bibiche90

Bonjour à tous. Je sollicite votre aide pour l'ordinateur de mes petits enfants. En effet depuis à peu près un mois, il leur est impossible de se connecter sur le net par ie8 mais apparemment les mises à jour windows se font sans problème et la connexion msn est bonne aussi. J'ai essayé tout ce que je pouvais : ils n'avaient plus d'antivirus donc j'ai réinstallé antivira mais la mise à jour n'a pu se faire... scan ok. contrôle des paramètres connexion, pare feu etc... comparaison des différents paramètres avec un ordinateur similaire : tout est ok. desactivation du pare feu etc... J'ai fait l'essai sur une freebox, une neufbox, une livebox en connexion wifi et par cable ethernet. Toujours le meme message : impossible d'afficher la page web. quand on fait un diagnostique, tout est ok et le signal est excellent. Un vrai casse tête. Merci à toutes les bonnes âmes qui pourraient m'aider un tantinet. Il s'agit d'un portable emachine, processeur genuine intel cpu, type emg520, mémoire vive 2GO, explorer 32 bits. Windows vista edition familiale basique, pack 1.

Je vous remercie de votre aide et de vos conseils.... Merci pour votre efficacité. Je vous souhaite un bon week end ainsi qu'à toute l'équipe.

Voila les deux rapports... Cela a été long mais c'est fait... Je te remercie d'y jeter un coup d'oeil et de me dire si tout est ok ou non... Bonne journée Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1032 Windows 5.1.2600 Service Pack 2 11:42:24 08/08/2008 mbam-log-8-8-2008 (11-42-24).txt Type de recherche: Examen complet (C:\|E:\|) Eléments examinés: 194619 Temps écoulé: 4 hour(s), 1 minute(s), 24 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Avira AntiVir Personal Report file date: vendredi 8 août 2008 12:50 Scanning for 1540869 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: XP Computer name: XP-F54D21F7D94C Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 04/08/2008 10:40:13 ANTIVIR3.VDF : 7.0.5.232 142336 Bytes 08/08/2008 10:40:14 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 08/08/2008 10:40:24 AESCN.DLL : 8.1.0.23 119156 Bytes 08/08/2008 10:40:23 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 08/08/2008 10:40:23 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 08/08/2008 10:40:22 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 08/08/2008 10:40:21 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50 AEGEN.DLL : 8.1.0.35 315764 Bytes 08/08/2008 10:40:18 AEEMU.DLL : 8.1.0.7 430452 Bytes 08/08/2008 10:40:17 AECORE.DLL : 8.1.1.8 172406 Bytes 08/08/2008 10:40:15 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 08/08/2008 10:40:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 8 août 2008 12:50 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '57' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\XP\Bureau\Navilog1.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper [NOTE] A backup was created as '49122676.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! C:\WINDOWS\system32\installer32.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\installer32] [NOTE] A backup was created as '490f2f4b.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\atapi.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd4173.sys [WARNING] The file could not be opened! Begin scan in 'E:\' <DONNEES> E:\AAA Drivers\Emule\Incoming\Dracula origin - [ Full - crack - serial].zip [0] Archive type: ZIP --> Dracula origin - Setup.exe [DETECTION] Is the TR/Spy.Gampass.A Trojan [NOTE] A backup was created as '48fd309e.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! E:\AAA Drivers\Emule\Incoming\[PC GAME Crack] Dracula Origin (Crack NO CD + Serial).rar [0] Archive type: RAR --> [PC GAME Crack] Dracula Origin (Crack NO CD + Serial)\Crack.exe [DETECTION] Is the TR/Drop.Agent.xbc Trojan [NOTE] A backup was created as '48df30af.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! E:\Jeux\7 artifacts\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CV Trojan [NOTE] A backup was created as '490531dc.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! E:\Jeux\aquaria\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CV Trojan [NOTE] A backup was created as '49053244.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! E:\Jeux\candace kanes candy factory\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CF Trojan [NOTE] A backup was created as '490532ef.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! E:\Jeux\coffee rush\Uninstall.exe [DETECTION] Is the TR/Krunchy Trojan [NOTE] A backup was created as '4905331e.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! E:\Jeux\dress shop hop\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CV Trojan [NOTE] A backup was created as '490534be.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! E:\Jeux\escape the museum\Uninstall.exe [DETECTION] Is the TR/Krunchy Trojan [NOTE] A backup was created as '490534e3.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! E:\Jeux\fishing craze\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CF Trojan [NOTE] A backup was created as '49053555.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! E:\Jeux\magic seeds\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CF Trojan [NOTE] A backup was created as '490537a2.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! E:\Jeux\miss teri tale\Uninstall.exe [DETECTION] Is the TR/Krunchy Trojan [NOTE] A backup was created as '490537bc.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! E:\Jeux\polly pride pet detective\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CV Trojan [NOTE] A backup was created as '490538fd.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! E:\Jeux\spandex force\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CF Trojan [NOTE] A backup was created as '49053a2f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! E:\Jeux\the great tree\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CV Trojan [NOTE] A backup was created as '49053a9e.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [WARNING] The file could not be copied to the quarantine directory. [WARNING] Error in ARK lib [NOTE] The file was deleted! E:\Jeux\the tuttles madcap misadventures\Uninstall.exe [DETECTION] Is the TR/Spy.Gampass.CV Trojan [NOTE] A backup was created as '49053b0f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] The driver could not be initialized. [NOTE] The file was deleted! End of the scan: vendredi 8 août 2008 14:32 Used time: 1:41:54 Hour(s) The scan has been done completely. 12103 Scanning directories 306859 Files were scanned 17 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 17 files were deleted 0 files were repaired 17 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 306838 Files not concerned 2018 Archives were scanned 17 Warnings 17 Notes

