tdanny6

Bonsoir et merci, Voila quand j'ouvre executer et que je j'inscris msconfig ,ok. Il me met un message; Windows ne trouve pas ' msconfig ' vérifiez que vous avez entré le nom correctement et essayez a nouveau.Pour rechercher un fichier , cliquez sur le bouton démrrer , puis rechercher. Je suppose que c'est dû au nettoyage du virus ? Pour regedit sa fonctionne

Bonsoir a toutes et tous , voici mon problème, suite a un problème de virus résolu ( http://forum.zebulon.fr/index.php?showtopic=136636 )je ne parvient plus a ouvrir msconfig . Quelqu'un aurais une idée afin de le réactivé. Merci d'avance pour votre aide. J'espére que je suis sur le bon forum

Et bien voila tout est fait , je vais éditer. En tout cas un tout grand merci pour tout, et encore dsl pour certaine parole qui ont dépassé ma pensée. Je me met a l'évidence que sans des personnes comme vous , nous seriont vraiment dans la panade et obliger de formater plus d'une fois. Je souhaite une longue vie a ce super cite ainsi qu'aux personne qui prenent de leurs temps pour nous aider dans nos bêtises. Merci.

Pour ce qui est des symptomes , pour l'instant je n'ai plus de page qui s'ouvre m'indiquant un virus, ni venant de avg anti spyware ni antivir. J'effectuerai un scan des deux aprés pour voir s'il detecte encore quelque chose. Une petite question , les BHO dans le rapport peut t'ont les supprimé ?? voici le rapport HijackThis ; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:54:15, on 5/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe K:\Mes documents\avg\AVG Anti-Spyware 7.5\guard.exe K:\Mes documents\nero 8\Nero 8\InCD\InCDsrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBService.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [!AVG Anti-Spyware] "K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - K:\Mes documents\avg\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - K:\Mes documents\nero 8\Nero 8\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 6083 bytes

Pas grave , voici le rapport; ComboFix 08-01-04.1 - T-danny6 2008-01-05 14:42:49.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.145 [GMT 1:00] Running from: C:\Documents and Settings\T-danny6\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\T-danny6\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))))))) . 2008-01-05 09:32 . 2008-01-05 09:32 <REP> d-------- C:\Program Files\Avira 2008-01-05 01:08 . 2008-01-05 01:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 20:39 . 2008-01-04 20:39 17 --a------ C:\MAINMSG.DAT 2008-01-04 20:39 . 2008-01-04 20:39 12 --a------ C:\DISKFREE.DAT 2008-01-04 20:39 . 2008-01-04 20:39 1 --a------ C:\PROGRES.DAT 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\WINDOWS\$tmp$.tm$ 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\$tmp$.tm$ 2008-01-04 14:51 . 2008-01-04 14:51 4,724 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-01-04 14:49 . 2008-01-04 15:01 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-04 14:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-04 12:35 . 2008-01-04 12:35 6,656 --ahs---- C:\Thumbs.db 2008-01-04 00:03 . 2008-01-05 01:20 <REP> d-------- C:\Program Files\Panda Security 2007-12-11 07:43 . 2007-12-11 07:43 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\vlc 2007-12-11 07:42 . 2007-12-11 07:42 <REP> d-------- C:\Program Files\VideoLAN 2007-12-10 13:27 . 2007-12-10 13:27 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\TomTom 2007-12-10 13:26 . 2007-12-10 13:27 <REP> d-------- C:\Program Files\TomTom HOME 2 2007-12-09 10:39 . 2008-01-05 10:21 <REP> d-------- C:\Program Files\Microsoft IntelliPoint 2007-12-07 12:59 . 2007-12-07 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-12-07 12:54 . 2007-12-09 10:38 <REP> d-------- C:\Program Files\Windows Live Toolbar . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-01-04 21:09 51,368 ----a-w C:\Documents and Settings\T-danny6\Application Data\GDIPFONTCACHEV1.DAT 2008-01-04 19:48 --------- d-----w C:\Program Files\IncrediMail 2008-01-02 11:52 --------- d-----w C:\Program Files\ma-config(2).com 2008-01-02 11:36 --------- d-----w C:\Program Files\QuickTime 2008-01-02 11:15 --------- d-----w C:\Program Files\Windows Defender 2007-12-31 03:17 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Vso 2007-12-28 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-11 14:16 --------- d-----w C:\Program Files\Picasa2 2007-12-10 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-09 15:14 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Image Zone Express 2007-12-09 09:39 --------- d-----w C:\Program Files\Microsoft IntelliPoint(2) 2007-12-09 09:39 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\ma-config(2).com 2007-11-29 20:59 --------- d-----w C:\Program Files\HP 2007-11-29 20:59 --------- d-----w C:\Program Files\Fichiers communs\HP 2007-11-29 20:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Printer Info Cache 2007-11-15 23:28 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-15 23:28 --------- d-----w C:\Program Files\PS6tryFra 2007-11-15 23:28 --------- d-----w C:\Program Files\PowerArchiver 2007-11-15 23:28 --------- d-----w C:\Program Files\DivX 2007-11-13 16:26 --------- d-----w C:\Program Files\iPod 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-05 15:41 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 14:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\MSN6 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-12 14:17 254,604 ----a-w C:\clean.cmd 2007-10-11 08:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll 2007-10-11 08:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe 2007-10-11 08:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll 2007-10-10 06:11 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll 2007-10-09 12:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2007-10-09 12:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll 2007-10-09 12:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll 2007-10-09 12:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2007-10-09 12:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2007-10-09 12:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2007-10-09 12:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2007-10-09 12:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll 2007-10-09 11:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe 2007-08-02 14:18 47,360 ----a-w C:\Documents and Settings\T-danny6\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot@2008-01-05_ 0.30.54.34 ))))))))))))))))))))))))))))))))))))))))) . - 2006-07-05 10:56:38 1,049,088 -c----w C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll + 2006-07-05 10:56:38 1,049,088 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\kernel32.dll + 2005-10-12 23:15:26 216,800 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\spuninst\spuninst.exe + 2005-10-12 23:15:45 394,976 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\spuninst\updspapi.dll + 2007-08-21 13:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll + 2007-07-18 13:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll - 2007-04-16 15:53:11 1,049,600 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll + 2007-04-16 16:11:08 1,051,136 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll - 2008-01-04 19:46:11 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2008-01-05 08:34:08 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys - 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll + 2007-04-16 16:11:08 1,051,136 ----a-w C:\WINDOWS\system32\kernel32.dll - 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2006-12-10 13:10:04 15,664 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-08-03 17:49 188459] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 14:19 4640768] "nwiz"="nwiz.exe" [2003-05-02 14:19 323584 C:\WINDOWS\system32\nwiz.exe] "!AVG Anti-Spyware"="K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-05 09:34 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^boîte à outils.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^MP3 Dancer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Rapidown.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 20:33 57344 --a------ C:\Program Files\Adobe\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-08-03 11:51 202024 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD] K:\Logiciel\AnyDVD\ElbyCheck.exe /L AnyDVD [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 01:41 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-08-04 09:29 1056552 --a------ K:\Mes documents\nero 8\Nero 8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-02 18:36 267048 --a------ K:\Mes documents\Ma musique\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2006-07-08 00:14 576320 --a------ C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 08:25 1828136 --a------ K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2007-06-28 22:01 2512128 --a------ C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-08-04 09:30 2043688 --a------ K:\Mes documents\nero 8\Nero 8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2002-10-11 18:26 98304 --a------ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ K:\Logiciel\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe -s R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-01 16:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-28 16:16:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - K:\Mes documents\tune up 2007\SystemOptimizer.exe "2008-01-05 08:45:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 14:44:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-05 14:45:02 ComboFix-quarantined-files.txt 2008-01-05 13:44:46 ComboFix2.txt 2008-01-05 12:56:35 ComboFix3.txt 2008-01-05 09:30:55 . 2008-01-05 08:12:09 --- E O F ---

