 2007-07-11 Includes\Malware.sbi 2007-07-11 Includes\MalwareC.sbi 2007-07-11 Includes\PUPS.sbi 2007-07-11 Includes\PUPSC.sbi 2007-07-11 Includes\Revision.sbi 2007-05-30 Includes\Security.sbi 2007-07-11 Includes\SecurityC.sbi 2007-07-11 Includes\Spybots.sbi 2007-07-11 Includes\SpybotsC.sbi 2005-02-17 Includes\Tracks.uti 2007-07-03 Includes\Trojans.sbi 2007-07-11 Includes\TrojansC.sbi 2007-06-06 Plugins\TCPIPAddress.dll Located: HK_LM:Run, Adobe Reader Speed Launcher command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe size: 40048 MD5: 66d4456c920e21bd2188f8cc33680df5 Located: HK_LM:Run, AGRSMMSG command: AGRSMMSG.exe file: C:\WINDOWS\AGRSMMSG.exe size: 88209 MD5: 230ea041666125b6812fe3ff964b2df3 Located: HK_LM:Run, Apoint command: C:\Program Files\Apoint2K\Apoint.exe file: C:\Program Files\Apoint2K\Apoint.exe size: 159744 MD5: 45a55108fc51f9a54fdcf3b07a8a3afc Located: HK_LM:Run, ccApp command: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" file: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe size: 115816 MD5: 25be770865658cb79100117112819a7c Located: HK_LM:Run, ControlCenter2.0 command: C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun file: Located: HK_LM:Run, LVCOMSX command: C:\WINDOWS\system32\LVCOMSX.EXE file: C:\WINDOWS\system32\LVCOMSX.EXE size: 221184 MD5: f0431c490f124a8cc874163e6a38dd28 Located: HK_LM:Run, osCheck command: "C:\Program Files\Norton AntiVirus\osCheck.exe" file: C:\Program Files\Norton AntiVirus\osCheck.exe size: 26248 MD5: 3602c14e8b2bf31e7b4f14c162178945 Located: HK_LM:Run, SetDefPrt command: C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe file: C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe size: 49152 MD5: 0c6dc7f88df16a6851bd11a48a03da1b Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe size: 83608 MD5: 9c1c80bbf8e6044980890e2d2d91091c Located: HK_LM:Run, Symantec PIF AlertEng command: "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" file: C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe size: 517768 MD5: c837d17de0b349539aa527ee750ebe2a Located: HK_LM:Run, Cpqset (DISABLED) command: C:\Program Files\HPQ\Default Settings\cpqset.exe file: C:\Program Files\HPQ\Default Settings\cpqset.exe size: 233534 MD5: 27ede9b7f4c2abefceca90c1971fb8c7 Located: HK_LM:Run, LogitechVideoTray (DISABLED) command: C:\Program Files\Logitech\Video\LogiTray.exe file: C:\Program Files\Logitech\Video\LogiTray.exe size: 217088 MD5: fe6e15cc578c3278755cddff70c2787d Located: HK_LM:Run, QuickTime Task (DISABLED) command: "C:\Program Files\QuickTime\qttask.exe" -atboottime file: C:\Program Files\QuickTime\qttask.exe size: 286720 MD5: 49ccfbe5d5225b9d3cc78c09dee147d0 Located: HK_CU:Run, ctfmon.exe command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 64e41e8fee655b03e3f19ded21ba5118 Located: HK_CU:Run, H/PC Connection Agent command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe size: 1204224 MD5: 3d3b3b4844a9d4b1b9d3e8c7bb013026 Located: HK_CU:Run, UberIcon command: "C:\Program Files\UberIcon\UberIcon Manager.exe" file: C:\Program Files\UberIcon\UberIcon Manager.exe size: 122880 MD5: a019a4f68df914ce039b447ddb928a37 Located: HK_CU:Run, WMPNSCFG command: C:\Program Files\Windows Media Player\WMPNSCFG.exe file: C:\Program Files\Windows Media Player\WMPNSCFG.exe size: 204288 MD5: 5011a24aecf4d573473bdc15ee84c178 Located: HK_CU:Run, H/PC Connection Agent (DISABLED) command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe size: 1204224 MD5: 3d3b3b4844a9d4b1b9d3e8c7bb013026 Located: Démarrage (tous utilisateurs), Contrôleur d’état.lnk command: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe file: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe size: 802816 MD5: fd2664d52a61d9cdc1bc3105bd1f414d Located: System.ini, vtsqo (DISABLED) command: C:\WINDOWS\system32\vtsqo.dll file: C:\WINDOWS\system32\vtsqo.dll size: 266336 MD5: 87c5234e55fe66d7d1d415631eeafca3 Located: System.ini, winyvn32 (DISABLED) command: winyvn32.dll file: winyvn32.dll Located: System.ini, wvuvsts (DISABLED) command: wvuvsts.dll file: wvuvsts.dll Located: System.ini, AtiExtEvent (DISABLED) command: Ati2evxx.dll file: Ati2evxx.dll Located: System.ini, crypt32chain (DISABLED) command: crypt32.dll file: crypt32.dll Located: System.ini, cryptnet (DISABLED) command: cryptnet.dll file: cryptnet.dll Located: System.ini, cscdll (DISABLED) command: cscdll.dll file: cscdll.dll Located: System.ini, ScCertProp (DISABLED) command: wlnotify.dll file: wlnotify.dll Located: System.ini, Schedule (DISABLED) command: wlnotify.dll file: wlnotify.dll Located: System.ini, sclgntfy (DISABLED) command: sclgntfy.dll file: sclgntfy.dll Located: System.ini, SensLogn (DISABLED) command: WlNotify.dll file: WlNotify.dll Located: System.ini, termsrv (DISABLED) command: wlnotify.dll file: wlnotify.dll Located: System.ini, vtsqo (DISABLED) command: C:\WINDOWS\system32\vtsqo.dll file: C:\WINDOWS\system32\vtsqo.dll size: 266336 MD5: 87c5234e55fe66d7d1d415631eeafca3 Located: System.ini, WgaLogon (DISABLED) command: WgaLogon.dll file: WgaLogon.dll Located: System.ini, winyvn32 (DISABLED) command: winyvn32.dll file: winyvn32.dll Located: System.ini, wlballoon (DISABLED) command: wlnotify.dll file: wlnotify.dll Located: System.ini, wvuvsts (DISABLED) command: wvuvsts.dll file: wvuvsts.dll

Et bien ? Il n`y a pas grand monde pour me donner une reponse. Merci