barbo47

ok merci beaucoup ticlou pour les renseignements

donc voila c'est bon j'ai réussi a installer windows sur le c: et a enlever celui qui etait sur h:. Mais maintenant je ne c'est pas comment faire pour que mes données qui sont encore dans program files apparaissent dans demarrer/tout les programmes et sur le bureau

tu peux m'expliquer comment faire si ca te dérange pas car là je comprend pas trop je ne suis pas trop 1 spécialiste

oui j'ai 2 windows mais celui du c: ne boot plus je ne peut meme pas faire de réparation donc j'ai refait 1 réinstall qui é maintenant sur h:

bonjours tt le monde Voila j'ai 1 petit probleme, suite a different probleme de virus et de reboot intempestif du pc j'ai reinstaller xp sp2. il démarre impecable, mais le probleme est qu'il démarre sur h: et que toutes les données que j'avait sont sur c: ! je voudrait savoir comment faire pour toujours démarrer sur le h mais pour que les donnée du c: s'affiche sur le bureau et dans le menu demarrer

ok merci je vais voir ça

voici le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:40:06, on 06/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Launch Manager\LManager.exe C:\Acer\Empowering Technology\eDSMSNfix.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Windows\Explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Users\laure et xavier\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://copxv.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: eNetHook.dll O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9589 bytes

voici le rapport malwarebytes Malwarebytes' Anti-Malware 1.19 Version de la base de données: 924 Windows 6.0.6001 Service Pack 1 15:37:40 06/07/2008 mbam-log-7-6-2008 (15-37-40).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 168721 Temps écoulé: 38 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

