bensalim

bonjour j'ai un probleme avec la mise a jour de windows quand je veus faire la mise a jour il me donne qu'il est désactiver avec le système prière dde m'aider pour regler mon problème ci dessous une imprime ecran de mon problème merci

bonjour voila le nouveau rapport de Java RA JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Aug 18 18:24:59 2008 Found and removed: C:\Program Files\Java\jre1.5.0_03 Found and removed: Software\JavaSoft\Java2D\1.5.0_03 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\JavaPlugin.150_03 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. ------------------------------------------------------------------------------------------------------------------------ Nouveau rappart de HijakThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:29:41, on 18/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ma/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{742C343D-4B6A-426E-8418-A14B6D008D62}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 6675 bytes oui c'est moi qui'ila configurer c'est mon poste je suis tres heureus pour les résultat que j'ai eu merci bk dit moi tu veus dire quoi avec (comme la désactivation du centre de sécurité par exemple ) j'ai pas compris ta question tu peus m'expliquer pour t'aider par ma réponse merci infiniment

dernier rapport d'analyse avec COMBOFIX ComboFix 08-08-14.03 - Abdelhamid 2008-08-17 18:25:28.3 - NTFSx86 Endroit: C:\Documents and Settings\Abdelhamid\Bureau\ComboFix.exe * Resident AV is active AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))))))) . 2008-08-17 18:04 . 2008-08-17 18:05 <REP> d-------- C:\Program Files\Publication Web 2008-08-17 18:04 . 1998-05-22 10:00 145,872 -ra------ C:\WINDOWS\system32\WEBPOST.DLL 2008-08-17 18:04 . 1998-05-25 17:17 121,472 -ra------ C:\WINDOWS\system32\CRSWPP.DLL 2008-08-17 18:04 . 1998-05-22 10:00 112,064 -ra------ C:\WINDOWS\system32\WPWIZDLL.DLL 2008-08-17 18:04 . 1998-05-22 10:00 98,960 -ra------ C:\WINDOWS\system32\FTPWPP.DLL 2008-08-17 18:04 . 1998-05-22 09:57 98,496 -ra------ C:\WINDOWS\system32\POSTWPP.DLL 2008-08-17 18:04 . 1998-05-25 17:16 93,456 -ra------ C:\WINDOWS\system32\FPWPP.DLL 2008-08-17 18:04 . 1998-05-25 17:15 50,816 -ra------ C:\WINDOWS\system32\PIPARSE.DLL 2008-08-17 16:49 . 2008-08-17 16:49 <REP> d-------- C:\GAMES 2008-08-16 11:55 . 2008-08-16 11:55 <REP> d-------- C:\Program Files\Avira 2008-08-16 11:55 . 2008-08-16 11:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-15 17:00 . 2008-08-15 17:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-15 17:00 . 2008-08-15 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-15 17:00 . 2008-08-15 17:00 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\Malwarebytes 2008-08-15 17:00 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-15 17:00 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-15 16:16 . 2008-08-15 16:16 <REP> d-------- C:\Program Files\MSECache 2008-08-15 12:44 . 2008-08-15 12:44 0 ---hs---- C:\WINDOWS\S7EB0C8A7.tmp 2008-08-14 11:46 . 2008-08-14 11:46 <REP> d-------- C:\Program Files\Trend Micro 2008-08-08 19:04 . 2008-08-09 11:24 <REP> d-------- C:\Program Files\WinAVI Video Converter 2008-08-08 17:33 . 2008-08-08 17:33 <REP> d-------- C:\DriveKey 2008-08-07 13:50 . 2008-08-07 13:50 <REP> d-------- C:\My Documents 2008-08-07 13:48 . 2008-08-08 17:43 <REP> d-------- C:\Program Files\Amor SWF to Video Converter 2008-08-03 11:48 . 2008-08-09 16:04 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\FileZilla 2008-08-03 11:46 . 2008-08-03 11:47 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-08-01 12:06 . 2008-08-01 12:16 <REP> d-------- C:\Program Files\HDGraph 2008-08-01 01:39 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-08-01 01:10 . 2008-08-01 01:10 <REP> d-------- C:\Program Files\MSXML 6.0 2008-07-28 16:30 . 2008-07-28 16:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-28 13:57 . 2008-07-28 13:57 <REP> d-------- C:\WINDOWS\Sun 2008-07-28 13:55 . 2005-04-13 04:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-07-28 13:53 . 2008-07-28 13:55 <REP> d-------- C:\Program Files\Java 2008-07-28 13:51 . 2008-07-28 13:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-07-28 11:27 . 2008-07-28 11:28 <REP> d-------- C:\Program Files\ReaConverter Pro 2008-07-27 15:06 . 2008-07-27 15:06 <REP> d-------- C:\WINDOWS\system32\RMBin 2008-07-27 15:06 . 2002-01-05 07:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-07-27 15:06 . 2002-01-05 06:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2008-07-27 15:06 . 2002-01-05 12:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2008-07-27 15:06 . 2008-07-27 15:06 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2008-07-27 14:11 . 2008-07-27 18:37 <REP> d-------- C:\TEMP 2008-07-27 14:09 . 2008-07-27 17:08 <REP> d-------- C:\Program Files\AVI MPEG WMV RM to MP3 Converter 2008-07-27 00:28 . 2008-07-28 15:00 <REP> d-------- C:\Program Files\AMT 2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-07-26 12:50 . 2008-07-26 15:20 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-07-25 20:53 . 2005-02-27 22:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax 2008-07-24 19:37 . 2008-07-24 19:37 <REP> d-------- C:\Program Files\JPEG Camera 2008-07-22 12:27 . 2008-07-27 17:42 <REP> d-------- C:\Program Files\QuickMediaConverter 2008-07-22 12:12 . 