Bonjour à toi.... Merci de bien vouloir t'occuper de mon petit problème... Je n'ai pu te répondre hier à cause de l'alerte aux orages... Je pense que ce matin je vais pouvoir traiter mon ordi le temps à l'air de se calmer.. J'y vais pour les deux actions et je posterai les rapports.. A plus

Bonjour à tous... Excusez moi de vous déranger, mais il apparait ce matin au contrôle de kaspersky qu'un vilain trojan est entré dans mon ordi... mais impossible de le suprimer, kasperski effectue la suppression mais au redemarrage il réaparait.... toujours dans le fichier C:\WINDOWS\SYSTEM32\INSTALLER32.SYS Voici mon rapport hijackthis au cas où une bonne âme voulait bien se pencher dessus... Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:02:26, on 07/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\XP\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 5444 bytes

Je vous remercie de m'avoir si bien dépannée... Comme d'habitude les conseils émis par les spécialistes de ce site sont très utiles... Encore une fois un grand merci.

Ca y est j'ai tout fait.... suivant vos conseils.... tout a l'air de marcher à la perfection... sauf kaspersky qui réagit aux divers logiciels que j'ai du installer pour guérir le cancer qui rongeait mon pc (virus heur.invader)... dois-je desinstaller sdfis et combfix ???

Voici les deux rapports : File/Folder c:\windows\system32\wshisn32.dll not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06192008_151803 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:33:30, on 19/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\PROGRA~1\INCRED~1\bin\ImApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6656 bytes

ca y est.. voila le rappor hijackthis.... les mises à jour marchent... vous êtes un chef... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:32:23, on 19/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\PROGRA~1\INCRED~1\bin\ImApp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O20 - Winlogon Notify: wshisn32 - C:\WINDOWS\SYSTEM32\wshisn32.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6609 bytes

merci j'ai enfin compris, en fait j'avais supprimé la ligne blanche entre windows registry et hkey etc... j'ai fait l'instal1.bat. et l'icone a disparu... je vais refaire de suite un hijackthis et vous transmettre cela... a tout a l'heure