Encore merci. Voici le scan ; ComboFix 08-01-04.1 - T-danny6 2008-01-05 13:53:59.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.136 [GMT 1:00] Running from: C:\Documents and Settings\T-danny6\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\T-danny6\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))))))) . 2008-01-05 09:32 . 2008-01-05 09:32 <REP> d-------- C:\Program Files\Avira 2008-01-05 01:08 . 2008-01-05 01:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 20:39 . 2008-01-04 20:39 17 --a------ C:\MAINMSG.DAT 2008-01-04 20:39 . 2008-01-04 20:39 12 --a------ C:\DISKFREE.DAT 2008-01-04 20:39 . 2008-01-04 20:39 1 --a------ C:\PROGRES.DAT 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\WINDOWS\$tmp$.tm$ 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\$tmp$.tm$ 2008-01-04 14:51 . 2008-01-04 14:51 4,724 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-01-04 14:49 . 2008-01-04 15:01 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-04 14:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-04 12:35 . 2008-01-04 12:35 6,656 --ahs---- C:\Thumbs.db 2008-01-04 00:03 . 2008-01-05 01:20 <REP> d-------- C:\Program Files\Panda Security 2007-12-11 07:43 . 2007-12-11 07:43 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\vlc 2007-12-11 07:42 . 2007-12-11 07:42 <REP> d-------- C:\Program Files\VideoLAN 2007-12-10 13:27 . 2007-12-10 13:27 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\TomTom 2007-12-10 13:26 . 2007-12-10 13:27 <REP> d-------- C:\Program Files\TomTom HOME 2 2007-12-09 10:39 . 2008-01-05 10:21 <REP> d-------- C:\Program Files\Microsoft IntelliPoint 2007-12-07 12:59 . 2007-12-07 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-12-07 12:54 . 2007-12-09 10:38 <REP> d-------- C:\Program Files\Windows Live Toolbar . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-01-04 21:09 51,368 ----a-w C:\Documents and Settings\T-danny6\Application Data\GDIPFONTCACHEV1.DAT 2008-01-04 19:48 --------- d-----w C:\Program Files\IncrediMail 2008-01-02 11:52 --------- d-----w C:\Program Files\ma-config(2).com 2008-01-02 11:36 --------- d-----w C:\Program Files\QuickTime 2008-01-02 11:15 --------- d-----w C:\Program Files\Windows Defender 2007-12-31 03:17 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Vso 2007-12-28 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-11 14:16 --------- d-----w C:\Program Files\Picasa2 2007-12-10 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-09 15:14 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Image Zone Express 2007-12-09 09:39 --------- d-----w C:\Program Files\Microsoft IntelliPoint(2) 2007-12-09 09:39 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\ma-config(2).com 2007-11-29 20:59 --------- d-----w C:\Program Files\HP 2007-11-29 20:59 --------- d-----w C:\Program Files\Fichiers communs\HP 2007-11-29 20:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Printer Info Cache 2007-11-15 23:28 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-15 23:28 --------- d-----w C:\Program Files\PS6tryFra 2007-11-15 23:28 --------- d-----w C:\Program Files\PowerArchiver 2007-11-15 23:28 --------- d-----w C:\Program Files\DivX 2007-11-13 16:26 --------- d-----w C:\Program Files\iPod 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-05 15:41 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 14:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\MSN6 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-12 14:17 254,604 ----a-w C:\clean.cmd 2007-10-11 08:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll 2007-10-11 08:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe 2007-10-11 08:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll 2007-10-10 06:11 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll 2007-10-09 12:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2007-10-09 12:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll 2007-10-09 12:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll 2007-10-09 12:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2007-10-09 12:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2007-10-09 12:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2007-10-09 12:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2007-10-09 12:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll 2007-10-09 11:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe 2007-08-02 14:18 47,360 ----a-w C:\Documents and Settings\T-danny6\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot@2008-01-05_ 0.30.54.34 ))))))))))))))))))))))))))))))))))))))))) . - 2006-07-05 10:56:38 1,049,088 -c----w C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll + 2006-07-05 10:56:38 1,049,088 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\kernel32.dll + 2005-10-12 23:15:26 216,800 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\spuninst\spuninst.exe + 2005-10-12 23:15:45 394,976 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\spuninst\updspapi.dll + 2007-08-21 13:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll + 2007-07-18 13:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll - 2007-04-16 15:53:11 1,049,600 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll + 2007-04-16 16:11:08 1,051,136 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll - 2008-01-04 19:46:11 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2008-01-05 08:34:08 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys - 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll + 2007-04-16 16:11:08 1,051,136 ----a-w C:\WINDOWS\system32\kernel32.dll - 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2006-12-10 13:10:04 15,664 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3560D22C-8860-4214-84C4-C891D64F65A5}] C:\WINDOWS\system32\jkkji.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90A22E29-FE54-447F-B5ED-6091733AB22F}] C:\WINDOWS\system32\ssqnlkk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-08-03 17:49 188459] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 14:19 4640768] "nwiz"="nwiz.exe" [2003-05-02 14:19 323584 C:\WINDOWS\system32\nwiz.exe] "!AVG Anti-Spyware"="K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-05 09:34 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{90A22E29-FE54-447F-B5ED-6091733AB22F}"= C:\WINDOWS\system32\ssqnlkk.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^boîte à outils.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^MP3 Dancer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Rapidown.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 20:33 57344 --a------ C:\Program Files\Adobe\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-08-03 11:51 202024 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD] K:\Logiciel\AnyDVD\ElbyCheck.exe /L AnyDVD [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 01:41 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-08-04 09:29 1056552 --a------ K:\Mes documents\nero 8\Nero 8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-02 18:36 267048 --a------ K:\Mes documents\Ma musique\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2006-07-08 00:14 576320 --a------ C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\jkkji.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 08:25 1828136 --a------ K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2007-06-28 22:01 2512128 --a------ C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-08-04 09:30 2043688 --a------ K:\Mes documents\nero 8\Nero 8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2002-10-11 18:26 98304 --a------ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ K:\Logiciel\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe -s R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-01 16:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-28 16:16:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - K:\Mes documents\tune up 2007\SystemOptimizer.exe "2008-01-05 08:45:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 13:55:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-05 13:56:35 ComboFix-quarantined-files.txt 2008-01-05 12:56:18 ComboFix2.txt 2008-01-05 09:30:55 . 2008-01-05 08:12:09 --- E O F ---