2008-07-22 12:25 <REP> d-------- C:\Program Files\NewLive All Media To Mp3 Converter 2008-07-19 13:58 . 2008-07-19 20:07 <REP> d-------- C:\Program Files\MOBILedit! 2008-07-18 21:12 . 2003-07-16 15:27 43,264 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys 2008-07-18 21:10 . 2008-08-08 17:33 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\PC Suite 2008-07-18 20:57 . 2008-07-18 20:59 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\Nokia 2008-07-18 20:50 . 2008-07-18 20:50 <REP> d-------- C:\Program Files\DIFX 2008-07-18 20:50 . 2007-09-17 16:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-07-18 20:49 . 2008-07-18 20:49 <REP> d-------- C:\Program Files\PC Connectivity Solution 2008-07-18 20:46 . 2008-05-07 08:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-07-18 20:22 . 2008-07-18 20:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-07-17 13:47 . 2008-08-11 19:45 <REP> d-------- C:\Program Files\Windows Live Safety Center . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-17 16:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-17 15:43 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\uTorrent 2008-08-16 11:06 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-16 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-12 10:24 --------- d-----w C:\Program Files\Spyware Doctor 2008-08-07 11:21 --------- d-----w C:\Program Files\uTorrent 2008-08-03 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-02 11:34 --------- d-----w C:\Program Files\ma-config.com 2008-08-02 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-07-27 00:35 --------- d-----w C:\Program Files\Real Alternative 2008-07-18 20:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-07-15 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\09 2008-07-14 10:55 308,600 ----a-w C:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe 2008-07-07 23:30 --------- d-----w C:\Program Files\X2CD 2008-07-07 20:32 --------- d-----w C:\Program Files\TVAnts 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-05 21:56 --------- d-----w C:\Program Files\SatelliteTVforPC 2008-07-01 23:27 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\U3 2008-06-30 16:11 --------- d-----w C:\Program Files\Smart Projects 2008-06-30 15:56 --------- d-----w C:\Program Files\Tunatic 2008-06-25 18:32 --------- d-----w C:\Program Files\IObit 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 18:33 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\Ahead 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 23:20 --------- d-----w C:\Program Files\Ahead 2008-06-19 23:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-06-19 00:00 --------- d-----w C:\Program Files\Nero 2008-06-19 00:00 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-06-19 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2002-09-24 08:24 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll 2002-08-19 07:46 36,864 -c--a-w C:\WINDOWS\inf\i386\Vizmicro.dll 2002-05-16 09:21 286,720 -c--a-w C:\WINDOWS\inf\i386\rtscan.dll 2002-05-16 09:20 172,032 -c--a-w C:\WINDOWS\inf\i386\viceo.dll 2001-08-03 18:29 13,824 -c--a-w C:\WINDOWS\inf\i386\Usbscan.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-15_12.54.47.45 ))))))))))))))))))))))))))))))))))))))))) . + 2007-05-10 09:11:42 1,767,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PPCNV.DLL + 2007-03-21 18:00:06 72,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\PXBCOM.EXE + 2007-03-21 17:58:40 4,145,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12CNV.DLL + 2007-03-21 17:58:46 24,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\WRD12EXE.EXE + 2007-05-10 09:25:40 14,677,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\000021090200C0400000000000F01FEC\12.0.6021\XL12CNV.EXE + 2008-08-16 10:27:02 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe + 1998-07-12 23:00:00 16,384 ----a-w C:\WINDOWS\system32\ADODCFR.DLL + 1998-07-12 23:00:00 20,992 ----a-w C:\WINDOWS\system32\CMCT2FR.DLL + 1998-07-12 23:00:00 28,672 ----a-w C:\WINDOWS\system32\CMCT3FR.DLL + 1998-07-12 23:00:00 89,600 ----a-w C:\WINDOWS\system32\CMCTLFR.DLL + 1998-07-12 23:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL + 1997-11-30 23:00:00 57,342 ----a-w C:\WINDOWS\system32\COMMTB32.DLL + 1998-07-12 23:00:00 31,232 ----a-w C:\WINDOWS\system32\DATGDFR.DLL + 1998-07-12 23:00:00 30,720 ----a-w C:\WINDOWS\system32\DATLSFR.DLL + 1998-07-12 23:00:00 21,504 ----a-w C:\WINDOWS\system32\DATRPFR.DLL + 1998-06-17 23:00:00 45,056 ----a-w C:\WINDOWS\system32\DBADAPT.DLL + 1998-07-12 23:00:00 31,232 ----a-w C:\WINDOWS\system32\DBLSTFR.DLL + 1998-06-23 23:00:00 16,656 ----a-w C:\WINDOWS\system32\DBMSSHRN.DLL + 1998-06-23 23:00:00 11,536 ----a-w C:\WINDOWS\system32\DBMSSOCN.DLL + 1998-07-12 23:00:00 33,280 ----a-w C:\WINDOWS\system32\DBRPRFR.DLL + 1998-07-12 23:00:00 51,200 ----a-w C:\WINDOWS\system32\DBRPTFR.DLL + 2008-05-09 12:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2008-01-21 17:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2008-06-27 14:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys - 2008-08-15 10:37:39 13,789 ----a-w C:\WINDOWS\system32\drivers\klif.sys + 2008-08-15 19:03:23 13,789 ----a-w C:\WINDOWS\system32\drivers\klif.sys + 2007-03-01 09:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys + 1998-07-12 23:00:00 40,960 ----a-w C:\WINDOWS\system32\FLXGDFR.DLL - 2008-08-01 10:38:33 312,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-08-15 17:11:58 331,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 1998-07-02 23:00:00 31,744 ----a-w C:\WINDOWS\system32\HLP95EN.DLL + 1998-06-29 23:00:00 182,226 ----a-w C:\WINDOWS\system32\HTMUTIL.DLL + 1998-07-12 23:00:00 15,360 ----a-w C:\WINDOWS\system32\INETFR.DLL + 1998-07-12 23:00:00 32,768 ----a-w C:\WINDOWS\system32\MCIFR.DLL + 1998-06-19 23:00:00 65,200 ----a-w C:\WINDOWS\system32\MDT2FW95.DLL + 1998-06-17 23:00:00 77,824 ----a-w C:\WINDOWS\system32\MSBIND.DLL + 1998-07-12 23:00:00 59,904 ----a-w C:\WINDOWS\system32\MSCC2FR.DLL + 1998-07-12 23:00:00 107,520 ----a-w C:\WINDOWS\system32\MSCH2FR.DLL + 1998-07-12 23:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL + 1998-07-12 23:00:00 13,824 ----a-w C:\WINDOWS\system32\MSCOMFR.DLL + 1998-06-17 23:00:00 311,296 ----a-w C:\WINDOWS\system32\MSDBRPT.DLL + 1998-06-17 23:00:00 299,008 ----a-w C:\WINDOWS\system32\MSDBRPTR.DLL + 1998-07-12 23:00:00 51,200 ----a-w C:\WINDOWS\system32\MSHFGFR.DLL + 1998-04-24 23:00:00 1,045,776 ----a-w C:\WINDOWS\system32\MSJET35.DLL + 1998-07-06 23:00:00 149,776 ----a-w C:\WINDOWS\system32\MSJINT35.DLL + 1998-05-30 23:00:00 1,233,680 ----a-w C:\WINDOWS\system32\MSJT4JLT.DLL + 1998-04-24 23:00:00 24,848 ----a-w C:\WINDOWS\system32\MSJTER35.DLL + 1998-07-12 23:00:00 23,040 ----a-w C:\WINDOWS\system32\MSMPIFR.DLL + 1998-07-12 23:00:00 20,480 ----a-w C:\WINDOWS\system32\MSMSKFR.DLL + 1998-04-24 23:00:00 252,176 ----a-w C:\WINDOWS\system32\MSRD2X35.DLL + 1998-04-24 23:00:00 407,312 ----a-w C:\WINDOWS\system32\MSREPL35.DLL + 1998-05-30 23:00:00 72,704 ----a-w C:\WINDOWS\system32\ODBCTL32.DLL + 1998-07-12 23:00:00 9,728 ----a-w C:\WINDOWS\system32\PCCLPFR.DLL + 1998-07-12 23:00:00 34,304 ----a-w C:\WINDOWS\system32\RCHTXFR.DLL + 1998-07-12 23:00:00 68,096 ----a-w C:\WINDOWS\system32\RDO20FR.DLL + 1998-06-10 23:00:00 15,120 ----a-w C:\WINDOWS\system32\REPUTIL.DLL + 1998-04-24 23:00:00 32,256 ----a-w C:\WINDOWS\system32\SELFREG.DLL + 1998-07-12 23:00:00 5,120 ----a-w C:\WINDOWS\system32\SQLPAFR.DLL + 1998-06-17 23:00:00 118,784 ----a-w C:\WINDOWS\system32\SQLPARSE.DLL + 1998-07-12 23:00:00 6,656 ----a-w C:\WINDOWS\system32\STDFTFR.DLL + 1998-07-12 23:00:00 10,240 ----a-w C:\WINDOWS\system32\SYSINFR.DLL + 1998-07-12 23:00:00 21,504 ----a-w C:\WINDOWS\system32\TABCTFR.DLL + 1998-06-17 23:00:00 153,600 ----a-w C:\WINDOWS\system32\TLBINF32.DLL + 1998-06-17 23:00:00 89,360 ----a-w C:\WINDOWS\system32\VB5DB.DLL + 1998-07-12 23:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL + 1998-07-12 23:00:00 102,912 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL + 1998-04-24 23:00:00 368,912 ----a-w C:\WINDOWS\system32\VBAR332.DLL - 2001-08-28 12:00:00 20,535 -c--a-w C:\WINDOWS\system32\vfpodbc.dll + 1998-07-14 23:00:00 978,704 -c--a-w C:\WINDOWS\system32\vfpodbc.dll + 1998-06-12 23:00:00 30,720 ----a-w C:\WINDOWS\system32\WINDBVER.EXE + 1998-07-12 23:00:00 15,872 ----a-w C:\WINDOWS\system32\WINSKFR.DLL + 2005-09-22 22:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll + 2005-09-22 22:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll + 2005-09-22 22:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-12 17:37 219952] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-06-25 14:58 1209584] "ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 15:33 963072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 16:14 1107848] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-06-12 17:37 219952 C:\Program Files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 15:47] S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-03-29 17:33] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57] S3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-11-23 07:41] S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-03-05 04:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{272656b2-5ff2-11dd-8c2f-00138fe88153}] \Shell\AutoRun\command - xqf.com \Shell\explore\Command - xqf.com \Shell\open\Command - xqf.com *Newly Created Service* - CATCHME . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Abdelhamid\Application Data\Mozilla\Firefox\Profiles\zjstxewd.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-17 18:34:00 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-17 18:39:27 ComboFix-quarantined-files.txt 2008-08-17 17:39:14 ComboFix2.txt 2008-08-15 15:54:06 ComboFix3.txt 2008-08-15 11:58:31 Pre-Run: 1,206,177,792 octets libres Post-Run: 1,196,621,824 octets libres 267 --- E O F --- 2008-08-16 13:19:28

bonjour merci bk pour ton assistant j'ai un seul disque dûr partitionner en 2 disque C: et D: donc D: c'est mon 2éme disque dûr voila mon nouveau rapport de HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:11:14, on 16/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Winamp\winamp.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{742C343D-4B6A-426E-8418-A14B6D008D62}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 6719 bytes merci encore 1000 fois je trouve pas les mots pour te remercier