Alors je dois avoir un pb de comprehension car lorsque je fais clic droit sur le fichier regis.reg, je n'ai que ouvrir, imprimer, modifier, rechercher d'eventuels virus, ouvrir avec, tout ce qui concerne l'archivage, envoyer vers, copier, couper, creer racourci, supprimer, renommer et propriete.... mais nulle part fusionner... il est où ??? merci de m'aiguiller

je viens d'enregistrer les 3 lignes sur le bureau.... mais je ne trouve pas l'action fusionner... pourtant je suis bien réveillée... je n'utilise toujours que kaspersky comme antivirus.. et ne vous inquietez pas, je scanne systematiquement tous les modules téléchargés... les jeux sont bien sur pour la détente, les enfants et petits enfants... autrement, je dois bien reconnaitre que grace à vous, mon pc est plus rapide... il y a du y avoir du ménage de fait... mais l'icone de windows concernant les mises à jour automatique est toujours à l'écran et lorsque je lance windows update, je me retrouve avec une erreur 0x80070424... je continue ma recherche de fusionner et encore une fois merci pour tout, les fleurs envoyées par kutzman étaient justifiées à mon avis.

bonjour à vous.. Voici le nouveau rapport, excusez moi de n'avoir pu le faire hier soir... Merci ComboFix 08-06-16.5 - XP 2008-06-19 9:18:05.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.198 [GMT 2:00] Endroit: C:\Documents and Settings\XP\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\XP\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\DOCUME~1\XP\LOCALS~1\Temp\jgameenp.sys C:\WINDOWS\dsys0889.dat C:\WINDOWS\smrs.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\dsys0889.dat C:\WINDOWS\smrs.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))))))) . 2008-06-18 15:53 . 2008-06-18 15:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-18 15:53 . 2008-06-18 15:53 <REP> d-------- C:\Documents and Settings\XP\Application Data\Malwarebytes 2008-06-18 15:53 . 2008-06-18 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-18 15:53 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-18 15:53 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-18 15:15 . 2008-06-18 15:15 <REP> d-------- C:\WINDOWS\ERUNT 2008-06-18 12:59 . 2008-06-18 12:59 <REP> d-------- C:\Program Files\Trend Micro 2008-06-18 11:13 . 2008-06-18 18:27 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-06-17 19:19 . 2008-06-17 19:19 <REP> d-------- C:\Documents and Settings\XP\Application Data\Alawar 2008-06-11 18:53 . 2008-06-11 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Double Trump 2008-06-11 16:07 . 2008-06-11 16:07 <REP> d-------- C:\Program Files\Digital Chocolate 2008-06-11 13:36 . 2008-06-11 13:36 <REP> d-------- C:\Documents and Settings\XP\Application Data\Gogii Games 2008-06-11 13:36 . 2008-06-11 13:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Gogii Games 2008-06-11 13:11 . 2008-06-11 13:12 <REP> d-------- C:\Program Files\Vogue Tales 2008-06-11 13:05 . 2008-06-11 13:05 <REP> d-------- C:\WINDOWS\ColorUp! Wedding Scrapbook 2008-06-11 07:33 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 07:33 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 07:59 . 2008-06-10 07:59 <REP> d-------- C:\WINDOWS\The Secret of Margrave Manor 2008-06-04 12:46 . 2008-06-04 12:46 268 --ah----- C:\sqmdata12.sqm 2008-06-04 12:46 . 2008-06-04 12:46 244 --ah----- C:\sqmnoopt13.sqm 2008-06-04 08:18 . 2008-06-04 08:18 <REP> d-------- C:\Documents and Settings\XP\Application Data\GamesCafe 2008-06-02 10:10 . 2008-06-02 10:14 <REP> d-------- C:\Program Files\PhotoFiltre Studio 2008-05-31 22:44 . 2008-05-31 22:44 <REP> d-------- C:\Documents and Settings\XP\Application Data\Ludia 2008-05-31 22:44 . 2008-05-31 22:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ludia 2008-05-31 22:17 . 2008-05-31 22:17 <REP> d-------- C:\Documents and Settings\XP\Application Data\ITTNord 2008-05-31 22:08 . 2008-05-31 22:08 <REP> d-------- C:\WINDOWS\Money Tree 2008-05-31 22:06 . 2008-05-31 22:06 <REP> d-------- C:\WINDOWS\Hell's Kitchen 2008-05-29 08:21 . 2008-05-29 08:21 <REP> d-------- C:\Documents and Settings\XP\Application Data\Magic Seeds 2008-05-28 18:17 . 2008-05-28 18:17 <REP> d-------- C:\Documents and Settings\XP\Application Data\Friday's games 2008-05-28 18:11 . 2008-05-28 18:11 <REP> d-------- C:\Documents and Settings\XP\Application Data\Thinstall 2008-05-28 13:23 . 2008-05-28 14:20 <REP> d-------- C:\Documents and Settings\XP\Application Data\SultanofPersia 2008-05-28 13:00 . 