Bonjour, tout d'abord, un grand merci de prendre de votre temps pour m'aider.Il est vrai que je suis peut être aller loin dans mes propos.Mais avouer que les votre n'etait pas non plus des plus agréables.Surtout que je ne suis pas quelqu'un qui pirate a tout va, pour preuve j'ai acheter norton que j'ai payé pendant 4 années jusqu'a se qu'ont me disent de changer ( sur zebulon ) pour antivir , que je ne regrette absolument pas entre parenthèse.Il est vrai que j'ai cracké windows , car j'estime qu'apprêt avoir acheter mon pc ( avec windows xp) chez un commercant avec pignon sur rue.Il était aberrant que ce soit a l'acheteur de payé ( l'utilisation abusive de windows) pour le commercant.Et là quand genius me réclamais plus de 140€ pour validé mon windows je suis retourné chez le vendeur qui a prétendu ne rien pouvoir faire !!! Enfin bon , ceci n'est pas le sujet.Voici donc les deux rapport , pour le premier ????je ne sais pas si c'est valable mais c'est tout ce qu'il me donne peut être que j'ai manqué quelque chose ?je l'ai recommancé deux fois. Ran on sam. 05/01/2008 - 10:21:28,29 Entries: 0 (0) Directories: 0 Files: 0 Bytes: 0 Blocks: 0 le deuxième; ComboFix 08-01-04.1 - T-danny6 2008-01-05 10:26:16.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.171 [GMT 1:00] Running from: C:\Documents and Settings\T-danny6\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\T-danny6\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\ssqnlkk.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))))))) . 2008-01-05 09:32 . 2008-01-05 09:32 <REP> d-------- C:\Program Files\Avira 2008-01-05 01:08 . 2008-01-05 01:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 20:39 . 2008-01-04 20:39 17 --a------ C:\MAINMSG.DAT 2008-01-04 20:39 . 2008-01-04 20:39 12 --a------ C:\DISKFREE.DAT 2008-01-04 20:39 . 2008-01-04 20:39 1 --a------ C:\PROGRES.DAT 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\WINDOWS\$tmp$.tm$ 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\$tmp$.tm$ 2008-01-04 14:51 . 2008-01-04 14:51 4,724 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-01-04 14:49 . 2008-01-04 15:01 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-04 14:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-04 12:35 . 2008-01-04 12:35 6,656 --ahs---- C:\Thumbs.db 2008-01-04 00:03 . 2008-01-05 01:20 <REP> d-------- C:\Program Files\Panda Security 2007-12-11 07:43 . 2007-12-11 07:43 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\vlc 2007-12-11 07:42 . 2007-12-11 07:42 <REP> d-------- C:\Program Files\VideoLAN 2007-12-10 13:27 . 2007-12-10 13:27 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\TomTom 2007-12-10 13:26 . 2007-12-10 13:27 <REP> d-------- C:\Program Files\TomTom HOME 2 2007-12-09 10:39 . 2008-01-05 10:21 <REP> d-------- C:\Program Files\Microsoft IntelliPoint 2007-12-07 12:59 . 2007-12-07 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-12-07 12:54 . 2007-12-09 10:38 <REP> d-------- C:\Program Files\Windows Live Toolbar . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 08:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-01-04 21:09 51,368 ----a-w C:\Documents and Settings\T-danny6\Application Data\GDIPFONTCACHEV1.DAT 2008-01-04 19:48 --------- d-----w C:\Program Files\IncrediMail 2008-01-02 11:52 --------- d-----w C:\Program Files\ma-config(2).com 2008-01-02 11:36 --------- d-----w C:\Program Files\QuickTime 2008-01-02 11:15 --------- d-----w C:\Program Files\Windows Defender 2007-12-31 03:17 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Vso 2007-12-28 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-11 14:16 --------- d-----w C:\Program Files\Picasa2 2007-12-10 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-09 15:14 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Image Zone Express 2007-12-09 09:39 --------- d-----w C:\Program Files\Microsoft IntelliPoint(2) 2007-12-09 09:39 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\ma-config(2).com 2007-11-29 20:59 --------- d-----w C:\Program Files\HP 2007-11-29 20:59 --------- d-----w C:\Program Files\Fichiers communs\HP 2007-11-29 20:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Printer Info Cache 2007-11-15 23:28 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-15 23:28 --------- d-----w C:\Program Files\PS6tryFra 2007-11-15 23:28 --------- d-----w C:\Program Files\PowerArchiver 2007-11-15 23:28 --------- d-----w C:\Program Files\DivX 2007-11-13 16:26 --------- d-----w C:\Program Files\iPod 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-05 15:41 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 14:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\MSN6 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-12 14:17 254,604 ----a-w C:\clean.cmd 2007-10-11 08:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll 2007-10-11 08:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe 2007-10-11 08:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll 2007-10-10 06:11 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll 2007-10-09 12:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2007-10-09 12:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll 2007-10-09 12:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll 2007-10-09 12:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2007-10-09 12:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2007-10-09 12:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2007-10-09 12:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2007-10-09 12:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll 2007-10-09 11:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe 2007-08-02 14:18 47,360 ----a-w C:\Documents and Settings\T-danny6\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot@2008-01-05_ 0.30.54.34 ))))))))))))))))))))))))))))))))))))))))) . - 2006-07-05 10:56:38 1,049,088 -c----w C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll + 2006-07-05 10:56:38 1,049,088 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\kernel32.dll + 2005-10-12 23:15:26 216,800 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\spuninst\spuninst.exe + 2005-10-12 23:15:45 394,976 -c----w C:\WINDOWS\$NtUninstallKB935839_0$\spuninst\updspapi.dll + 2007-08-21 13:37:26 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\ascstubie.dll + 2007-07-18 13:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll - 2007-04-16 15:53:11 1,049,600 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll + 2007-04-16 16:11:08 1,051,136 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll - 2008-01-04 19:46:11 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2008-01-05 08:34:08 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys - 2007-04-16 15:53:11 1,049,600 ----a-w C:\WINDOWS\system32\kernel32.dll + 2007-04-16 16:11:08 1,051,136 ----a-w C:\WINDOWS\system32\kernel32.dll - 2006-09-25 16:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2006-12-10 13:10:04 15,664 ------w C:\WINDOWS\system32\spmsg.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3560D22C-8860-4214-84C4-C891D64F65A5}] C:\WINDOWS\system32\jkkji.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90A22E29-FE54-447F-B5ED-6091733AB22F}] C:\WINDOWS\system32\ssqnlkk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-08-03 17:49 188459] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 14:19 4640768] "nwiz"="nwiz.exe" [2003-05-02 14:19 323584 C:\WINDOWS\system32\nwiz.exe] "!AVG Anti-Spyware"="K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-05 09:34 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{90A22E29-FE54-447F-B5ED-6091733AB22F}"= C:\WINDOWS\system32\ssqnlkk.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^boîte à outils.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^MP3 Dancer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Rapidown.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 20:33 57344 --a------ C:\Program Files\Adobe\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-08-03 11:51 202024 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD] K:\Logiciel\AnyDVD\ElbyCheck.exe /L AnyDVD [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 01:41 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-08-04 09:29 1056552 --a------ K:\Mes documents\nero 8\Nero 8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-02 18:36 267048 --a------ K:\Mes documents\Ma musique\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2006-07-08 00:14 576320 --a------ C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\jkkji.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 08:25 1828136 --a------ K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2007-06-28 22:01 2512128 --a------ C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-08-04 09:30 2043688 --a------ K:\Mes documents\nero 8\Nero 8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2002-10-11 18:26 98304 --a------ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ K:\Logiciel\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe -s R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-01 16:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-28 16:16:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - K:\Mes documents\tune up 2007\SystemOptimizer.exe "2008-01-05 08:45:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 10:29:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-05 10:30:54 ComboFix-quarantined-files.txt 2008-01-05 09:30:28 . 2008-01-05 08:12:09 --- E O F --- voila encore merci.

Voici le rapport combo fix; ComboFix 08-01-04.1 - T-danny6 2008-01-05 0:20:59.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.182 [GMT 1:00] Running from: C:\Documents and Settings\T-danny6\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\T-danny6\Application Data\inst.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))))))) . 2008-01-05 00:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 20:57 . 2008-01-04 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-01-04 20:44 . 2008-01-04 20:44 <REP> d-------- C:\Program Files\Avira 2008-01-04 20:39 . 2008-01-04 20:39 17 --a------ C:\MAINMSG.DAT 2008-01-04 20:39 . 2008-01-04 20:39 12 --a------ C:\DISKFREE.DAT 2008-01-04 20:39 . 2008-01-04 20:39 1 --a------ C:\PROGRES.DAT 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\WINDOWS\$tmp$.tm$ 2008-01-04 20:38 . 2008-01-04 20:38 8 --a------ C:\$tmp$.tm$ 2008-01-04 14:51 . 2008-01-04 14:51 4,724 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP 2008-01-04 14:49 . 2008-01-04 15:01 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-04 14:48 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-04 12:35 . 2008-01-04 12:35 6,656 --ahs---- C:\Thumbs.db 2008-01-04 00:03 . 2008-01-04 15:44 <REP> d-------- C:\Program Files\Panda Security 2007-12-11 07:43 . 2007-12-11 07:43 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\vlc 2007-12-11 07:42 . 2007-12-11 07:42 <REP> d-------- C:\Program Files\VideoLAN 2007-12-10 13:27 . 2007-12-10 13:27 <REP> d-------- C:\Documents and Settings\T-danny6\Application Data\TomTom 2007-12-10 13:26 . 2007-12-10 13:27 <REP> d-------- C:\Program Files\TomTom HOME 2 2007-12-09 10:39 . 2008-01-04 21:57 <REP> d-------- C:\Program Files\Microsoft IntelliPoint 2007-12-07 12:59 . 2007-12-07 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-12-07 12:54 . 2007-12-09 10:38 <REP> d-------- C:\Program Files\Windows Live Toolbar . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 21:09 51,368 ----a-w C:\Documents and Settings\T-danny6\Application Data\GDIPFONTCACHEV1.DAT 2008-01-04 19:48 --------- d-----w C:\Program Files\IncrediMail 2008-01-04 12:48 160,768 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe 2008-01-04 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-01-02 11:52 --------- d-----w C:\Program Files\ma-config(2).com 2008-01-02 11:36 --------- d-----w C:\Program Files\QuickTime 2008-01-02 11:15 --------- d-----w C:\Program Files\Windows Defender 2007-12-31 03:17 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Vso 2007-12-28 08:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2007-12-11 14:16 --------- d-----w C:\Program Files\Picasa2 2007-12-10 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-09 15:14 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Image Zone Express 2007-12-09 09:39 --------- d-----w C:\Program Files\Microsoft IntelliPoint(2) 2007-12-09 09:39 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\ma-config(2).com 2007-11-29 20:59 --------- d-----w C:\Program Files\HP 2007-11-29 20:59 --------- d-----w C:\Program Files\Fichiers communs\HP 2007-11-29 20:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\Printer Info Cache 2007-11-15 23:28 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-15 23:28 --------- d-----w C:\Program Files\PS6tryFra 2007-11-15 23:28 --------- d-----w C:\Program Files\PowerArchiver 2007-11-15 23:28 --------- d-----w C:\Program Files\DivX 2007-11-13 16:26 --------- d-----w C:\Program Files\iPod 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-05 15:41 --------- d-----w C:\Program Files\MSN Messenger 2007-11-05 14:59 --------- d-----w C:\Documents and Settings\T-danny6\Application Data\MSN6 2007-10-12 14:17 254,604 ----a-w C:\clean.cmd 2007-10-10 06:11 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll 2007-08-02 14:18 47,360 ----a-w C:\Documents and Settings\T-danny6\Application Data\pcouffin.sys . <pre> ----a-w 600,896 2008-01-03 22:00:52 C:\Program Files\Microsoft IntelliPoint\ipoint .exe ----a-w 160,768 2008-01-04 12:48:44 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe </pre> ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3560D22C-8860-4214-84C4-C891D64F65A5}] C:\WINDOWS\system32\jkkji.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90A22E29-FE54-447F-B5ED-6091733AB22F}] C:\WINDOWS\system32\ssqnlkk.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-08-03 17:49 188459] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 14:19 4640768] "nwiz"="nwiz.exe" [2003-05-02 14:19 323584 C:\WINDOWS\system32\nwiz.exe] "!AVG Anti-Spyware"="K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-04 20:46 249896] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 00:15 600896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{90A22E29-FE54-447F-B5ED-6091733AB22F}"= C:\WINDOWS\system32\ssqnlkk.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^boîte à outils.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^MP3 Dancer.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Rapidown.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^TomTom HOME.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T-danny6^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 20:33 57344 --a------ C:\Program Files\Adobe\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-08-03 11:51 202024 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] 2002-10-07 00:23 90112 --a------ C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD] K:\Logiciel\AnyDVD\ElbyCheck.exe /L AnyDVD [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 01:41 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-08-04 09:29 1056552 --a------ K:\Mes documents\nero 8\Nero 8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2006-07-08 00:15 600896 --a------ C:\Program Files\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2007-11-02 18:36 267048 --a------ K:\Mes documents\Ma musique\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype] 2006-07-08 00:14 576320 --a------ C:\Program Files\Microsoft IntelliType Pro\itype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\system32\jkkji.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] 2007-08-08 08:25 1828136 --a------ K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 14:57 153136 --a------ C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2007-06-28 22:01 2512128 --a------ C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] 2007-10-23 22:18 443968 --a------ C:\Program Files\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-08-04 09:30 2043688 --a------ K:\Mes documents\nero 8\Nero 8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 --a------ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2002-10-11 18:26 98304 --a------ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-07-12 03:00 132496 --a------ K:\Logiciel\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe -s R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 00:10] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-01 16:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-28 16:16:24 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - K:\Mes documents\tune up 2007\SystemOptimizer.exe "2008-01-04 23:29:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 00:27:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-05 0:31:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-04 23:31:28 . 2008-01-03 19:59:56 --- E O F ---