merci bk voila la rapport de AntiVir Avira AntiVir Personal Report file date: samedi 16 août 2008 12:19 Scanning for 1559120 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Abdelhamid Computer name: CYBERCHABAB Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15 ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 10:59:08 ANTIVIR3.VDF : 7.0.6.24 103424 Bytes 16/08/2008 10:59:10 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 09:46:50 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 16/08/2008 10:59:29 AESCN.DLL : 8.1.0.23 119156 Bytes 16/08/2008 10:59:28 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 09:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 16/08/2008 10:59:27 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 16/08/2008 10:59:25 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 16/08/2008 10:59:24 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 09:46:50 AEGEN.DLL : 8.1.0.35 315764 Bytes 16/08/2008 10:59:16 AEEMU.DLL : 8.1.0.7 430452 Bytes 16/08/2008 10:59:14 AECORE.DLL : 8.1.1.8 172406 Bytes 16/08/2008 10:59:12 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 09:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 16/08/2008 10:59:11 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 16 août 2008 12:19 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'pctsTray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '44' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\t1ypkh.exe [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '491fb811.qua'! C:\upload_moi_CYBERCHABAB.tar.gz [0] Archive type: GZ --> upload_moi.tar [1] Archive type: TAR (tape archiver) --> WINDOWS/System32/ckvo.exe [DETECTION] Is the TR/Vundo.Gen Trojan --> WINDOWS/System32/ckvo1.dll [DETECTION] Is the TR/Vundo.Gen Trojan --> WINDOWS/System32/ckvo0.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4912b868.qua'! C:\QooBox\Quarantine\C\b3b9u.com.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4908be65.qua'! C:\QooBox\Quarantine\C\t1ypkh.exe.vir [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '491fbe64.qua'! C:\QooBox\Quarantine\C\tbm9.bat.vir [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4913be95.qua'! C:\QooBox\Quarantine\C\tyktjfww.exe.vir [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '4911bead.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo.exe.vir [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '491cbea2.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo0.dll.vir [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '491cbea3.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ckvo1.dll.vir [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48068594.qua'! C:\WINDOWS\system32\ckvo0.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '491cc428.qua'! C:\WINDOWS\system32\ckvo1.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '480be079.qua'! Begin scan in 'D:\' D:\t1ypkh.exe [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '491fc5fe.qua'! D:\ares\ea games - [pc game] need for speed hot pursuit 2.exe [0] Archive type: RAR SFX (self extracting) --> NFSHP2\NFSHP2.ACE [1] Archive type: ACE --> actors\ActorDef\3DBack.adf [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\logiciel\cpy\USB_GATEFinalEDITION\USB_GATE\USB GATE Installer.exe [0] Archive type: RSRC --> Object [DETECTION] Is the TR/VB.Small.925696 Trojan [NOTE] The file was moved to '48e8c9ad.qua'! End of the scan: samedi 16 août 2008 13:38 Used time: 1:19:31 Hour(s) The scan has been done completely. 3340 Scanning directories 154164 Files were scanned 15 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 13 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 154147 Files not concerned 1249 Archives were scanned 3 Warnings 13 Notes merci encore 10000 fis

salut Merci encore une fois pour votre aide voila les rapports de 1 ) MBAM, 2) Combofix, et 3) HijackThis 1) rapport de MBM Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1054 Windows 5.1.2600 Service Pack 2 23:07:54 15/08/2008 mbam-log-8-15-2008 (23-07-54).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 73876 Temps écoulé: 1 hour(s), 52 minute(s), 30 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully. 2) rapport de ComboFix ComboFix 08-08-14.03 - Abdelhamid 2008-08-15 16:39:54.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.30 [GMT 1:00] Endroit: C:\Documents and Settings\Abdelhamid\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Abdelhamid\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\t1ypkh.exe C:\WINDOWS\phd2dll.INI . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\t1ypkh.exe C:\WINDOWS\phd2dll.INI . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))))))) . 2008-08-15 16:16 . 2008-08-15 16:16 <REP> d-------- C:\Program Files\MSECache 2008-08-15 12:44 . 2008-08-15 12:44 0 --------- C:\WINDOWS\S7EB0C8A7.tmp 2008-08-14 20:02 . 2008-08-14 20:02 13,397,513 --a------ C:\upload_moi_CYBERCHABAB.tar.gz 2008-08-14 11:46 . 2008-08-14 11:46 <REP> d-------- C:\Program Files\Trend Micro 2008-08-08 19:04 . 2008-08-09 11:24 <REP> d-------- C:\Program Files\WinAVI Video Converter 2008-08-08 17:33 . 2008-08-08 17:33 <REP> d-------- C:\DriveKey 2008-08-07 13:50 . 2008-08-07 13:50 <REP> d-------- C:\My Documents 2008-08-07 13:48 . 2008-08-08 17:43 <REP> d-------- C:\Program Files\Amor SWF to Video Converter 2008-08-03 11:48 . 2008-08-09 16:04 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\FileZilla 2008-08-03 11:46 . 2008-08-03 11:47 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-08-01 12:06 . 2008-08-01 12:16 <REP> d-------- C:\Program Files\HDGraph 2008-08-01 01:39 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-08-01 01:10 . 