nicol

Vraiment merci beaucoup à vous. D'autre problèmes non, pas pour l'instant. Je vais m'atteler à le mettre à jour (sp2...ect) ..... Encore merci pour tout. ps: Comment on met RESOLU ?

Cool ! J'ai réussi à faire un scan complet sans qu'il plante c'est une révolution !!!! Voilà le rapport: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, December 05, 2007 6:33:41 PM Operating System: Microsoft Windows XP Professional, (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/12/2007 Kaspersky Anti-Virus database records: 473226 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 15706 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:29:29 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\moi\Cookies\index.dat Object is locked skipped C:\Documents and Settings\moi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\moi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\moi\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\moi\Local Settings\Historique\History.IE5\MSHist012007120520071206\index.dat Object is locked skipped C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\moi\NTUSER.DAT Object is locked skipped C:\Documents and Settings\moi\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\_restore{893692FC-864C-441C-B9F4-07A9AE4A146B}\RP10\change.log Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MOI-7KWZS8KAXP8.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A16EBF08-B524-48AF-8B42-099453E8CFB8}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_658.dat Object is locked skipped C:\WINDOWS\Temp\ZLT03684.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT046a2.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Voilà, je n'ai scanner que le dossier concerné car j'avais fini de scanner c\windows avant et il n'y a rien trouvé je te donne tout de même ce rapport aussi: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, December 05, 2007 1:33:11 PM Operating System: Microsoft Windows XP Professional, (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/12/2007 Kaspersky Anti-Virus database records: 472937 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\System Volume Information\ Scan Statistics: Total number of scanned objects: 57 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:00:01 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{893692FC-864C-441C-B9F4-07A9AE4A146B}\RP10\change.log Object is locked skipped Scan process completed. ET DONC AUSSI CELUI DE WINDOWS QUE J'AI FAIT AVANT : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, December 05, 2007 1:05:58 PM Operating System: Microsoft Windows XP Professional, (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/12/2007 Kaspersky Anti-Virus database records: 472935 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\WINDOWS\ Scan Statistics: Total number of scanned objects: 9022 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:14:57 Infected Object Name / Virus Name / Last Action C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MOI-7KWZS8KAXP8.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_660.dat Object is locked skipped C:\WINDOWS\Temp\ZLT04f5a.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT04f5e.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

J'ai trouvé le 2eme: Vu qu'il n'avait rien trouvé dans programe file, j'ai alléger le scan et voici le rapport : KASPERSKY ONLINE SCANNER REPORT Wednesday, December 05, 2007 12:43:51 PM Operating System: Microsoft Windows XP Professional, (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/12/2007 Kaspersky Anti-Virus database records: 472931 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\qoobox\ C:\System Volume Information\ Scan Statistics: Total number of scanned objects: 3696 Number of viruses found: 1 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 00:03:40 Infected Object Name / Virus Name / Last Action C:\qoobox\Quarantine\C\WINDOWS\system32\kb1111p.dll.vir Infected: Trojan-PSW.Win32.OnLineGames.jen skipped C:\System Volume Information\_restore{893692FC-864C-441C-B9F4-07A9AE4A146B}\RP7\A0043450.dll Infected: Trojan-PSW.Win32.OnLineGames.jen skipped C:\System Volume Information\_restore{893692FC-864C-441C-B9F4-07A9AE4A146B}\RP8\change.log Object is locked skipped Scan process completed.

Bonjour, bon j'ai passer ma matinée à essayer de faire se scan, mais mon pc plante à chaque fois avant la fin( il à l'habitude de redémarer quand çà le chante ), le maximum que j'ai réussi à faire c'est 80%, et il avait détecté 1 virus dans 2 fichiers; le 1er se trouvait dans le dossier qoobox que je ne connait pas, et l'autre je n'ai pas eu le temps de voir... J'ai scanner ce dossier avec antivir mais il trouve rien, Je ne sais plus quoi faire...