Pour repondre a ceci ; (Tu as attrapé une infection à la mode ^^; mais comment vous faites pour choper des merdes pareilles......... DL de Cracks à 2 balles....) Sache que oui , j'ai utilisé des crack ( a 2 balles ) et j'en utilise toujours.Dsl de ne pas être une petite bourgeoise orgueilleuse, vaniteuse et capitaliste pouvant ce payé tous les logiciel ,programmes et exploitation. Sache egalement que si la patience pour l'entraide ( pour ce genre de niark )n'est pas ton fort , rien ne t'obligais de t'y attarder et ainsi perdre de ton précieux temps. Et enfin pour finir, je ne vais pas formater , car ce n'es pas ma politique de formater sur les conseil de n'importe qui !! mais plutôt d'essayé de monopoliser des personnes qui sont là pour vraiment aidé sans ce prendre pour le centre de la terre.Tout sa en utilisant mon '' ustensile'' en continuant de faire n'inporte quoi !!!!! Voila tout étant dit, si une personne est prête a prendre un peux de sont temps ( sans vouloir jouer a l'arriviste)pour m'aider. J'ai recommencer la desinfection en mode sans échec avec antivir ( que j'ai désinstalé aprés le scan )qui avais retrouvé les virus, j'ai passé avg anti - spyware et clean cmd. J'ai relancé et là antivir ne m'a plus ouvert de page avec le virus détecter ni avg. Je poste les deux scan ,comment être sûr que tout est bien nettoyer. Merci de votre aide VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 15:03:44 4/01/2008 Listing files found while scanning.... VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 15:48:52 4/01/2008 Listing files found while scanning.... C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\WINDOWS\system32\ijkkj.ini C:\WINDOWS\system32\ijkkj.ini2 C:\WINDOWS\system32\jkkji.dll C:\WINDOWS\system32\jkkji.exe Beginning removal... Attempting to delete C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ijkkj.ini C:\WINDOWS\system32\ijkkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\ijkkj.ini2 C:\WINDOWS\system32\ijkkj.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\jkkji.dll C:\WINDOWS\system32\jkkji.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jkkji.exe C:\WINDOWS\system32\jkkji.exe Has been deleted! Performing Repairs to the registry. Done! et AntiVir PersonalEdition Classic Report file date: vendredi 4 janvier 2008 19:01 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: T-danny6 Computer name: TDANNY6 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: K:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: vendredi 4 janvier 2008 19:01 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'K:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '13' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'K:\' <Sauvegarde> K:\Logiciel\xp_pro_en_xp_pro_original.rar [0] Archive type: RAR --> 02_Change_WinXP_Key\Change WinXP Key.exe [DETECTION] Contains detection pattern of the SPR/RAS.A program [1] Archive type: RAR SFX (self extracting) --> findkey.exe [DETECTION] Contains detection pattern of the SPR/XP.Keyfinder program --> xpkey.exe [DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.2 program --> officekey.exe [DETECTION] Contains detection pattern of the SPR/PSW.RAS.A.3 program [iNFO] The file was moved to '47dd8115.qua'! End of the scan: vendredi 4 janvier 2008 20:09 Used time: 1:08:35 min The scan has been done completely. 7988 Scanning directories 220163 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 220159 Files not concerned 1948 Archives were scanned 6 Warnings 11 Notes

Un petit up pour faire remonter mon problème. Meci pour votre aide. Toujour ces virus sur le pc ,il faut que je désinstal antivir et réinstal pour pouvoir avoir l'icone dans la barre de lancement. De temps en temps je n'ai plus aucune icone sur l'ecran , il faut que je reboute et là au redémarage plus de antivir(l'icone du lancement ).Si je vais dans program file il est toujour la mais je n'arrive plus a le redémarré. J'ai maintenant également la même chose avec ma messagerie !!!a chaque redémarrage avg anti-spyware me détecte drop agent malgré les scan et toutes les actions pour le supprimé. A l'aide svp

Bonjour, tout d'abord merci pour votre aide. Antivir detecte toujour les virus au relancement du pc il indique ceci; Tr/drop.agent.gmf c:/vindows/systeme32/ssqnlkk.dll Tr/drop.agent.dgo.8 c:/windows/systeme32/jkkji.exe Tr/drop.agent.dgo.8 c:/documents and settings/tdanny6/local setting/temp voici le rapport du scan antivir en mode sans echec avant le relancement; AntiVir PersonalEdition Classic Report file date: vendredi 4 janvier 2008 11:24 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: T-danny6 Computer name: TDANNY6 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: K:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 4 janvier 2008 11:24 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'K:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '13' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'K:\' <Sauvegarde> End of the scan: vendredi 4 janvier 2008 12:30 Used time: 1:06:14 min The scan has been done completely. 8663 Scanning directories 220859 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 220859 Files not concerned 1965 Archives were scanned 6 Warnings 11 Notes Et voici celui de vundofix ; VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 10:36:09 4/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\ssqnlkk.dll C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ssttu.exe C:\windows\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 Beginning removal... Attempting to delete C:\WINDOWS\system32\ssqnlkk.dll C:\WINDOWS\system32\ssqnlkk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ssttu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssttu.exe C:\WINDOWS\system32\ssttu.exe Has been deleted! Attempting to delete C:\windows\system32\uttss.ini C:\windows\system32\uttss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\uttss.ini2 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\ssqnlkk.dll C:\WINDOWS\system32\ssqnlkk.dll Could not be deleted. Performing Repairs to the registry. Done! Merci beaucoup pour votre aide.

ben non il ne l'a pas supprimé , mais merci quand même de ton intérêt. Reste plus qu'a attendre les pro du nettoyage car là sa craint . Merci

Re, j'ai réussi a instalé antivir mais il ne faut pas que je redémare le pc. J'ai fait un scan et voici le rapport; ntiVir PersonalEdition Classic Report file date: jeudi 3 janvier 2008 22:01 Scanning for 1000067 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: TDANNY6 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:46:49 ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 20:46:49 ANTIVIR3.VDF : 7.0.1.191 84480 Bytes 03/01/2008 20:46:49 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 03/01/2008 20:46:50 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 03/01/2008 20:46:50 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: K:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 3 janvier 2008 22:01 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'oodag.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'ipoint .exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'ipoint.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'K:\' [NOTE] No virus was found! Starting to scan the registry. C:\WINDOWS\system32\ssttu.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21 [iNFO] The file was moved to '47f14df0.qua'! C:\WINDOWS\system32\ssttu.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21 The registry was scanned ( '15' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP626\A0231926.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21 [iNFO] The file was moved to '47af50ce.qua'! C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP627\A0232029.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21 [iNFO] The file was moved to '47af50d3.qua'! C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP628\A0232038.exe [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21 [iNFO] The file was moved to '47af50d4.qua'! Begin scan in 'K:\' <Sauvegarde> End of the scan: jeudi 3 janvier 2008 22:35 Used time: 33:20 min The scan has been done completely. 8984 Scanning directories 227574 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 227570 Files not concerned 1984 Archives were scanned 6 Warnings 11 Notes