2008-08-01 01:10 <REP> d-------- C:\Program Files\MSXML 6.0 2008-07-28 16:30 . 2008-07-28 16:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-28 13:57 . 2008-07-28 13:57 <REP> d-------- C:\WINDOWS\Sun 2008-07-28 13:55 . 2005-04-13 04:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-07-28 13:53 . 2008-07-28 13:55 <REP> d-------- C:\Program Files\Java 2008-07-28 13:51 . 2008-07-28 13:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-07-28 11:27 . 2008-07-28 11:28 <REP> d-------- C:\Program Files\ReaConverter Pro 2008-07-27 15:06 . 2008-07-27 15:06 <REP> d-------- C:\WINDOWS\system32\RMBin 2008-07-27 15:06 . 2002-01-05 07:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-07-27 15:06 . 2002-01-05 06:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2008-07-27 15:06 . 2002-01-05 12:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2008-07-27 15:06 . 2008-07-27 15:06 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2008-07-27 14:11 . 2008-07-27 18:37 <REP> d-------- C:\TEMP 2008-07-27 14:09 . 2008-07-27 17:08 <REP> d-------- C:\Program Files\AVI MPEG WMV RM to MP3 Converter 2008-07-27 00:28 . 2008-07-28 15:00 <REP> d-------- C:\Program Files\AMT 2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-07-26 12:50 . 2008-07-26 15:20 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-07-25 20:53 . 2005-02-27 22:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax 2008-07-24 19:37 . 2008-07-24 19:37 <REP> d-------- C:\Program Files\JPEG Camera 2008-07-22 12:27 . 2008-07-27 17:42 <REP> d-------- C:\Program Files\QuickMediaConverter 2008-07-22 12:12 . 2008-07-22 12:25 <REP> d-------- C:\Program Files\NewLive All Media To Mp3 Converter 2008-07-19 13:58 . 2008-07-19 20:07 <REP> d-------- C:\Program Files\MOBILedit! 2008-07-18 21:12 . 2003-07-16 15:27 43,264 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys 2008-07-18 21:10 . 2008-08-08 17:33 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\PC Suite 2008-07-18 20:57 . 2008-07-18 20:59 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\Nokia 2008-07-18 20:50 . 2008-07-18 20:50 <REP> d-------- C:\Program Files\DIFX 2008-07-18 20:50 . 2007-09-17 16:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-07-18 20:49 . 2008-07-18 20:49 <REP> d-------- C:\Program Files\PC Connectivity Solution 2008-07-18 20:46 . 2008-05-07 08:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-07-18 20:22 . 2008-07-18 20:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-07-17 13:47 . 2008-08-11 19:45 <REP> d-------- C:\Program Files\Windows Live Safety Center 2008-07-15 21:17 . 2008-07-15 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\09 2008-07-15 21:17 . 2008-07-14 11:55 308,600 --a------ C:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-15 12:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-15 11:49 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\uTorrent 2008-08-15 11:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-12 10:24 --------- d-----w C:\Program Files\Spyware Doctor 2008-08-07 11:21 --------- d-----w C:\Program Files\uTorrent 2008-08-05 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-03 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-02 11:34 --------- d-----w C:\Program Files\ma-config.com 2008-08-02 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-07-30 16:42 23,888 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 16:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 16:28 10,537 -c--a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-27 00:35 --------- d-----w C:\Program Files\Real Alternative 2008-07-18 20:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-07-07 23:30 --------- d-----w C:\Program Files\X2CD 2008-07-07 20:32 --------- d-----w C:\Program Files\TVAnts 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-05 21:56 --------- d-----w C:\Program Files\SatelliteTVforPC 2008-07-01 23:27 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\U3 2008-06-30 16:11 --------- d-----w C:\Program Files\Smart Projects 2008-06-30 15:56 --------- d-----w C:\Program Files\Tunatic 2008-06-25 18:32 --------- d-----w C:\Program Files\IObit 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 18:33 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\Ahead 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 23:20 --------- d-----w C:\Program Files\Ahead 2008-06-19 23:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-06-19 00:00 --------- d-----w C:\Program Files\Nero 2008-06-19 00:00 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-06-19 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-06-13 14:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll 2008-06-13 14:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2008-06-04 19:16 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2002-09-24 08:24 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll 2002-08-19 07:46 36,864 -c--a-w C:\WINDOWS\inf\i386\Vizmicro.dll 2002-05-16 09:21 286,720 -c--a-w C:\WINDOWS\inf\i386\rtscan.dll 2002-05-16 09:20 172,032 -c--a-w C:\WINDOWS\inf\i386\viceo.dll 2001-08-03 18:29 13,824 -c--a-w C:\WINDOWS\inf\i386\Usbscan.sys . ((((((((((((((((((((((((((((( snapshot@2008-08-15_12.54.47.45 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-15 15:19:15 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe + 2005-09-22 22:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll + 2005-09-22 22:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll + 2005-09-22 22:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-12 17:37 219952] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-06-25 14:58 1209584] "ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 15:33 963072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 16:14 1107848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-06-12 17:37 219952 C:\Program Files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-14 12:02] S2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 15:47] S3 CAM1690;USB 2.0 Compliance JPEG Video Camera;C:\WINDOWS\system32\Drivers\cam1690.sys [2007-03-29 17:33] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57] S3 PAC207;SoC PC-Camera Beta3;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-11-23 07:41] S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-03-05 04:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{272656b2-5ff2-11dd-8c2f-00138fe88153}] \Shell\AutoRun\command - xqf.com \Shell\explore\Command - xqf.com \Shell\open\Command - xqf.com *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Abdelhamid.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 16:49:21 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose Balayage processus cachés ... C:\WINDOWS\system32\ZSHP1020.EXE [1820] 0xFEE0EB10 C:\WINDOWS\system32\ZSHP1020.EXE [636] 0xFE8B1DA0 Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-08-15 16:54:02 ComboFix-quarantined-files.txt 2008-08-15 15:53:51 ComboFix2.txt 2008-08-15 11:58:31 Pre-Run: 304,865,280 octets libres Post-Run: 336,707,584 octets libres 197 --- E O F --- 2008-08-14 23:50:38 3) rapport de HijackThis , le premier analyse Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:49:57, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\cleanmgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{742C343D-4B6A-426E-8418-A14B6D008D62}: NameServer = 192.168.1.1 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 8145 bytes en fin je te remercie pour votre effort avec moi merci 1000 fois bon courage

Merci bk Mr Gof c'est vraiment gentil de ta part de me faire assistant pour résoudre mes probleme j'ai fait se que tu m'a demander avec ComboFix voila son résultat merci bk --------------------------------------------- --------------------------------------------- ComboFix 08-08-14.03 - Abdelhamid 2008-08-15 12:30:12.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.35 [GMT 1:00] Endroit: C:\Documents and Settings\Abdelhamid\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Abdelhamid\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\S7EB0C8A7.tmp C:\WINDOWS\System32\agsaamc.dll C:\WINDOWS\System32\agsaamg.dll C:\WINDOWS\System32\agsaami.dll C:\WINDOWS\System32\agsaamj.dll C:\WINDOWS\System32\akll.dll C:\WINDOWS\System32\bkll.dll C:\WINDOWS\System32\ckll.dll C:\WINDOWS\System32\ckvo.exe C:\WINDOWS\System32\ckvo0.dll C:\WINDOWS\System32\ckvo1.dll C:\WINDOWS\System32\maag.dll C:\WINDOWS\System32\winitn.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\b3b9u.com C:\tbm9.bat C:\tyktjfww.exe C:\WINDOWS\System32\agsaamc.dll C:\WINDOWS\System32\agsaamg.dll C:\WINDOWS\System32\agsaami.dll C:\WINDOWS\System32\agsaamj.dll C:\WINDOWS\System32\akll.dll C:\WINDOWS\System32\bkll.dll C:\WINDOWS\System32\ckll.dll C:\WINDOWS\System32\ckvo.exe C:\WINDOWS\system32\ckvo0.dll C:\WINDOWS\System32\ckvo1.dll C:\WINDOWS\System32\maag.dll C:\WINDOWS\System32\winitn.dll D:\Autorun.inf D:\b3b9u.com D:\tbm9.bat D:\tyktjfww.exe C:\WINDOWS\S7EB0C8A7.tmp . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))))))) . 2008-08-15 12:44 . 2008-08-15 12:44 0 --------- C:\WINDOWS\S7EB0C8A7.tmp 2008-08-14 20:02 . 2008-08-14 20:02 13,397,513 --a------ C:\upload_moi_CYBERCHABAB.tar.gz 2008-08-14 17:56 . 2008-08-15 11:39 91,411 -r-hs---- C:\t1ypkh.exe 2008-08-14 11:46 . 2008-08-14 11:46 <REP> d-------- C:\Program Files\Trend Micro 2008-08-08 19:04 . 2008-08-09 11:24 <REP> d-------- C:\Program Files\WinAVI Video Converter 2008-08-08 17:33 . 2008-08-08 17:33 <REP> d-------- C:\DriveKey 2008-08-07 13:50 . 2008-08-07 13:50 <REP> d-------- C:\My Documents 2008-08-07 13:48 . 2008-08-08 17:43 <REP> d-------- C:\Program Files\Amor SWF to Video Converter 2008-08-03 11:48 . 2008-08-09 16:04 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\FileZilla 2008-08-03 11:46 . 2008-08-03 11:47 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-08-01 12:06 . 2008-08-01 12:16 <REP> d-------- C:\Program Files\HDGraph 2008-08-01 01:39 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2008-08-01 01:10 . 2008-08-01 01:10 <REP> d-------- C:\Program Files\MSXML 6.0 2008-07-28 16:30 . 2008-07-28 16:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-07-28 13:57 . 2008-07-28 13:57 <REP> d-------- C:\WINDOWS\Sun 2008-07-28 13:55 . 2005-04-13 04:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-07-28 13:53 . 2008-07-28 13:55 <REP> d-------- C:\Program Files\Java 2008-07-28 13:51 . 2008-07-28 13:51 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-07-28 11:27 . 2008-07-28 11:28 <REP> d-------- C:\Program Files\ReaConverter Pro 2008-07-27 15:06 . 2008-07-27 15:06 <REP> d-------- C:\WINDOWS\system32\RMBin 2008-07-27 15:06 . 2002-01-05 07:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-07-27 15:06 . 