2008-05-28 13:00 <REP> d-------- C:\WINDOWS\Mystery Museum 2008-05-28 11:48 . 2008-05-28 11:48 <REP> d-------- C:\WINDOWS\Eye for Design 2008-05-27 16:25 . 2008-05-27 17:01 <REP> d-------- C:\Program Files\Picasa2 2008-05-21 05:47 . 2008-05-21 05:47 <REP> d-------- C:\Documents and Settings\XP\Application Data\Games 2008-05-21 05:46 . 2008-05-21 05:46 <REP> d-------- C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet 2008-05-20 13:58 . 2008-05-20 13:58 <REP> d-------- C:\WINDOWS\Pastry Passion 2008-05-19 21:52 . 2008-05-19 21:52 <REP> d-------- C:\Documents and Settings\XP\Application Data\Sudden Games . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-19 07:24 104,299,808 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-19 07:22 1,454,880 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-19 07:21 141,596 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-19 07:21 1,402,076 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-19 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-18 15:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-18 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-18 13:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-16 11:14 63,184 ----a-w C:\Documents and Settings\XP\Application Data\GDIPFONTCACHEV1.DAT 2008-06-11 11:28 --------- d-----w C:\Documents and Settings\XP\Application Data\iWin 2008-06-02 06:49 --------- d-----w C:\Program Files\Microsoft Digital Image 10 2008-06-01 18:23 --------- d-----w C:\Documents and Settings\XP\Application Data\MysteryStudio 2008-05-29 17:20 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-29 10:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-05-29 06:45 --------- d-----w C:\Documents and Settings\XP\Application Data\PlayFirst 2008-05-29 06:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-05-28 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astar Games 2008-05-28 14:35 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-28 14:35 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-14 10:05 --------- d-----w C:\Documents and Settings\XP\Application Data\Samsung 2008-05-14 09:58 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys 2008-05-14 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-14 09:47 --------- d-----w C:\Program Files\Samsung 2008-05-10 14:10 --------- d-----w C:\Program Files\Google 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-06 10:12 --------- d-----w C:\Documents and Settings\XP\Application Data\Boomzap 2008-04-26 17:53 --------- d-----w C:\Documents and Settings\XP\Application Data\My Games 2008-04-24 17:36 --------- d-----w C:\Documents and Settings\XP\Application Data\Gaijin Ent 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-06-18_18.18.31.85 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-18 16:11:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-19 07:22:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2001-07-14 15:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-07-19 10:54 208946] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-07-10 10:34 475180] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wshisn32] wshisn32.dll 2004-11-08 10:03 8192 C:\WINDOWS\system32\wshisn32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.g723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "E:\\AAA Drivers\\Emule\\emule.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\Jeux\\lego fever\\Exe\\Loco.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2357:TCP"= 2357:TCP:messenger R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-09 10:24] S3 jgameenp;jgameenp;C:\DOCUME~1\XP\LOCALS~1\Temp\jgameenp.sys [] S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 15:48] S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 03:00] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 17:43] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8888d67-32c5-11dd-abd4-00138f61193b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-16 17:12:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-19 09:23:24 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-19 9:30:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-19 07:30:26 ComboFix2.txt 2008-06-18 16:42:19 ComboFix3.txt 2008-06-18 16:19:01 Pre-Run: 24,611,577,856 octets libres Post-Run: 24,638,922,752 octets libres 206 --- E O F --- 2008-06-11 06:32:20