Bonjour, d'abord bonne année 2008 a toutes et tous. Voila j'ai un problème avec un virus (TR/DROP.AGENT.DGO.21) il me met carrement le souk dans le pc. Il arrive même a me supprimé ou bloqué antivir me bloque m'a boîte de messagerie. Quelqu'un pourrais t'il m'aidé SVP,SVP,SVP Je ne sais pas si je fais bien mais je joint un rapport hijacktis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39:54, on 3/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe K:\Mes documents\avg\AVG Anti-Spyware 7.5\guard.exe K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe K:\Mes documents\nero 8\Nero 8\InCD\InCDsrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft IntelliPoint\ipoint .exe K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttu.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "K:\Mes documents\avg\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://belgacom.extrafilm.be/ImageUploader4.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - K:\Mes documents\avg\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - K:\Mes documents\nero 8\Nero 8\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - K:\Mes documents\nero 8\Nero 8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - (no file)

Ok, ben un grand merci , sa a été un plaisir pour moi. Je ne vais pas dire a bientôt ,car ce n'es pas ce que je souhaite, mais pour d'autre choses qui sais ? Bonne continuation et merci de ton aide. @ Danny.

voici le second rapport ; AntiVir PersonalEdition Classic Report file date: vendredi 12 octobre 2007 15:19 Scanning for 877925 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: TDANNY6 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 12:03:34 ANTIVIR3.VDF : 7.0.0.82 156160 Bytes 12/10/2007 12:03:34 AVEWIN32.DLL : 7.6.0.23 2753024 Bytes 12/10/2007 12:03:35 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: K:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Use file extension list Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 12 octobre 2007 15:19 Starting search for hidden objects. '43956' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'IMApp.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'oodag.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 32 processes with 32 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'K:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '14' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'K:\' <Sauvegarde> End of the scan: vendredi 12 octobre 2007 15:44 Used time: 25:12 min The scan has been done completely. 7796 Scanning directories 146219 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 146219 Files not concerned 1539 Archives were scanned 5 Warnings 2 Notes 43956 Objects were scanned with rootkit scan 0 Hidden objects were found

voila pour le point de restauration systéme c'est effectuer. mise en place de antivir a trouvé virus lors du scan voir rapport. comme anti spyware j'aurais voulu instalé (Antispyware Spyware terminator) en plus bon ou pas ??? ou avg anti spyware ??? Si une autre idée de protections qui peuve être rajouter ??? rapport; AntiVir PersonalEdition Classic Report file date: vendredi 12 octobre 2007 14:24 Scanning for 877925 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: TDANNY6 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 12:03:34 ANTIVIR3.VDF : 7.0.0.82 156160 Bytes 12/10/2007 12:03:34 AVEWIN32.DLL : 7.6.0.23 2753024 Bytes 12/10/2007 12:03:35 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: K:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Use file extension list Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 12 octobre 2007 14:24 Starting search for hidden objects. '45187' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'IMApp.exe' - '1' Module(s) have been scanned Scan process 'RocketDock.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'oodag.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'NBService.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 32 processes with 32 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'K:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '14' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP463\A0185925.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '474069f7.qua'! C:\System Volume Information\_restore{F1DDDDFC-8078-4595-9006-309EAE95844A}\RP463\A0185927.bat [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '474069fe.qua'! Begin scan in 'K:\' <Sauvegarde> End of the scan: vendredi 12 octobre 2007 14:55 Used time: 31:11 min The scan has been done completely. 8074 Scanning directories 150481 Files were scanned 1 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 150480 Files not concerned 1548 Archives were scanned 5 Warnings 2 Notes 45187 Objects were scanned with rootkit scan 0 Hidden objects were found

Bonjour, oui je crois avoir tout désinstalé ?? c'est déjà beaucoup plus rapide qu'au paravent. Quel anti virus me conseil tu ?? Encore merci pour ton aide.

aidez moi SVP juste une réponce pour savoir si je peut remettre mon norton

up SVP

je peut remettre mon norton car je n'ai plus aucune sécurité ?

voici le rapport __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.2o7 Path: C:\Documents and Settings\T-danny6\Cookies\t-danny6@msnportal.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\T-danny6\Cookies\t-danny6@smartadserver[2].txt Risk: Medium