2002-01-05 06:40 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2008-07-27 15:06 . 2002-01-05 12:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2008-07-27 15:06 . 2008-07-27 15:06 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2008-07-27 14:11 . 2008-07-27 18:37 <REP> d-------- C:\TEMP 2008-07-27 14:09 . 2008-07-27 17:08 <REP> d-------- C:\Program Files\AVI MPEG WMV RM to MP3 Converter 2008-07-27 00:28 . 2008-07-28 15:00 <REP> d-------- C:\Program Files\AMT 2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-07-26 23:33 . 2001-08-17 22:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-07-26 12:50 . 2008-07-26 15:20 <REP> d-------- C:\WINDOWS\BDOSCAN8 2008-07-25 20:53 . 2005-02-27 22:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax 2008-07-25 13:00 . 2008-08-05 12:38 97 --a------ C:\WINDOWS\phd2dll.INI 2008-07-24 19:37 . 2008-07-24 19:37 <REP> d-------- C:\Program Files\JPEG Camera 2008-07-22 12:27 . 2008-07-27 17:42 <REP> d-------- C:\Program Files\QuickMediaConverter 2008-07-22 12:12 . 2008-07-22 12:25 <REP> d-------- C:\Program Files\NewLive All Media To Mp3 Converter 2008-07-19 13:58 . 2008-07-19 20:07 <REP> d-------- C:\Program Files\MOBILedit! 2008-07-18 21:12 . 2003-07-16 15:27 43,264 --a------ C:\WINDOWS\system32\drivers\ser2pl.sys 2008-07-18 21:10 . 2008-08-08 17:33 <REP> d--h----- C:\Program Files\InstallShield Installation Information 2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-07-18 20:57 . 2008-07-18 20:57 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\PC Suite 2008-07-18 20:57 . 2008-07-18 20:59 <REP> d-------- C:\Documents and Settings\Abdelhamid\Application Data\Nokia 2008-07-18 20:50 . 2008-07-18 20:50 <REP> d-------- C:\Program Files\DIFX 2008-07-18 20:50 . 2007-09-17 16:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-07-18 20:49 . 2008-07-18 20:49 <REP> d-------- C:\Program Files\PC Connectivity Solution 2008-07-18 20:46 . 2008-05-07 08:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-07-18 20:22 . 2008-07-18 20:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-07-17 13:47 . 2008-08-11 19:45 <REP> d-------- C:\Program Files\Windows Live Safety Center 2008-07-15 21:17 . 2008-07-15 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\09 2008-07-15 21:17 . 2008-07-14 11:55 308,600 --a------ C:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-15 11:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-15 11:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-08-15 10:39 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\uTorrent 2008-08-12 10:24 --------- d-----w C:\Program Files\Spyware Doctor 2008-08-07 11:21 --------- d-----w C:\Program Files\uTorrent 2008-08-05 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-03 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-02 11:34 --------- d-----w C:\Program Files\ma-config.com 2008-08-02 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-07-30 16:42 23,888 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 16:28 706 -c--a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 16:28 10,537 -c--a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-27 00:35 --------- d-----w C:\Program Files\Real Alternative 2008-07-18 20:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-07-07 23:30 --------- d-----w C:\Program Files\X2CD 2008-07-07 20:32 --------- d-----w C:\Program Files\TVAnts 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-05 21:56 --------- d-----w C:\Program Files\SatelliteTVforPC 2008-07-01 23:27 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\U3 2008-06-30 16:11 --------- d-----w C:\Program Files\Smart Projects 2008-06-30 15:56 --------- d-----w C:\Program Files\Tunatic 2008-06-25 18:32 --------- d-----w C:\Program Files\IObit 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 18:33 --------- d-----w C:\Documents and Settings\Abdelhamid\Application Data\Ahead 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 23:20 --------- d-----w C:\Program Files\Ahead 2008-06-19 23:19 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-06-19 00:00 --------- d-----w C:\Program Files\Nero 2008-06-19 00:00 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-06-19 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-06-13 14:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll 2008-06-13 14:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2008-06-04 19:16 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2002-09-24 08:24 61,440 -c--a-w C:\WINDOWS\inf\i386\onetUSD.dll 2002-08-19 07:46 36,864 -c--a-w C:\WINDOWS\inf\i386\Vizmicro.dll 2002-05-16 09:21 286,720 -c--a-w C:\WINDOWS\inf\i386\rtscan.dll 2002-05-16 09:20 172,032 -c--a-w C:\WINDOWS\inf\i386\viceo.dll 2001-08-03 18:29 13,824 -c--a-w C:\WINDOWS\inf\i386\Usbscan.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-06-12 17:37 219952] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-06-25 14:58 1209584] "ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 15:33 963072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-14 12:01 51048] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 05:53 714608] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 16:14 1107848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRun"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2008-06-12 17:37 219952 C:\Program Files\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61cc297e-41ff-11dd-8bf3-00138fe88153}] \Shell\AutoRun\command - G:\6x8be16.cmd \Shell\explore\Command - G:\6x8be16.cmd \Shell\open\Command - G:\6x8be16.