bonsoir, voici le rapport demandé: ComboFix 07-12-02.7 - moi 2007-12-04 22:26:05.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.256 [GMT 1:00] Running from: C:\Documents and Settings\moi\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\moi\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\auth.dll C:\WINDOWS\system32\drivers\wfuqokfx.dat C:\WINDOWS\system32\kb1111p.dll C:\WINDOWS\system32\odndgorg.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\auth.dll C:\WINDOWS\system32\drivers\wfuqokfx.dat C:\WINDOWS\system32\kb1111p.dll C:\WINDOWS\system32\odndgorg.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_QJQVNDXL -------\qjqvndxl ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))))))) . 2007-12-04 19:50 . 2007-12-04 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-04 10:03 . 2007-12-04 10:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-12-04 09:39 . 2007-12-04 09:39 <REP> d-------- C:\Documents and Settings\moi\Application Data\Grisoft 2007-12-04 09:36 . 2007-12-04 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-04 09:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-30 18:54 . 2007-11-30 18:55 <REP> d-------- C:\Program Files\Zeb-Utility 2007-11-30 15:12 . 2007-11-30 15:12 <REP> d-------- C:\Documents and Settings\moi\Application Data\Uniblue 2007-11-30 11:27 . 2007-11-30 11:27 <REP> d-------- C:\Program Files\Avira 2007-11-29 22:26 . 2007-11-29 22:25 39,771,481 --a------ C:\WINDOWS\LPT$VPN.853 2007-11-29 22:26 . 2007-11-29 22:42 517 --a------ C:\WINDOWS\TSC.INI 2007-11-29 22:25 . 2007-11-29 22:25 <REP> d-------- C:\WINDOWS\AU_Backup 2007-11-29 22:25 . 2007-11-29 22:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-11-29 22:25 . 2007-11-29 22:25 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-11-29 22:21 . 2007-11-29 22:25 <REP> d-------- C:\WINDOWS\AU_Temp 2007-11-29 18:42 . 2007-11-29 18:42 <REP> d---s---- C:\WINDOWS\system32\Microsoft 2007-11-29 18:42 . 2007-11-29 18:42 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\TeamViewer 2007-11-29 18:05 . 2007-11-29 22:25 39,771,481 --a------ C:\WINDOWS\VPTNFILE.853 2007-11-29 17:54 . 2007-11-29 17:54 <REP> d-------- C:\WINDOWS\AU_Log 2007-11-29 17:54 . 2007-11-29 17:54 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-11-29 17:54 . 2007-11-29 17:54 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-11-29 17:54 . 2007-11-29 17:54 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-11-29 17:54 . 2007-11-29 22:21 170 --a------ C:\WINDOWS\GetServer.ini 2007-11-29 17:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-29 17:19 . 2005-07-06 18:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-29 17:06 . 2007-11-17 17:28 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-29 17:06 . 2007-11-17 17:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-29 17:06 . 2007-12-04 10:45 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-29 15:45 . 2007-11-29 15:45 <REP> d--h----- C:\WINDOWS\PIF 2007-11-29 12:56 . 2007-11-29 22:03 <REP> d-------- C:\Program Files\M‚rops 2007-11-29 12:28 . 2007-11-29 12:40 <REP> d-------- C:\Program Files\IsoBourse 2007-11-29 10:40 . 2007-11-29 18:42 <REP> d-------- C:\Program Files\TeamViewer3 2007-11-29 10:40 . 2007-11-29 15:38 <REP> d-------- C:\Documents and Settings\moi\Application Data\TeamViewer 2007-11-29 10:39 . 2007-11-29 10:39 <REP> d-------- C:\Documents and Settings\moi\temp 2007-11-28 12:43 . 2007-11-28 12:43 <REP> d-------- C:\Program Files\SystemRequirementsLab 2007-11-27 11:07 . 2007-11-27 11:11 <REP> d-------- C:\Program Files\CCleaner 2007-11-23 23:38 . 2007-11-23 23:38 <REP> d-------- C:\WINDOWS\Sun 2007-11-20 13:01 . 2007-11-20 13:01 <REP> d-------- C:\Documents and Settings\moi\Dossier partag‚ de Storm 2007-11-20 12:53 . 2007-11-20 12:54 <REP> d-------- C:\Program Files\Arturia 2007-11-20 12:53 . 2003-09-30 11:56 217,088 --a------ C:\WINDOWS\system32\ReWire.dll 2007-11-20 12:51 . 