Désolé, voila; DiagHelp version v1.2 - http://www.malekal.com excute le jeu. 11/10/2007 à 15:01:16,98 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->11/10/2007 15:01:00 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->11/10/2007 15:00:56 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->11/10/2007 15:00:42 C:\WINDOWS\prefetch\MSMSGS.EXE-2B6052DE.pf -->11/10/2007 15:00:32 C:\WINDOWS\prefetch\Layout.ini -->11/10/2007 14:58:04 C:\WINDOWS\prefetch\_IU14D2N.TMP-08659686.pf -->11/10/2007 14:42:32 C:\WINDOWS\prefetch\UNINS000.EXE-29B928A1.pf -->11/10/2007 14:42:28 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->11/10/2007 14:41:55 C:\WINDOWS\prefetch\RUNDLL32.EXE-4489B61B.pf -->11/10/2007 14:41:54 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->11/10/2007 14:40:19 C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf -->5/09/2007 9:26:12 C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -->5/09/2007 9:26:07 C:\WINDOWS\System32\drivers\imagesrv.sys -->8/08/2007 9:33:40 C:\WINDOWS\System32\drivers\imagedrv.sys -->8/08/2007 9:33:38 C:\WINDOWS\System32\drivers\InCDRm.sys -->4/08/2007 10:30:12 C:\WINDOWS\System32\drivers\InCDrec.sys -->4/08/2007 10:30:12 C:\WINDOWS\System32\drivers\InCDPass.sys -->4/08/2007 10:30:12 C:\WINDOWS\System32\oodbs.lor -->11/10/2007 11:37:16 C:\WINDOWS\System32\wpa.dbl -->8/10/2007 17:17:10 C:\WINDOWS\System32\initdebug.nfo -->3/10/2007 17:55:28 C:\WINDOWS\System32\CmdLineExt.dll -->28/09/2007 8:38:32 C:\WINDOWS\System32\MRT.exe -->28/09/2007 7:19:39 C:\WINDOWS\System32\advpack.dll.mui -->26/09/2007 18:30:50 C:\WINDOWS\System32\FNTCACHE.DAT -->19/09/2007 8:53:08 C:\WINDOWS\System32\uxtheme.dll -->19/09/2007 8:23:14 C:\WINDOWS\System32\PerfStringBackup.INI -->18/09/2007 17:24:45 C:\WINDOWS\System32\TZLog.log -->18/09/2007 17:14:48 C:\WINDOWS\System32\spupdwxp.log -->18/09/2007 9:18:16 C:\WINDOWS\System32\inetcomm.dll -->21/08/2007 8:17:23 C:\WINDOWS\System32\wininet.dll -->20/08/2007 11:59:31 C:\WINDOWS\System32\webcheck.dll -->20/08/2007 11:59:31 C:\WINDOWS\System32\urlmon.dll -->20/08/2007 11:59:31 C:\WINDOWS\System32\url.dll -->20/08/2007 11:59:31 C:\WINDOWS\System32\occache.dll -->20/08/2007 11:59:31 C:\WINDOWS\System32\mstime.dll -->20/08/2007 11:59:30 C:\WINDOWS\System32\msrating.dll -->20/08/2007 11:59:30 C:\WINDOWS\System32\mshtmled.dll -->20/08/2007 11:59:30 C:\WINDOWS\System32\mshtml.dll -->20/08/2007 11:59:30 C:\WINDOWS\System32\msfeedsbs.dll -->20/08/2007 11:59:30 C:\WINDOWS\System32\msfeeds.dll -->20/08/2007 11:59:30 C:\WINDOWS\System32\jsproxy.dll -->20/08/2007 11:59:30 C:\WINDOWS\System32\inetcpl.cpl -->20/08/2007 11:59:30 C:\WINDOWS\WindowsUpdate.log -->11/10/2007 14:43:08 C:\WINDOWS.log -->11/10/2007 11:37:50 C:\WINDOWS\wiadebug.log -->11/10/2007 11:37:49 C:\WINDOWS\wiaservc.log -->11/10/2007 11:37:46 C:\WINDOWS\bootstat.dat -->11/10/2007 11:37:23 C:\WINDOWS\ntbtlog.txt -->11/10/2007 11:29:33 C:\WINDOWS\SchedLgU.Txt -->11/10/2007 11:27:48 C:\WINDOWS\setupapi.log -->10/10/2007 15:34:28 C:\WINDOWS\win.ini -->10/10/2007 13:26:19 C:\WINDOWS\system.ini -->10/10/2007 13:26:19 C:\WINDOWS\NeroDigital.ini -->10/10/2007 10:38:15 C:\WINDOWS\spupdsvc.log -->10/10/2007 7:54:52 C:\WINDOWS\tsoc.log -->10/10/2007 7:40:40 C:\WINDOWS\tabletoc.log -->10/10/2007 7:40:40 C:\WINDOWS\ocmsn.log -->10/10/2007 7:40:40 MD5 des fichiers sensibles tcpip.sys 1dbf125862891817f374f407626967f4 ndis.sys 558635d3af1c7546d26067d5d9b6959e null.sys 73c1e1f395918bc2c6dd67af7591a3ad svchost.exe 2979b03d5382a602623c0535b16ab9c0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D40A-6B8D Répertoire de C:\WINDOWS\system 23/12/1997 03:23 4.672 wowpost.exe 1 fichier(s) 4.672 octets 0 Rép(s) 6.283.829.248 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D40A-6B8D Répertoire de C:\WINDOWS\system32 20/08/2004 01:09 6.144 csrss.exe 1 fichier(s) 6.144 octets 0 Rép(s) 6.283.816.960 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D40A-6B8D Répertoire de C:\WINDOWS\system32 02/05/2003 15:19 1.323.008 dmcpl.exe 1 fichier(s) 1.323.008 octets 0 Rép(s) 6.283.816.960 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D40A-6B8D Répertoire de C:\WINDOWS\Downloaded Program Files 10/10/2007 15:33 <REP> . 10/10/2007 15:33 <REP> .. 0 fichier(s) 0 octets Total des fichiers listés : 0 fichier(s) 0 octets 2 Rép(s) 6.283.816.960 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic" "C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic" "K:\\Mes documents\\Ma musique\\iTunes.exe"="K:\\Mes documents\\Ma musique\\iTunes.exe:*:Enabled:iTunes" "K:\\Mes documents\\eMule\\eMule\\emule.exe"="K:\\Mes documents\\eMule\\eMule\\emule.exe:*:Enabled:eMuleMorphXT" "K:\\Mes documents\\utorrent\\utorrent.exe"="K:\\Mes documents\\utorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 15:01:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG10.00.00.01WORKSTATION"="DB691E6A84C301366CA8728B4E45A94E99A78E4BB0B33AB4A2E0774BA675F341A278B7726FF4A07FB6EF5EE8140FBF31E0DACE28BC19FAE64E2AE198516E6E25D90AD742701B451B6E45968436851C69B5C8BAEE4D37C07A0CA7F896D32DB2E456B6CD8B1138046599BA00517A73F9E4E69E6B7185450B8D9ABCA919CE6EA5F16640FCC50EB3C6432F8A11075A89E698BB2C8E4A3CD92E462BF477B897D6FE4146095C2B5AD94C991C0FD72185DB47FBEBE764D37E74D1CCE3FD77D3B5E9CACE2A9676B81AD825D3BFC8F35D5D63500AA56BC22E8AF4F1CE5E29D40BE594EB9539156BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794FEBC9E127BECC74C8EDD5E5BE2F6E667E3F10BFB2DAD466E9E4D9FFAEEB97CD1AFAA352F844DA87D6754275726C4147A16B24572A746FDF6E1331DC4580B397AB97C6731FD7ED5E452F072E0D62A593FB506A73C39EE8EDBE1E6A0332D955A47F4E7C256AEABAA08ED4F77C06D2A6DB0FBE56ECB24F99FBF595BED9D02BA604E3CFD34FB9EDEA312573DEDF97F1FE7AF657BB6EB32AD8058443A2AB2F04AF33B2E0489D3D619E0C46D3BEBE2A9D47EB130A800353144A270E45E60F1170D5ECBAC7477E2E64F27F15282ED258C8C1140E17E30196FEA9D66C05B7E3017BE1056DB7B958461E7DB04ED7C55C04BFB1F77C2C611D943C4292C1F72D816958E9BBF29FADCE4DC3F0D766AC766090D4BCC8ADE7C501285E6A4C70E1E23A13D1D3604C089308674A6EA5AB83749A3FD1864BC064E00AA925B10545F0A78A2BB833D3214EFD03F46E048D20B508A0CCC72D268CC2093E54A2114FEA71759BD414CAE6E5B2B663875261C9958CE1A91AEE0A7F98A0966D511A9F88B405A256C04F62D6F10EC7C70272384F8DA9FCCD4D95B19745CD5B361515A2C4E461BA4FABF757F00EE9B82B808F6405293E7DA4E0BCF7F6BA2851F47768EC0331B56010BAE2F117FFB504CB6C636331A457B6048029ED709004AAD147193EB3863BD488F95FEEF637C5991E414696558F5E6DE62819CC20A5E0DC62F37AA086E87B46E52383551AEFAB5EB10270A82297267398ED19285C068E93ACC3F8A92FD3653C8F0DF938880451DDBDBBB8CDABDC76FB913BDBE89910FAE38FA08DDAD20E066915BDBD013076D7945BB10D062D84BA60B8B16515A7506E0569711421FA2BAEFE7567D998F044A66EE7B6631305493E6BEE62DEEAAF946B68ED85FC9D0E8BEA2CD7A990C3F50F4B684B70678011B7ABE48E75C324DC00B9B3DC4F979516929E829B48A3B8B57CBF09462B86734AD21F001A47EA6BC7F55AEA4B7EF4D512CFA5D45462D2DFC1872CB94414EB24F2268F3A308F24D94FEE8456961513127D2FA5150C3E3" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 276 - explorer.exe 348 - AppleMobileDevi 400 - GoogleUpdaterSe 460 - HDDTSvc.exe 520 - csrss.exe 548 - winlogon.exe 592 - services.exe 604 - lsass.exe 640 - mdm.exe 756 - svchost.exe 832 - svchost.exe 860 - ipoint.exe 880 - Navapsvc.exe 904 - svchost.exe 944 - svchost.exe 1052 - svchost.exe 1284 - nvsvc32.exe 1420 - cmd.exe 1424 - oodag.exe 1472 - HPZipm12.exe 1492 - ctfmon.exe 1704 - ccApp.exe 1736 - RocketDock.exe 1760 - GoogleToolbarNo 1920 - IMApp.exe 2080 - pando.exe 2660 - alg.exe 3000 - svchost.exe 3744 - msmsgs.exe 3916 - iexplore.exe Total number of processes = 31 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F8A35000 - \WINDOWS\system32\KDCOM.DLL F8945000 - \WINDOWS\system32\BOOTVID.dll F84E5000 - ACPI.sys F8A37000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F84D4000 - pci.sys F8535000 - isapnp.sys F8AFD000 - pciide.sys F87B5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F8545000 - MountMgr.sys F84B5000 - ftdisk.sys F8A39000 - dmload.sys F848F000 - dmio.sys F87BD000 - PartMgr.sys F8555000 - VolSnap.sys F8477000 - atapi.sys F8565000 - disk.sys F8575000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F8457000 - fltmgr.sys F8445000 - sr.sys F8585000 - PxHelp20.sys F842E000 - KSecDD.sys F83A1000 - Ntfs.sys F8374000 - NDIS.sys F8595000 - sisagp.sys F8359000 - Mup.sys F8705000 - \SystemRoot\System32\DRIVERS\intelppm.sys F81DF000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys F81CB000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F885D000 - \SystemRoot\System32\DRIVERS\fdc.sys F81B7000 - \SystemRoot\System32\DRIVERS\parport.sys F81A6000 - \SystemRoot\System32\DRIVERS\serial.sys F8A11000 - \SystemRoot\System32\DRIVERS\serenum.sys F8A15000 - \SystemRoot\System32\DRIVERS\gameenum.sys F8715000 - \SystemRoot\System32\DRIVERS\imapi.sys F8865000 - \SystemRoot\System32\Drivers\AnyDVD.sys F8725000 - \SystemRoot\System32\Drivers\AFS2K.SYS F8735000 - \SystemRoot\System32\DRIVERS\cdrom.sys F8745000 - \SystemRoot\System32\DRIVERS\redbook.sys F8183000 - \SystemRoot\System32\DRIVERS\ks.sys F886D000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F8755000 - \SystemRoot\system32\drivers\InCDPass.sys F8765000 - \SystemRoot\system32\drivers\InCDRm.sys F8100000 - \SystemRoot\system32\drivers\smwdm.sys F80DC000 - \SystemRoot\system32\drivers\portcls.sys F8785000 - \SystemRoot\system32\drivers\drmk.sys F8A91000 - \SystemRoot\system32\drivers\aeaudio.sys F8875000 - \SystemRoot\System32\DRIVERS\usbohci.sys F80B9000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F887D000 - \SystemRoot\System32\DRIVERS\usbehci.sys F8885000 - \SystemRoot\System32\DRIVERS\sisnic.sys F8B4D000 - \SystemRoot\System32\DRIVERS\audstub.sys F8795000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F8A31000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F80A2000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F87A5000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F85C5000 - \SystemRoot\System32\DRIVERS\raspptp.sys F888D000 - \SystemRoot\System32\DRIVERS\TDI.SYS F8069000 - \SystemRoot\System32\DRIVERS\psched.sys F85D5000 - \SystemRoot\System32\DRIVERS\msgpc.sys F8895000 - \SystemRoot\System32\DRIVERS\ptilink.sys F889D000 - \SystemRoot\System32\DRIVERS\raspti.sys F85E5000 - \SystemRoot\System32\Drivers\pcouffin.sys F7F98000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F85F5000 - \SystemRoot\System32\DRIVERS\termdd.sys F88A5000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F88AD000 - \SystemRoot\System32\DRIVERS\mouclass.sys F8A95000 - \SystemRoot\System32\DRIVERS\swenum.sys F7F3F000 - \SystemRoot\System32\DRIVERS\update.sys F831D000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F8605000 - \SystemRoot\System32\Drivers\NDProxy.SYS F88B5000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F8625000 - \SystemRoot\System32\DRIVERS\usbhub.sys F8AAB000 - \SystemRoot\System32\DRIVERS\USBD.SYS F8AAD000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8BAD000 - \SystemRoot\System32\Drivers\Null.SYS F8AAF000 - \SystemRoot\System32\Drivers\Beep.SYS F88C5000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F88CD000 - \SystemRoot\System32\drivers\vga.sys F8AB1000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8AB3000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F89ED000 - \SystemRoot\System32\Drivers\InCDrec.SYS EEDC9000 - \SystemRoot\system32\drivers\InCDFs.sys F88D5000 - \SystemRoot\System32\Drivers\Msfs.SYS F88DD000 - \SystemRoot\System32\Drivers\Npfs.SYS F89F1000 - \SystemRoot\System32\DRIVERS\rasacd.sys EEDB6000 - \SystemRoot\System32\DRIVERS\ipsec.sys EED5E000 - \SystemRoot\System32\DRIVERS\tcpip.sys EED36000 - \SystemRoot\System32\DRIVERS\netbt.sys EED14000 - \SystemRoot\System32\drivers\afd.sys F8635000 - \SystemRoot\System32\DRIVERS\netbios.sys EECE9000 - \SystemRoot\System32\DRIVERS\rdbss.sys F8C17000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS EEC52000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F8655000 - \SystemRoot\System32\Drivers\Fips.SYS EEC31000 - \SystemRoot\System32\DRIVERS\ipnat.sys F8665000 - \SystemRoot\System32\DRIVERS\wanarp.sys F8685000 - \SystemRoot\System32\Drivers\Cdfs.SYS F88F5000 - \SystemRoot\System32\DRIVERS\usbccgp.sys F88FD000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS F8092000 - \SystemRoot\System32\DRIVERS\hidusb.sys F8695000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS F808E000 - \SystemRoot\System32\DRIVERS\kbdhid.sys F8905000 - \SystemRoot\System32\DRIVERS\NuidFltr.sys F86A5000 - \SystemRoot\System32\DRIVERS\WDFLDR.SYS EEAEE000 - \SystemRoot\System32\DRIVERS\Wdf01000.sys F808A000 - \SystemRoot\System32\DRIVERS\mouhid.sys F890D000 - \SystemRoot\System32\DRIVERS\point32.sys F8082000 - \SystemRoot\System32\DRIVERS\usbscan.sys F891D000 - \SystemRoot\System32\DRIVERS\usbprint.sys F8925000 - \SystemRoot\System32\DRIVERS\HPZius12.sys F86B5000 - \SystemRoot\System32\DRIVERS\HPZid412.sys F807E000 - \SystemRoot\System32\DRIVERS\HPZipr12.sys EEAD6000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8ABD000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7F33000 - \SystemRoot\System32\drivers\Dxapi.sys F892D000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F8B27000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll EE69A000 - \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS EE751000 - \SystemRoot\System32\DRIVERS\ndisuio.sys EE47D000 - \SystemRoot\system32\drivers\wdmaud.sys EE7CD000 - \SystemRoot\system32\drivers\sysaudio.sys EE4A6000 - \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS EDE66000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F8ABB000 - \SystemRoot\System32\Drivers\ParVdm.SYS EDF97000 - \SystemRoot\System32\Drivers\Aspi32.SYS F8AC3000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys EDC5C000 - \SystemRoot\System32\DRIVERS\srv.sys EDA93000 - \??\C:\WINDOWS\System32\Drivers\SAVRTPEL.SYS ED7A6000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS ED793000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071010.023\NAVENG.Sys ED6C1000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071010.023\NavEx15.Sys ED680000 - \SystemRoot\System32\Drivers\HTTP.sys ED618000 - \??\C:\WINDOWS\System32\Drivers\SAVRT.SYS ED505000 - \SystemRoot\System32\Drivers\Fastfat.SYS B881D000 - \SystemRoot\system32\drivers\kmixer.sys F8B71000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 141 Liste des programmes installes Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 8.1.0 - Français Adobe® Photoshop® Album Edition Découverte 3.0 Advanced RAR Password Recovery (remove only) AiO_Scan_CDA AiOSoftwareNPI AnyDVD Apple Mobile Device Support Apple Software Update Archiveur WinRAR Ask Toolbar µTorrent BufferChm ConvertXtoDVD 2.2.3.258 Correctif pour Windows XP (KB914440) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Destinations Disque de souvenirs HP eBay Toolbar eMule eMulev0.48a.-MorphXTv10.3 Fax_CDA Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer HDD Temperature HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB915865) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photo and Imaging 2.0 - Photosmart Cameras HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant IncrediMail Xe InstantShareDevicesMFC InterVideo Installer IrfanView (remove only) iTunes IZArc 3.7 Java 6 Update 2 K-Lite Codec Pack 3.3.0 Full Kaspersky Online Scanner Language pack for Ad-Aware SE LClock Lecteur Windows Media 10 LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) Magentic MarketResearch MicroBest Cracklock 3.6 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft IntelliPoint 6.01 Microsoft IntelliType Pro 6.01 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional avec FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899589) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913433) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Module de compatibilité pour Microsoft Office System 2007 Mozilla Firefox (2.0.0.7) MSXML 4.0 SP2 (KB936181) Nero 8 NewCopy_CDA Norton AntiVirus 2003 NVIDIA Windows 2000/XP Display Drivers O&O Defrag Professional Edition Outil de mise à jour Google Pack Vista Inspirat 1.1 Pack Vista Inspirat 2 1.0 Package de base Microsoft de service de chiffrement pour cartes à puce Pando PartitionMagic Password Recovery Engine for Word (remove only) Picasa 2 PowerArchiver PowerDVD PowerQuest PartitionMagic 8.0 Demo ProductContextNPI QFolder QuickTime Rapidown 5.9 SE - http://www.rapidown.com.br Readme RealPlayer Registry Mechanic 7.0 Scan ScannerCopy SolutionCenter SoundMAX Spybot - Search & Destroy 1.4 Status Toolbox TrayApp Ulead Photo Express 3.0 SE USB Multimedia keyboard driver Ver1.02 WebFldrs XP WebReg WinAVI Video Converter 8.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows XP Service Pack 2 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D40A-6B8D Répertoire de C:\Program Files 11/10/2007 11:58 <REP> . 11/10/2007 11:58 <REP> .. 13/06/2007 11:56 <REP> Adobe 17/03/2007 18:37 <REP> Analog Devices 22/09/2007 18:47 <REP> Apple Software Update 10/10/2007 08:11 <REP> AskTBar 17/03/2007 18:03 <REP> ComPlus Applications 27/09/2007 16:51 <REP> Cracklock 18/03/2007 05:21 <REP> CyberLink 02/08/2007 16:41 <REP> DivX 19/03/2007 16:50 <REP> eBay 10/10/2007 09:17 <REP> Fichiers communs 11/08/2007 19:02 <REP> Google 31/05/2007 09:35 <REP> Hewlett-Packard 31/05/2007 09:28 <REP> HP 31/05/2007 09:20 <REP> hp deskjet 920c series 17/03/2007 19:50 <REP> IncrediMail 10/10/2007 07:54 <REP> Internet Explorer 18/03/2007 05:18 <REP> InterVideo 22/09/2007 18:52 <REP> iPod 10/10/2007 15:32 <REP> IrfanView 18/06/2007 13:16 <REP> IZArc 18/03/2007 06:19 <REP> KYE 18/03/2007 00:49 <REP> Lavasoft 18/03/2007 17:00 <REP> Magentic 18/09/2007 17:22 <REP> Messenger 17/03/2007 18:07 <REP> microsoft frontpage 11/08/2007 19:04 <REP> Microsoft IntelliPoint 11/08/2007 19:04 <REP> Microsoft IntelliType Pro 25/07/2007 12:29 <REP> Microsoft Office 17/03/2007 18:29 <REP> Microsoft Visual Studio 19/09/2007 08:24 <REP> Movie Maker 10/10/2007 15:32 <REP> Mozilla Firefox 25/07/2007 12:29 <REP> MSECache 18/03/2007 04:36 <REP> MSN 17/03/2007 18:02 <REP> MSN Gaming Zone 29/09/2007 23:38 <REP> MSN Messenger 18/09/2007 17:14 <REP> MSXML 4.0 11/10/2007 14:42 <REP> Navilog1 18/09/2007 08:00 <REP> NetMeeting 10/10/2007 15:32 <REP> Norton AntiVirus 19/09/2007 08:24 <REP> Outlook Express 02/08/2007 20:47 <REP> Pando Networks 28/09/2007 15:29 <REP> Picasa2 18/06/2007 13:20 <REP> PowerArchiver 17/03/2007 18:52 <REP> PowerQuest 18/03/2007 19:43 <REP> PS6tryFra 13/07/2007 08:15 <REP> QuickTime 18/03/2007 12:53 <REP> Real 17/03/2007 18:05 <REP> Services en ligne 11/08/2007 14:57 <REP> Spybot - Search & Destroy 17/03/2007 18:23 <REP> Symantec 10/08/2007 16:51 <REP> TomTom DesktopSuite 18/03/2007 19:56 <REP> Ulead Systems 02/08/2007 16:18 <REP> vso 09/10/2007 20:41 <REP> Windows Media Player 18/09/2007 08:00 <REP> Windows NT 10/10/2007 15:32 <REP> WinRAR 17/03/2007 18:07 <REP> xerox 0 fichier(s) 0 octets 59 Rép(s) 6.283.710.464 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D40A-6B8D Répertoire de C:\Program Files\fichiers communs 10/10/2007 09:17 <REP> . 10/10/2007 09:17 <REP> .. 15/06/2007 10:24 <REP> Adobe 22/09/2007 18:50 <REP> Apple 17/03/2007 18:29 <REP> Designer 31/05/2007 09:32 <REP> Hewlett-Packard 31/05/2007 09:35 <REP> HP 19/03/2007 16:49 <REP> InstallShield 20/07/2007 17:11 <REP> Java 25/07/2007 12:29 <REP> Microsoft Shared 17/03/2007 18:04 <REP> MSSoap 10/10/2007 09:20 <REP> Nero 17/03/2007 17:55 <REP> ODBC 18/03/2007 12:53 <REP> Real 17/03/2007 18:04 <REP> Services 17/03/2007 17:55 <REP> SpeechEngines 11/10/2007 11:37 <REP> Symantec Shared 18/09/2007 17:10 <REP> System 18/03/2007 17:44 <REP> Totem Shared 18/03/2007 12:53 <REP> xing shared 0 fichier(s) 0 octets 20 Rép(s) 6.283.710.464 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D40A-6B8D Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 17/04/2007 18:56 <REP> . 17/04/2007 18:56 <REP> .. 17/03/2007 18:29 <REP> 1033 17/04/2007 18:56 <REP> 1036 29/01/2004 16:08 1.277.952 MSONSEXT.DLL 13/02/2001 09:23 58.784 MSOSV.DLL 03/06/1999 15:09 122.937 MSOWS409.DLL 07/03/2001 10:00 127.033 MSOWS40c.DLL 06/08/2000 10:04 401.462 MSVCP60.DLL 29/01/2004 16:08 69.632 PKMAXCTL.DLL 29/01/2004 16:08 868.352 PKMCDO.DLL 29/01/2004 16:08 53.248 PKMCORE.DLL 29/01/2004 16:08 102.400 PKMFORMS.DLL 29/01/2004 16:38 634.880 PKMRES.DLL 29/01/2004 16:08 28.672 PKMSSTLB.DLL 22/01/2001 04:25 40.960 PKMTEMPL.DLL 29/01/2004 16:08 24.576 PKMTRACE.DLL 29/01/2004 16:08 86.016 PKMWS.DLL 29/01/2004 16:08 237.568 PROMDEMO.DLL 29/01/2004 16:08 184.320 SECMGR.DLL 29/01/2004 16:08 315.392 VAIDDMGR.DLL 29/01/2004 16:08 32.768 VAIMEM.DLL 18 fichier(s) 4.666.952 octets 4 Rép(s) 6.283.710.464 octets libres c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe c:\Documents and Settings\T-danny6\Application Data\inst.exe c:\Documents and Settings\T-danny6\Bureau\anti merde\ATF-Cleaner.exe c:\Documents and Settings\T-danny6\Bureau\anti merde\défragmentation\keygen.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\diff.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\find2.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\grep.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\streams.exe c:\Documents and Settings\T-danny6\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\T-danny6\Local Settings\Application Data\Google\Picasa2\update\LifescapeUpdater\setup.exe c:\Documents and Settings\T-danny6\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\updater.exe c:\Documents and Settings\T-danny6\Mes documents\divers fichier\AUTORUN.EXE c:\Documents and Settings\T-danny6\Mes documents\divers fichier\msjavx86.exe c:\Documents and Settings\T-danny6\Mes documents\divers fichier\PPVIEWER.EXE c:\Documents and Settings\T-danny6\Mes documents\divers fichier\winaspi.exe c:\Documents and Settings\T-danny6\Mes documents\divers fichier\WindowsXP-KB823980-x86-FRA.exe c:\Documents and Settings\T-danny6\Mes documents\PS6tryFra\_ISDel.exe c:\Documents and Settings\T-danny6\Mes documents\PS6tryFra\Setup.exe c:\Documents and Settings\T-danny6\Mes documents\Readme\Skins\_ISDel.exe c:\Documents and Settings\T-danny6\Mes documents\Readme\Skins\Setup.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\All Users\Application Data\TomTom\HOME\Navigator Dlls\6-560-7914-1.dll c:\Documents and Settings\T-danny6\Application Data\Mozilla\Firefox\Profiles\lw6otsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\T-danny6\Application Data\Mozilla\Firefox\Profiles\lw6otsi6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll ****** Fin du rapport DiagHelp