c 'est fait... Merci de m'assister comme cela... ComboFix 08-06-16.5 - XP 2008-06-18 18:35:32.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.196 [GMT 2:00] Endroit: C:\Documents and Settings\XP\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))))))) . 2008-06-18 15:53 . 2008-06-18 15:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-18 15:53 . 2008-06-18 15:53 <REP> d-------- C:\Documents and Settings\XP\Application Data\Malwarebytes 2008-06-18 15:53 . 2008-06-18 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-18 15:53 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-18 15:53 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-18 15:15 . 2008-06-18 15:15 <REP> d-------- C:\WINDOWS\ERUNT 2008-06-18 12:59 . 2008-06-18 12:59 <REP> d-------- C:\Program Files\Trend Micro 2008-06-18 11:13 . 2008-06-18 18:27 7,168 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-06-17 19:19 . 2008-06-17 19:19 <REP> d-------- C:\Documents and Settings\XP\Application Data\Alawar 2008-06-11 18:53 . 2008-06-11 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Double Trump 2008-06-11 16:07 . 2008-06-11 16:07 <REP> d-------- C:\Program Files\Digital Chocolate 2008-06-11 13:36 . 2008-06-11 13:36 <REP> d-------- C:\Documents and Settings\XP\Application Data\Gogii Games 2008-06-11 13:36 . 2008-06-11 13:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Gogii Games 2008-06-11 13:11 . 2008-06-11 13:12 <REP> d-------- C:\Program Files\Vogue Tales 2008-06-11 13:05 . 2008-06-11 13:05 <REP> d-------- C:\WINDOWS\ColorUp! Wedding Scrapbook 2008-06-11 07:33 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 07:33 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-10 07:59 . 2008-06-10 07:59 <REP> d-------- C:\WINDOWS\The Secret of Margrave Manor 2008-06-04 12:46 . 2008-06-04 12:46 268 --ah----- C:\sqmdata12.sqm 2008-06-04 12:46 . 2008-06-04 12:46 244 --ah----- C:\sqmnoopt13.sqm 2008-06-04 08:18 . 2008-06-04 08:18 <REP> d-------- C:\Documents and Settings\XP\Application Data\GamesCafe 2008-06-02 10:12 . 2008-06-02 10:12 45 ---h----- C:\WINDOWS\dsys0889.dat 2008-06-02 10:10 . 2008-06-02 10:14 <REP> d-------- C:\Program Files\PhotoFiltre Studio 2008-05-31 22:44 . 2008-05-31 22:44 <REP> d-------- C:\Documents and Settings\XP\Application Data\Ludia 2008-05-31 22:44 . 2008-05-31 22:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ludia 2008-05-31 22:17 . 2008-05-31 22:17 <REP> d-------- C:\Documents and Settings\XP\Application Data\ITTNord 2008-05-31 22:08 . 2008-05-31 22:08 <REP> d-------- C:\WINDOWS\Money Tree 2008-05-31 22:06 . 2008-05-31 22:06 <REP> d-------- C:\WINDOWS\Hell's Kitchen 2008-05-29 08:21 . 2008-05-29 08:21 <REP> d-------- C:\Documents and Settings\XP\Application Data\Magic Seeds 2008-05-28 18:17 . 2008-05-28 18:17 <REP> d-------- C:\Documents and Settings\XP\Application Data\Friday's games 2008-05-28 18:11 . 2008-05-28 18:11 <REP> d-------- C:\Documents and Settings\XP\Application Data\Thinstall 2008-05-28 13:23 . 2008-05-28 14:20 <REP> d-------- C:\Documents and Settings\XP\Application Data\SultanofPersia 2008-05-28 13:00 . 2008-05-28 13:00 <REP> d-------- C:\WINDOWS\Mystery Museum 2008-05-28 11:48 . 2008-05-28 11:48 <REP> d-------- C:\WINDOWS\Eye for Design 2008-05-27 16:25 . 2008-05-27 17:01 <REP> d-------- C:\Program Files\Picasa2 2008-05-21 05:47 . 2008-05-21 05:47 <REP> d-------- C:\Documents and Settings\XP\Application Data\Games 2008-05-21 05:46 . 2008-05-21 05:46 <REP> d-------- C:\WINDOWS\Sherlock Holmes - The Mystery of the Persian Carpet 2008-05-20 13:58 . 2008-05-20 13:58 <REP> d-------- C:\WINDOWS\Pastry Passion 2008-05-19 21:52 . 2008-05-19 21:52 <REP> d-------- C:\Documents and Settings\XP\Application Data\Sudden Games . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 16:39 104,246,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-18 16:39 1,451,296 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-18 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-18 16:11 140,852 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-18 16:11 1,400,756 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-18 15:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-18 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-18 13:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-18 08:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-16 11:14 63,184 ----a-w C:\Documents and Settings\XP\Application Data\GDIPFONTCACHEV1.DAT 2008-06-11 11:28 --------- d-----w C:\Documents and Settings\XP\Application Data\iWin 2008-06-02 06:49 --------- d-----w C:\Program Files\Microsoft Digital Image 10 2008-06-01 18:23 --------- d-----w C:\Documents and Settings\XP\Application Data\MysteryStudio 2008-05-29 17:20 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-29 10:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games 2008-05-29 06:45 --------- d-----w C:\Documents and Settings\XP\Application Data\PlayFirst 2008-05-29 06:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2008-05-28 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astar Games 2008-05-28 14:35 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-28 14:35 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-14 10:05 --------- d-----w C:\Documents and Settings\XP\Application Data\Samsung 2008-05-14 09:58 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys 2008-05-14 09:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-14 09:47 --------- d-----w C:\Program Files\Samsung 2008-05-10 14:10 --------- d-----w C:\Program Files\Google 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-06 10:12 --------- d-----w C:\Documents and Settings\XP\Application Data\Boomzap 2008-04-29 19:54 69,668 ----a-w C:\WINDOWS\smrs.exe 2008-04-26 17:53 --------- d-----w C:\Documents and Settings\XP\Application Data\My Games 2008-04-24 17:36 --------- d-----w C:\Documents and Settings\XP\Application Data\Gaijin Ent 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-06-18_18.18.31.85 ))))))))))))))))))))))))))))))))))))))))) . + 2001-07-14 15:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-07-19 10:54 208946] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-07-10 10:34 475180] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Microsoft Windows Sound"="svshost.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Windows Sound"="svshost.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360] Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-10 16:07:22 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wshisn32] wshisn32.dll 2004-11-08 10:03 8192 C:\WINDOWS\system32\wshisn32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.g723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "E:\\AAA Drivers\\Emule\\emule.exe"= "C:\\Program Files\\Magentic\\bin\\MgImp.exe"= "C:\\Program Files\\Magentic\\bin\\Magentic.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\Jeux\\lego fever\\Exe\\Loco.exe"= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\WINDOWS\smrs.exe"= C:\WINDOWS\smrs.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2357:TCP"= 2357:TCP:messenger R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-08-09 10:24] S3 jgameenp;jgameenp;C:\DOCUME~1\XP\LOCALS~1\Temp\jgameenp.sys [] S3 Navcar;Navman In-car Navigator USB Driver Service;C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 15:48] S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-11 03:00] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-08-17 17:43] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8888d67-32c5-11dd-abd4-00138f61193b}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Toy.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-16 17:12:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 18:39:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-18 18:42:18 ComboFix-quarantined-files.txt 2008-06-18 16:41:20 ComboFix2.txt 2008-06-18 16:19:01 Pre-Run: 24,615,931,904 octets libres Post-Run: 24,610,603,008 octets libres 188 --- E O F --- 2008-06-11 06:32:20

merci j'y vais de ce pas.... A plus tard