2007-11-20 12:51 <REP> d-------- C:\Program Files\Java 2007-11-20 12:51 . 2007-11-20 12:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-20 12:51 . 2007-11-20 12:51 49,262 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2007-11-20 12:16 . 2007-11-20 12:16 <REP> d-------- C:\Program Files\Native Instruments 2007-11-20 11:49 . 2007-11-20 11:49 <REP> d-------- C:\Documents and Settings\moi\Application Data\Leadertech 2007-11-20 11:48 . 2007-11-20 11:48 <REP> d-------- C:\WINDOWS\Downloaded Installations 2007-11-20 11:48 . 2007-11-20 11:49 <REP> d-------- C:\Program Files\Diskeeper Corporation 2007-11-20 11:25 . 2007-11-20 11:27 <REP> d-------- C:\Program Files\RegCleaner 2007-11-20 11:03 . 2007-11-20 12:13 <REP> d-------- C:\Documents and Settings\moi\Application Data\Steinberg 2007-11-20 11:00 . 2004-07-12 16:27 487,936 --a------ C:\WINDOWS\system\Rmbe3260.dll 2007-11-20 11:00 . 2004-07-12 16:27 352,768 --a------ C:\WINDOWS\system\pngu3263.dll 2007-11-20 11:00 . 2004-07-12 16:27 273,408 --a------ C:\WINDOWS\system\Pncrt.dll 2007-11-20 11:00 . 2004-07-12 16:27 131,072 --a------ C:\WINDOWS\system\Pneng50.dll 2007-11-20 11:00 . 2004-07-12 16:27 130,560 --a------ C:\WINDOWS\system\Pnc3250.dll 2007-11-20 11:00 . 2004-07-12 16:27 87,040 --a------ C:\WINDOWS\system\Ra32sipr.dll 2007-11-20 11:00 . 2004-07-12 16:27 85,504 --a------ C:\WINDOWS\system\Encdnet.dll 2007-11-20 11:00 . 2004-07-12 16:27 81,920 --a------ C:\WINDOWS\system\Ra3214_4.dll 2007-11-20 11:00 . 2004-07-12 16:27 72,704 --a------ C:\WINDOWS\system\Ra3228_8.dll 2007-11-20 11:00 . 2004-07-12 16:27 61,952 --a------ C:\WINDOWS\system\Decdnet.dll 2007-11-20 11:00 . 2004-07-12 16:27 21,504 --a------ C:\WINDOWS\system\Ra32dnet.dll 2007-11-20 10:59 . 2007-11-20 12:16 <REP> d-------- C:\Program Files\Steinberg 2007-11-20 10:59 . 2007-11-20 10:59 <REP> d-------- C:\Program Files\Pinnacle 2007-11-20 10:55 . 2007-11-20 10:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2007-11-20 10:54 . 2007-11-20 11:36 <REP> d-------- C:\Program Files\Syncrosoft 2007-11-20 10:54 . 2004-07-30 13:51 757,760 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2007-11-20 10:54 . 2004-05-10 14:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2007-11-20 10:54 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2007-11-20 10:54 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2007-11-20 10:54 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2007-11-20 10:54 . 2002-11-25 07:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2007-11-20 10:54 . 2002-11-25 04:46 16,896 --a------ C:\WINDOWS\system32\drivers\SynasUSB.sys 2007-11-20 10:49 . 2007-11-20 10:53 <REP> d-------- C:\Program Files\WinAce 2007-11-19 11:53 . 2007-11-19 11:53 <REP> d-------- C:\Documents and Settings\moi\Application Data\DivX 2007-11-19 11:02 . 2007-11-19 11:02 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2007-11-18 18:02 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-18 17:59 . 2002-01-31 00:00 126,976 --a------ C:\WINDOWS\system32\Esint23.dll 2007-11-18 17:59 . 2001-11-15 00:00 47,104 --a------ C:\WINDOWS\system32\escimgd.dll 2007-11-18 17:59 . 2001-11-15 00:00 33,280 --a------ C:\WINDOWS\system32\esccm.dll 2007-11-18 17:59 . 2002-06-20 00:00 32,256 --a------ C:\WINDOWS\system32\escwiad.dll 2007-11-18 17:59 . 2001-11-15 00:00 32,256 --a------ C:\WINDOWS\system32\escwiab.dll 2007-11-18 17:59 . 2001-11-15 00:00 27,648 --a------ C:\WINDOWS\system32\escimg.dll 2007-11-18 17:59 . 2002-06-20 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll 2007-11-18 17:58 . 2007-11-18 17:59 <REP> d-------- C:\EPSON 2007-11-18 17:46 . 2001-08-17 20:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-11-18 16:23 . 2007-12-04 21:52 <REP> d-------- C:\Program Files\eMule 2007-11-18 16:12 . 2007-11-18 16:12 257,536 --a------ C:\WINDOWS\system32\mstask.dll 2007-11-18 16:12 . 2007-11-18 16:12 161,280 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-11-18 16:12 . 