ok merci pour ton aide je refais mon analyse avec anti malware

bonjours je vous envoie mon rapport combofix car je suis infecter par 1 bagle ComboFix 08-07-05.1 - laure et xavier 2008-07-06 14:24:26.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.964 [GMT 2:00] Endroit: C:\Users\laure et xavier\Desktop\killbagle.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))))))) . 2008-07-06 01:11 . 2008-07-06 01:11 0 --ah----- C:\ntuser.dat.LOG2 2008-07-06 01:11 . 2008-07-06 01:11 0 --ah----- C:\ntuser.dat.LOG1 2008-07-06 01:11 . 2008-07-06 01:11 0 --a------ C:\ntuser.dat 2008-07-06 00:45 . 2008-07-06 00:50 <REP> d-------- C:\combo-fix 2008-07-06 00:01 . 2008-07-06 00:01 <REP> d-------- C:\Users\laure et xavier\AppData\Roaming\Malwarebytes 2008-07-06 00:01 . 2008-07-06 00:01 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-07-06 00:01 . 2008-07-06 00:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-06 00:01 . 2008-07-06 00:01 <REP> d-------- C:\PROGRA~2\Malwarebytes 2008-07-06 00:01 . 2008-06-28 14:16 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-06 00:01 . 2008-06-28 14:16 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-05 22:42 . 2008-07-05 23:06 <REP> d-------- C:\bagle 2008-07-05 21:13 . 2008-07-05 21:13 <REP> d-------- C:\Muestras 2008-07-05 20:41 . 2008-07-05 20:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-05 20:11 . 2006-09-18 23:42 141,392 --a------ C:\Windows\System32\drivers\VSTProf.cty 2008-07-05 20:09 . 2008-07-05 20:09 <REP> d-------- C:\Program Files\Trend Micro 2008-07-05 20:03 . 2008-07-05 20:03 <REP> d-------- C:\Program Files\RogueRemover FREE 2008-07-05 18:43 . 2008-07-05 20:32 152,848,122 --a------ C:\Windows\MEMORY.DMP 2008-07-02 22:34 . 2008-07-02 22:34 <REP> d-------- C:\Program Files\LaBoiteACouleurs 2008-06-29 10:52 . 2008-07-05 18:06 <REP> d-------- C:\Users\laure et xavier\copxvtest 2008-06-22 09:11 . 2008-06-22 09:47 <REP> d-------- C:\Program Files\VirtualDJ 2008-06-22 09:03 . 2008-06-25 21:30 <REP> d-------- C:\Users\laure et xavier\AppData\Roaming\GetRightToGo 2008-06-22 09:03 . 2008-06-22 09:03 <REP> d-------- C:\Downloads 2008-06-15 02:03 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-15 02:03 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-15 02:03 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-15 02:03 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-11 17:21 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-11 17:21 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-11 17:21 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-11 17:21 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-07 20:13 . 2008-07-05 20:38 54,156 --ah----- C:\Windows\QTFont.qfn 2008-06-07 20:13 . 2008-06-07 20:13 1,409 --a------ C:\Windows\QTFont.for 2008-06-07 20:12 . 2008-06-07 20:12 <REP> d-------- C:\Users\laure et xavier\AppData\Roaming\Apple Computer 2008-06-07 20:12 . 2008-06-07 20:12 <REP> d-------- C:\Program Files\iPod 2008-06-07 20:11 . 2008-06-07 20:12 <REP> d-------- C:\Program Files\iTunes 2008-06-07 20:02 . 2008-06-07 20:02 <REP> d-------- C:\Program Files\Common Files\Apple . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-05 19:31 --------- d-----w C:\PROGRA~2\Google Updater 2008-07-05 18:52 --------- d-----w C:\Program Files\Launch Manager 2008-07-05 18:43 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy 2008-07-05 18:12 --------- d-----w C:\Program Files\Visicom Media 2008-06-25 19:33 --------- d-----w C:\Program Files\Entraîneur XV 2008-06-25 19:33 --------- d-----w C:\Program Files\EA SPORTS 2008-06-25 18:50 --------- d-----w C:\Program Files\Everest Poker 2008-06-16 19:22 --------- d-----w C:\Program Files\WinamaxPoker 2008-06-12 16:49 --------- d-----w C:\Program Files\Windows Mail 2008-06-07 18:11 --------- d-----w C:\PROGRA~2\Apple Computer 2008-06-07 18:10 --------- d-----w C:\Program Files\Bonjour 2008-05-09 13:56 --------- d-----w C:\Program Files\Full Tilt Poker 2008-04-16 09:00 0 ----a-w C:\Users\laure et xavier\pulsar'sJC#1.exe 2008-04-01 16:03 174 --sha-w C:\Program Files\desktop.ini 2007-10-15 16:51 81,920 ----a-w C:\Users\laure et xavier\AppData\Roaming\ezpinst.exe 2007-10-15 16:51 47,360 ----a-w C:\Users\laure et xavier\AppData\Roaming\pcouffin.sys 2007-09-29 15:04 0 ----a-w C:\Program Files\uninstall.uif . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2007-12-10 14:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 14:46 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 14:46 1510424] [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 10:24 614400] "eDSMSNfix"="C:\Acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 19:40 13312] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-01-17 09:01 151552] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-05 20:50 262401] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] C:\Users\laure et xavier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-05 02:28:04 528384] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-10-10 17:22:20 942080] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ff_acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1322609457-4011482228-3359091074-1000] "EnableNotificationsRef"=dword:00000002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{BA099FE1-BF14-4B80-AE27-C519C3039686}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite "{EF48618E-9856-413E-81F5-4C496E1F3F24}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite "{369985D5-00C1-4F79-960B-2588B27A3A1E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{00C169D5-EEEF-4C5E-9B35-B434CCA15D92}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{1B38A11C-5191-4DF3-BDC6-59D37EA13F68}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{68909AF7-9546-4425-AEF3-E935782CC848}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F1295F50-6371-45CB-B448-77247F327CB9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{D55A9B67-520E-471F-8927-44E258462E06}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{A38CF3C7-B803-4EF6-B87E-25BED8761FD7}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{A19BE743-E061-4617-B49C-D4EDC77AD83E}C:\\program files\\namo\\webeditor 5 trial\\bin\\webeditor.exe"= UDP:C:\program files\namo\webeditor 5 trial\bin\webeditor.exe:Namo WebEditor 5 "UDP Query User{BE015A88-7095-4EF6-9BDD-60919721B63D}C:\\program files\\namo\\webeditor 5 trial\\bin\\webeditor.exe"= TCP:C:\program files\namo\webeditor 5 trial\bin\webeditor.exe:Namo WebEditor 5 "TCP Query User{60482508-FADB-41BF-A750-1A729E12FD69}C:\\program files\\leechftp\\leechftp.exe"= UDP:C:\program files\leechftp\leechftp.exe:LeechFTP "UDP Query User{561DC074-076C-46E3-B646-6B20FA61A71A}C:\\program files\\leechftp\\leechftp.exe"= TCP:C:\program files\leechftp\leechftp.exe:LeechFTP "{6B55B742-D228-4D7A-B7C1-3324C6200D6B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{1C34099E-AF70-4A07-989E-C79848D341C5}C:\\program files\\tribalweb\\tribalweb.exe"= UDP:C:\program files\tribalweb\tribalweb.exe:tribalweb "UDP Query User{B261D153-3C21-44BF-B841-75DB41B15F53}C:\\program files\\tribalweb\\tribalweb.exe"= TCP:C:\program files\tribalweb\tribalweb.exe:tribalweb "TCP Query User{1A6A0B14-9AAE-4C77-A07F-7335A731AF8B}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice "UDP Query User{8DF0C592-47DB-489C-B1EE-07D798836EB6}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice "TCP Query User{7DE69108-5895-4CF6-8290-3743BD17D08F}D:\\leechftp\\leechftp.exe"= UDP:D:\leechftp\leechftp.exe:LeechFTP "UDP Query User{BAB3DF15-39DA-4CEA-AF63-53EE8007F36D}D:\\leechftp\\leechftp.exe"= TCP:D:\leechftp\leechftp.exe:LeechFTP "TCP Query User{D436D2C2-5CFB-41BA-90EE-8BB2B3D6E12C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D1816A80-A30B-49AF-9FCC-D66BFA57B5D9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{94CB1093-6D35-40E5-9B06-62690A03696D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{EBFD5C10-1AD1-4761-BFBF-72FEF4536F3C}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{35C34C49-2B35-445D-A5D3-67EDFFAC5680}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8 "UDP Query User{F85AFEE8-7FAF-4CF0-810D-78F6AF637D12}C:\\program files\\macromedia\\dreamweaver 8\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver 8\dreamweaver.exe:Dreamweaver 8 "TCP Query User{26E46FDE-2414-47E0-B721-37D1DA607FFC}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{CC8C8665-B755-4168-96A3-074461F503EF}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{B3FFF5B4-992A-4B7B-8978-4161011B29B0}"= Disabled:UDP:C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe:Alcohol 120% "{E67E0BB6-D371-4F22-B338-A61561A8CC17}"= Disabled:TCP:C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe:Alcohol 120% "TCP Query User{3D9A6065-9EFB-4B73-A7FF-0C236C033227}C:\\program files\\ea sports\\madden nfl 08\\mainapp.exe"= UDP:C:\program files\ea sports\madden nfl 08\mainapp.exe:Madden NFL 08 "UDP Query User{FD8E61CF-C320-44CF-8261-4AD956875AA9}C:\\program files\\ea sports\\madden nfl 08\\mainapp.exe"= TCP:C:\program files\ea sports\madden nfl 08\mainapp.exe:Madden NFL 08 "{67F746D6-EE1A-4E0C-98C5-625DF1598720}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{346EBA47-0871-457D-AAB9-6B5DD61CFE4A}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay "UDP Query User{3A77B337-1801-4715-A3FF-E4BB80F72648}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay "TCP Query User{F25F6A40-305F-4EB4-9EF9-4B9C05C5FF04}C:\\program files\\micro application\\belote et coinche contrée\\belote2d.exe"= UDP:C:\program files\micro application\belote et coinche contrée\belote2d.exe:Application Belote et Coinche/Contrée "UDP Query User{98DD795E-456A-4ED2-BB8C-3112218F6D92}C:\\program files\\micro application\\belote et coinche contrée\\belote2d.exe"= TCP:C:\program files\micro application\belote et coinche contrée\belote2d.exe:Application Belote et Coinche/Contrée "{9F364E65-8F9E-47FD-BAA3-6C415878FBB0}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4121BBC5-9301-457C-9CDB-635D8FDDDBF5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{1418E72A-BEFD-4E41-8CF4-1027688F5ABA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{7980E46D-2F2F-4FB0-8759-5FE089531177}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-07 05:04] S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 09:44] S3 sonypvs1;Sony Digital Imaging Video2;C:\Windows\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fa9b8f9-d670-11dc-8d11-0016d4d1dd69}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\website\index.html [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b52df784-8929-11dc-a49f-0016d4d1dd69}] \shell\AutoRun\command - F:\Autorun.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-06 14:26:53 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... C:\Users\LAUREE~1\AppData\Local\Microsoft\Messenger\blancololo@hotmail.fr\SharingMetadata\Working\database_1C4C_3C_4C00_12E6\$db_clean$ 0 bytes Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** . Temps d'accomplissement: 2008-07-06 14:28:07 ComboFix-quarantined-files.txt 2008-07-06 12:28:01 ComboFix2.txt 2008-07-05 22:50:55 ComboFix3.txt 2008-07-05 21:06:07 Pre-Run: 7,724,326,912 octets libres Post-Run: 7,577,169,920 octets libres 180 --- E O F --- 2008-07-04 16:27:46 merci de votre aide!!!