le filtre antihammeçonnage de IE7 est déjà désactivé , en désactivant norton c'est pareil. rapport DiadHelp ; catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-11 14:34:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG10.00.00.01WORKSTATION"="DB691E6A84C301366CA8728B4E45A94E99A78E4BB0B33AB4A2E0774BA675F341A278B7726FF4A07FB6EF5EE8140FBF31E0DACE28BC19FAE64E2AE198516E6E25D90AD742701B451B6E45968436851C69B5C8BAEE4D37C07A0CA7F896D32DB2E456B6CD8B1138046599BA00517A73F9E4E69E6B7185450B8D9ABCA919CE6EA5F16640FCC50EB3C6432F8A11075A89E698BB2C8E4A3CD92E462BF477B897D6FE4146095C2B5AD94C991C0FD72185DB47FBEBE764D37E74D1CCE3FD77D3B5E9CACE2A9676B81AD825D3BFC8F35D5D63500AA56BC22E8AF4F1CE5E29D40BE594EB9539156BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794FEBC9E127BECC74C8EDD5E5BE2F6E667E3F10BFB2DAD466E9E4D9FFAEEB97CD1AFAA352F844DA87D6754275726C4147A16B24572A746FDF6E1331DC4580B397AB97C6731FD7ED5E452F072E0D62A593FB506A73C39EE8EDBE1E6A0332D955A47F4E7C256AEABAA08ED4F77C06D2A6DB0FBE56ECB24F99FBF595BED9D02BA604E3CFD34FB9EDEA312573DEDF97F1FE7AF657BB6EB32AD8058443A2AB2F04AF33B2E0489D3D619E0C46D3BEBE2A9D47EB130A800353144A270E45E60F1170D5ECBAC7477E2E64F27F15282ED258C8C1140E17E30196FEA9D66C05B7E3017BE1056DB7B958461E7DB04ED7C55C04BFB1F77C2C611D943C4292C1F72D816958E9BBF29FADCE4DC3F0D766AC766090D4BCC8ADE7C501285E6A4C70E1E23A13D1D3604C089308674A6EA5AB83749A3FD1864BC064E00AA925B10545F0A78A2BB833D3214EFD03F46E048D20B508A0CCC72D268CC2093E54A2114FEA71759BD414CAE6E5B2B663875261C9958CE1A91AEE0A7F98A0966D511A9F88B405A256C04F62D6F10EC7C70272384F8DA9FCCD4D95B19745CD5B361515A2C4E461BA4FABF757F00EE9B82B808F6405293E7DA4E0BCF7F6BA2851F47768EC0331B56010BAE2F117FFB504CB6C636331A457B6048029ED709004AAD147193EB3863BD488F95FEEF637C5991E414696558F5E6DE62819CC20A5E0DC62F37AA086E87B46E52383551AEFAB5EB10270A82297267398ED19285C068E93ACC3F8A92FD3653C8F0DF938880451DDBDBBB8CDABDC76FB913BDBE89910FAE38FA08DDAD20E066915BDBD013076D7945BB10D062D84BA60B8B16515A7506E0569711421FA2BAEFE7567D998F044A66EE7B6631305493E6BEE62DEEAAF946B68ED85FC9D0E8BEA2CD7A990C3F50F4B684B70678011B7ABE48E75C324DC00B9B3DC4F979516929E829B48A3B8B57CBF09462B86734AD21F001A47EA6BC7F55AEA4B7EF4D512CFA5D45462D2DFC1872CB94414EB24F2268F3A308F24D94FEE8456961513127D2FA5150C3E3" scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0

pour la vitesse c'est mieux a part la premiére page que j'ouvre!!! pour btfix il ce bloque a chaque fois , donc je n'arrive pas a avoir un rapport !!!