2007-11-18 16:12 48,640 --a------ C:\WINDOWS\system32\browser.dll 2007-11-18 16:12 . 2007-11-18 16:12 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-11-18 16:04 . 2007-11-18 16:04 <REP> d-------- C:\Program Files\Common Files 2007-11-18 16:03 . 2003-10-21 23:44 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll 2007-11-18 15:57 . 2007-11-18 15:57 123,392 --a------ C:\WINDOWS\system32\itss.dll 2007-11-18 15:50 . 2004-09-19 06:31 30,720 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-11-18 15:47 . 2007-11-18 16:00 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2007-11-18 14:58 . 2007-11-18 14:58 807 --a------ C:\WINDOWS\hpinfo.lnk 2007-11-18 14:57 . 2001-08-17 22:00 24,832 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-18 14:56 . 2007-11-18 14:56 376 --a------ C:\WINDOWS\mozregistry.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 21:21 --------- d-----w C:\Program Files\Wanadoo 2007-11-30 10:55 29,678 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_11_30_11_29_34_small.dmp.zip 2007-11-29 21:03 --------- d-----w C:\Program Files\Mérops 2007-11-21 14:17 100,053 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_21_14_46_29_small.dmp.zip 2007-11-20 10:28 103,503 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_20_11_24_40_small.dmp.zip 2007-11-19 10:02 --------- d-----w C:\Program Files\Inventel 2007-11-18 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-18 13:44 12,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-18 13:44 1,568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-18 13:44 1,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-18 13:44 1,220 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-18 13:40 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-11-18 13:40 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-11-17 17:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-17 16:47 --------- d-----w C:\Program Files\Securitoo 2007-11-17 16:42 --------- d-----w C:\Program Files\VIA 2007-11-17 16:38 --------- d-----w C:\Program Files\Messenger 2007-11-17 16:32 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-17 16:30 --------- d-----w C:\Program Files\Services en ligne 2007-11-17 16:13 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-17 16:04 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-17 16:04 --------- d-----w C:\Program Files\Fichiers communs\ODBC . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-30 11:31] "NvCplDaemon"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled] crypt32.dll 2002-09-23 15:10 551424 C:\WINDOWS\system32\crypt32.dll R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys R3 hercspud;Hercules ® WDM Audio Driver;C:\WINDOWS\System32\drivers\hercspud.sys R3 hercwdm;Hercules ® WDM Interface Driver;C:\WINDOWS\System32\drivers\hercwdm.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 22:31:47 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 22:33:45 - machine was rebooted C:\ComboFix2.txt ... 2007-12-04 12:58 C:\ComboFix3.txt ... 2007-12-04 12:54 . --- E O F ---

Voici le rapport : ComboFix 07-12-02.7 - moi 2007-12-04 12:56:55.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.322 [GMT 1:00] Running from: C:\Documents and Settings\moi\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))))))) . 2007-12-04 10:03 . 2007-12-04 10:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-12-04 09:39 . 2007-12-04 09:39 <REP> d-------- C:\Documents and Settings\moi\Application Data\Grisoft 2007-12-04 09:36 . 2007-12-04 09:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-04 09:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-30 18:54 . 2007-11-30 18:55 <REP> d-------- C:\Program Files\Zeb-Utility 2007-11-30 15:12 . 2007-11-30 15:12 <REP> d-------- C:\Documents and Settings\moi\Application Data\Uniblue 2007-11-30 11:27 . 2007-11-30 11:27 <REP> d-------- C:\Program Files\Avira 2007-11-30 09:01 . 2007-11-30 09:01 <REP> d-------- C:\Program Files\Trend Micro 2007-11-29 22:26 . 2007-11-29 22:25 39,771,481 --a------ C:\WINDOWS\LPT$VPN.853 2007-11-29 22:26 . 2007-11-29 22:42 517 --a------ C:\WINDOWS\TSC.INI 2007-11-29 22:25 . 2007-11-29 22:25 <REP> d-------- C:\WINDOWS\AU_Backup 2007-11-29 22:25 . 2007-11-29 22:25 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-11-29 22:25 . 2007-11-29 22:25 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-11-29 22:21 . 2007-11-29 22:25 <REP> d-------- C:\WINDOWS\AU_Temp 2007-11-29 18:42 . 2007-11-29 18:42 <REP> d---s---- C:\WINDOWS\system32\Microsoft 2007-11-29 18:42 . 2007-11-29 18:42 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\TeamViewer 2007-11-29 18:05 . 2007-11-29 22:25 39,771,481 --a------ C:\WINDOWS\VPTNFILE.853 2007-11-29 17:54 . 2007-11-29 17:54 <REP> d-------- C:\WINDOWS\AU_Log 2007-11-29 17:54 . 2007-11-29 17:54 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-11-29 17:54 . 2007-11-29 17:54 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-11-29 17:54 . 2007-11-29 17:54 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-11-29 17:54 . 2007-11-29 22:21 170 --a------ C:\WINDOWS\GetServer.ini 2007-11-29 17:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-29 17:19 . 2005-07-06 18:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-29 17:06 . 2007-11-17 17:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-29 17:06 . 2007-11-17 17:22 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-29 17:06 . 2007-11-17 17:22 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-29 17:06 . 2007-12-04 10:45 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-29 15:45 . 2007-11-29 15:45 <REP> d--h----- C:\WINDOWS\PIF 2007-11-29 12:56 . 2007-11-29 22:03 <REP> d-------- C:\Program Files\Mérops 2007-11-29 12:35 . 2001-08-28 13:00 88,576 --a------ C:\WINDOWS\system32\auth.dll 2007-11-29 12:35 . 19,200 C:\WINDOWS\system32\drivers\wfuqokfx.dat 2007-11-29 12:29 . 2007-11-29 12:29 4,608 --a------ C:\WINDOWS\system32\odndgorg.dll 2007-11-29 12:28 . 2007-11-29 12:40 <REP> d-------- C:\Program Files\IsoBourse 2007-11-29 10:40 . 2007-11-29 18:42 <REP> d-------- C:\Program Files\TeamViewer3 2007-11-29 10:40 . 2007-11-29 15:38 <REP> d-------- C:\Documents and Settings\moi\Application Data\TeamViewer 2007-11-29 10:39 . 2007-11-29 10:39 <REP> d-------- C:\Documents and Settings\moi\temp 2007-11-28 12:43 . 2007-11-28 12:43 <REP> d-------- C:\Program Files\SystemRequirementsLab 2007-11-27 11:07 . 2007-11-27 11:11 <REP> d-------- C:\Program Files\CCleaner 2007-11-23 23:38 . 2007-11-23 23:38 <REP> d-------- C:\WINDOWS\Sun 2007-11-20 13:01 . 2007-11-20 13:01 <REP> d-------- C:\Documents and Settings\moi\Dossier partagé de Storm 2007-11-20 12:53 . 2007-11-20 12:54 <REP> d-------- C:\Program Files\Arturia 2007-11-20 12:53 . 2003-09-30 11:56 217,088 --a------ C:\WINDOWS\system32\ReWire.dll 2007-11-20 12:51 . 2007-11-20 12:51 <REP> d-------- C:\Program Files\Java 2007-11-20 12:51 . 2007-11-20 12:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-20 12:51 . 2007-11-20 12:51 49,262 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2007-11-20 12:16 . 2007-11-20 12:16 <REP> d-------- C:\Program Files\Native Instruments 2007-11-20 11:49 . 2007-11-20 11:49 <REP> d-------- C:\Documents and Settings\moi\Application Data\Leadertech 2007-11-20 11:48 . 2007-11-20 11:48 <REP> d-------- C:\WINDOWS\Downloaded Installations 2007-11-20 11:48 . 2007-11-20 11:49 <REP> d-------- C:\Program Files\Diskeeper Corporation 2007-11-20 11:25 . 2007-11-20 11:27 <REP> d-------- C:\Program Files\RegCleaner 2007-11-20 11:03 . 2007-11-20 12:13 <REP> d-------- C:\Documents and Settings\moi\Application Data\Steinberg 2007-11-20 11:00 . 2004-07-12 16:27 487,936 --a------ C:\WINDOWS\system\Rmbe3260.dll 2007-11-20 10:59 . 2007-11-20 12:16 <REP> d-------- C:\Program Files\Steinberg 2007-11-20 10:59 . 2007-11-20 10:59 <REP> d-------- C:\Program Files\Pinnacle 2007-11-20 10:55 . 2007-11-20 10:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle 2007-11-20 10:54 . 2007-11-20 11:36 <REP> d-------- C:\Program Files\Syncrosoft 2007-11-20 10:54 . 2004-07-30 13:51 757,760 --a------ C:\WINDOWS\system32\SYNSOACC.dll 2007-11-20 10:54 . 2004-05-10 14:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll 2007-11-20 10:54 . 2003-07-31 19:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm 2007-11-20 10:54 . 2003-05-26 14:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm 2007-11-20 10:54 . 2003-05-26 14:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm 2007-11-20 10:54 . 2002-11-25 07:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe 2007-11-20 10:54 . 2002-11-25 04:46 16,896 --a------ C:\WINDOWS\system32\drivers\SynasUSB.sys 2007-11-20 10:49 . 2007-11-20 10:53 <REP> d-------- C:\Program Files\WinAce 2007-11-19 11:53 . 2007-11-19 11:53 <REP> d-------- C:\Documents and Settings\moi\Application Data\DivX 2007-11-19 11:02 . 2007-11-19 11:02 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2007-11-18 18:02 . 2001-08-17 21:53 13,824 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-18 18:02 . 2001-08-17 21:53 13,824 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-18 17:59 . 2002-01-31 00:00 126,976 --a------ C:\WINDOWS\system32\Esint23.dll 2007-11-18 17:59 . 2001-11-15 00:00 47,104 --a------ C:\WINDOWS\system32\escimgd.dll 2007-11-18 17:59 . 2001-11-15 00:00 33,280 --a------ C:\WINDOWS\system32\esccm.dll 2007-11-18 17:59 . 2002-06-20 00:00 32,256 --a------ C:\WINDOWS\system32\escwiad.dll 2007-11-18 17:59 . 2001-11-15 00:00 32,256 --a------ C:\WINDOWS\system32\escwiab.dll 2007-11-18 17:59 . 2001-11-15 00:00 27,648 --a------ C:\WINDOWS\system32\escimg.dll 2007-11-18 17:59 . 2002-06-20 00:00 22,528 --a------ C:\WINDOWS\system32\esccmd.dll 2007-11-18 17:58 . 2007-11-18 17:59 <REP> d-------- C:\EPSON 2007-11-18 17:46 . 2001-08-17 20:12 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-11-18 17:46 . 2001-08-17 20:12 23,070 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2007-11-18 16:23 . 2007-11-29 19:00 <REP> d-------- C:\Program Files\eMule 2007-11-18 16:12 . 2007-11-18 16:12 301,568 --a--c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2007-11-18 16:12 . 2007-11-18 16:12 257,536 --a------ C:\WINDOWS\system32\mstask.dll 2007-11-18 16:12 . 2007-11-18 16:12 257,536 --a--c--- C:\WINDOWS\system32\dllcache\mstask.dll 2007-11-18 16:12 . 2007-11-18 16:12 161,280 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-11-18 16:12 . 2007-11-18 16:12 161,280 --a--c--- C:\WINDOWS\system32\dllcache\schedsvc.dll 2007-11-18 16:12 . 2007-11-18 16:12 48,640 --a--c--- C:\WINDOWS\system32\dllcache\browser.dll 2007-11-18 16:12 . 2007-11-18 16:12 48,640 --a------ C:\WINDOWS\system32\browser.dll 2007-11-18 16:12 . 2007-11-18 16:12 9,728 --a------ C:\WINDOWS\system32\mstinit.exe 2007-11-18 16:12 . 2007-11-18 16:12 9,728 --a--c--- C:\WINDOWS\system32\dllcache\mstinit.exe 2007-11-18 16:04 . 2007-11-18 16:04 <REP> d-------- C:\Program Files\Common Files 2007-11-18 16:03 . 2003-10-21 23:44 32,256 --a------ C:\WINDOWS\system32\msgsvc.dll 2007-11-18 16:03 . 2003-10-21 23:44 32,256 --a--c--- C:\WINDOWS\system32\dllcache\msgsvc.dll 2007-11-18 15:57 . 2007-11-18 15:57 123,392 --a------ C:\WINDOWS\system32\itss.dll 2007-11-18 15:57 . 2007-11-18 15:57 123,392 --a--c--- C:\WINDOWS\system32\dllcache\itss.dll 2007-11-18 15:50 . 2004-09-19 06:31 30,720 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-11-18 15:47 . 2007-11-18 16:00 <REP> d--h----- C:\WINDOWS\$hf_mig$ 2007-11-18 14:58 . 2007-11-18 14:58 807 --a------ C:\WINDOWS\hpinfo.lnk . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 11:49 --------- d-----w C:\Program Files\Wanadoo 2007-11-30 10:55 29,678 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_11_30_11_29_34_small.dmp.zip 2007-11-21 14:17 100,053 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_21_14_46_29_small.dmp.zip 2007-11-20 10:28 103,503 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_20_11_24_40_small.dmp.zip 2007-11-19 10:02 --------- d-----w C:\Program Files\Inventel 2007-11-18 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-18 13:44 12,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-18 13:44 1,568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-18 13:44 1,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-18 13:44 1,220 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-18 13:40 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-11-18 13:40 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-11-17 17:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-17 16:47 --------- d-----w C:\Program Files\Securitoo 2007-11-17 16:42 --------- d-----w C:\Program Files\VIA 2007-11-17 16:32 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-17 16:30 --------- d-----w C:\Program Files\Services en ligne 2007-11-17 16:13 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-17 16:04 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-17 16:04 --------- d-----w C:\Program Files\Fichiers communs\ODBC . ((((((((((((((((((((((((((((( snapshot@2007-12-04_12.53.26.76 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-30 15:44:31 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-12-04 11:45:32 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-11-30 15:44:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2007-12-04 11:45:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2007-11-30 15:44:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-12-04 11:45:32 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C5522E7-E39F-4824-8CDE-C29E8EEA69F8}] 2001-08-28 13:00 88576 --a------ C:\WINDOWS\System32\auth.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49] "NvCplDaemon"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2001-08-28 13:00 C:\WINDOWS\system32\rundll32.exe] "HGTXPEI"="C:\WINDOWS\System32\FirstReboot.exe" [2002-06-11 13:34] "SoundFusion"="RunDll32 hercplgs.cpl" [] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2007-11-20 12:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{9C0ADB68-353A-61DD-ED09-1D8003A61111}"= C:\WINDOWS\system32\kb1111p.dll [1999-01-01 01:01 40960] R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys R0 qjqvndxl;qjqvndxl;C:\WINDOWS\System32\drivers\wfuqokfx.dat R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys R3 hercspud;Hercules ® WDM Audio Driver;C:\WINDOWS\System32\drivers\hercspud.sys R3 hercwdm;Hercules ® WDM Interface Driver;C:\WINDOWS\System32\drivers\hercwdm.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 12:57:45 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 12:58:23 C:\ComboFix2.txt ... 2007-12-04 12:54 . --- E O F ---

Bonjour, tout c'est déroulé nourmalement sauf l'étape: 5/Supprime ce qui est en gras: C:\WINDOWS\System32\ auth.dll<== le fichier Résultat: "Impossible de suprimer; verifier que le fichier n'est pas utilisé ou que le disque n'est pas protégé en écriture". Au redémarage en mode normal le ficher auth.dll semble toujours infecté puisque antivir le détecte toujours et tourjours impossible de l'effacer... Voici les rapports demandés : AVG : AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 10:35:19 04/12/2007 + Résultat de l'analyse: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine). HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Erreur lors du nettoyage. C:\Program Files\Trend Micro\HijackThis\backups\backup-20071130-135856-366.dll -> Downloader.Delf.dbo : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Trend Micro\HijackThis\backups\backup-20071130-135954-832.dll -> Downloader.Delf.dbo : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Trend Micro\HijackThis\backups\backup-20071130-140353-872.dll -> Downloader.Delf.dbo : Nettoyé et sauvegardé (mise en quarantaine). C:\Program Files\Trend Micro\HijackThis\backups\backup-20071204-100013-262.dll -> Downloader.Delf.dbo : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\auth.dll -> Downloader.Delf.dbo : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\moi\Cookies\moi@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\moi\Cookies\moi@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\moi\Cookies\moi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\moi\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Nettoyé. C:\Documents and Settings\moi\Cookies\moi@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\moi\Cookies\moi@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. Fin du rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:46:30, on 04/12/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {8C5522E7-E39F-4824-8CDE-C29E8EEA69F8} - C:\WINDOWS\System32\auth.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1196444584606 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195322359371 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5863 bytes Merci pour votre aide

merci, on attend les renford alors...

voilà: merci d'avance : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:15, on 30/11/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {8C5522E7-E39F-4824-8CDE-C29E8EEA69F8} - C:\WINDOWS\System32\auth.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1196444584606 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195322359371 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5863 bytes

Je crois que vous avez pas compris: j'ai pas formater à cause de l'infection mais j'ai formater y a pas longtemp et l'infection est survenu aprés !! Donc je l'ai toujours....

voila le resultat du scan jotti : Scan taken on 30 Nov 2007 18:43:33 (GMT) A-Squared Found nothing AntiVir Found TR/Dldr.Del.dbo.1.A ArcaVir Found Trojan.Downloader.Delf.Dbo Avast Found nothing AVG Antivirus Found Downloader.Generic6.WBG BitDefender Found Trojan.Spy.Bzub.NGP ClamAV Found nothing CPsecure Found nothing Dr.Web Found Trojan.DownLoader.37340 F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Trojan-Downloader.Win32.Delf.dbo Fortinet Found W32/Delf.DBO!tr.dldr Ikarus Found Trojan-PWS.Win32.Lmir Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Delf.dbo NOD32 Found probably a variant of Win32/Adware.BHO.NBI application (probable variant) Norman Virus Control Found W32/Delf.BCCW Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found Trojan-Downloader.Win32.Delf.dbo je vien juste de formater et de réinstaller; promis je met à jour dés que le problème est réglé...

impossible d'executer le scan en entier car mon pc plante avant la fin ... J'ai tout de meme viré 3 softs qui étaient aparement unsecure... mais le trojan est toujours là!...

troyen TR/Dldr.Del.dbo.1.a Inconnu !! Ya quelqu'un?? Quelqu'un peut m'aider???? HELP !!

bonjour, voici mon probléme: depuis peu mon antivirus (antivir) détecte un toyen ( TR/Dldr.Del.dbo.1.a ) dans le fichier windows/systéme32/auth.dll mais ne peu ni le supprimer ni le mettre en quarantaine parcequ'il n'y a pas accés.(même mode sans échec) Chose étonnante; ce troyen n'existe apparament pas dans la base de donné d'antivir! alors pourquoi le détecte-il ? J'ai suivi la procédure de prénettoyage indiqué sur le site à la lettre et voici mantenant mon rapport hijackthis si vous pouviez trouver la solution SVP: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:25:25, on 30/11/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: (no name) - {8C5522E7-E39F-4824-8CDE-C29E8EEA69F8} - C:\WINDOWS\System32\auth.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Diskeeper 10 Professional Edition Registration.lnk = C:\Program Files\Diskeeper Corporation\Diskeeper\ESIRegister.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd.../x86/client/wuw eb_site.cab?1195322359371 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...icro.com/housec all/xscan53.cab O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4565 bytes