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68eba937-3a49-11dd-8be5-00138fe88153}] \shell\AutoRun\command - G:\olb1iimw.bat \shell\explore\Command - G:\olb1iimw.bat \shell\open\Command - G:\olb1iimw.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b97ae8f-686b-11dd-8c43-00138fe88153}] \Shell\AutoRun\command - G:\f0.cmd \Shell\explore\Command - f0.cmd \Shell\open\Command - G:\f0.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{780b9320-3870-11dd-8be1-00138fe88153}] \shell\AutoRun\command - ylr.exe \shell\explore\Command - ylr.exe \shell\open\Command - ylr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{780b9328-3870-11dd-8be1-00138fe88153}] \Shell\AutoRun\command - lsass.exe \Shell\open\Command - lsass.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7edfce3f-3ed8-11dd-8bed-00138fe88153}] \Shell\AutoRun\command - H:\d6fagcs8.cmd \Shell\explore\Command - H:\d6fagcs8.cmd \Shell\open\Command - H:\d6fagcs8.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8619b03c-330c-11dd-8bd2-00138fe88153}] \Shell\AutoRun\command - G:\u8jre9hv.bat \Shell\explore\Command - G:\u8jre9hv.bat \Shell\open\Command - G:\u8jre9hv.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd1850c-3c7f-11dd-8be7-00138fe88153}] \Shell\Auto\command - G:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe \Shell\explore\Command - G:\00hoeav.com \Shell\open\Command - G:\00hoeav.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3827b11-3fe2-11dd-8bf0-00138fe88153}] \Shell\AutoRun\command - G:\6x8be16.cmd \Shell\explore\Command - G:\6x8be16.cmd \Shell\open\Command - G:\6x8be16.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44def81-3ba7-11dd-8be6-00138fe88153}] \Shell\AutoRun\command - G:\qa8sywva.cmd \Shell\explore\Command - qa8sywva.cmd \Shell\open\Command - G:\qa8sywva.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44def84-3ba7-11dd-8be6-00138fe88153}] \Shell\AutoRun\command - G:\tbm9.bat \Shell\explore\Command - G:\tbm9.bat \Shell\open\Command - G:\tbm9.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de166b53-4d39-11dd-8c08-00138fe88153}] \Shell\AutoRun\command - lsass.exe \Shell\open\Command - lsass.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa729130-3dff-11dd-8bea-00138fe88153}] \Shell\AutoRun\command - H:\6x8be16.cmd \Shell\explore\Command - H:\6x8be16.cmd \Shell\open\Command - H:\6x8be16.cmd *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Abdelhamid.job - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19] . - - - - ORPHANS REMOVED - - - - HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-15 12:46:14 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fichiers communs\Symantec Shared\CCSVCHST.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSVCHST.EXE C:\WINDOWS\system32\PAStiSvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Spyware Doctor\pctsSvc.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-15 12:58:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-15 11:57:49 Pre-Run: 623,771,648 octets libres Post-Run: 707,104,768 octets libres 272 --- E O F --- 2008-08-14 23:50:38 Merci bk en avance

Merci Mr Gof je vien d'utiliser le programe que tu ma conseiller de faire une analyse avec lui et voila le resultat de l'analyse ------------------------------------ -------------------------------- DiagHelp version v1.4 - http://www.malekal.com excute le 14/08/2008 à 19:51:58,56 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->14/08/2008 19:51:53 C:\WINDOWS\prefetch\IPCONFIG.EXE-2395F30B.pf -->14/08/2008 19:47:34 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->14/08/2008 19:47:22 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->14/08/2008 19:46:58 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->14/08/2008 19:46:47 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->14/08/2008 19:43:58 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->14/08/2008 19:41:32 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->14/08/2008 19:40:59 C:\WINDOWS\prefetch\WINWORD.EXE-37F6AE09.pf -->14/08/2008 19:40:47 C:\WINDOWS\prefetch\OUTLOOK.EXE-21C6162B.pf -->14/08/2008 19:40:34 C:\WINDOWS\System32\drivers\klif.sys -->14/08/2008 17:52:53 C:\WINDOWS\System32\drivers\COH_Mon.sys -->30/07/2008 17:42:12 C:\WINDOWS\System32\drivers\COH_Mon.inf -->30/07/2008 17:28:04 C:\WINDOWS\System32\drivers\coh_mon.cat -->30/07/2008 17:28:04 C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 11:45:13 C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 11:44:38 C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 10:52:06 C:\WINDOWS\System32\ckvo1.dll -->14/08/2008 17:56:11 C:\WINDOWS\System32\ckvo.exe -->14/08/2008 17:55:56 C:\WINDOWS\System32\ckvo0.dll -->14/08/2008 17:52:57 C:\WINDOWS\System32\wpa.dbl -->07/08/2008 10:43:11 C:\WINDOWS\System32\perfh00C.dat -->03/08/2008 10:44:59 C:\WINDOWS\System32\PerfStringBackup.INI -->03/08/2008 10:44:58 C:\WINDOWS\System32\perfh009.dat -->03/08/2008 10:44:58 C:\WINDOWS\System32\perfc00C.dat -->03/08/2008 10:44:58 C:\WINDOWS\System32\perfc009.dat -->03/08/2008 10:44:58 C:\WINDOWS\System32\FNTCACHE.DAT -->01/08/2008 11:38:33 C:\WINDOWS\System32\jupdate-1.5.0_03-b07.log -->28/07/2008 13:55:18 C:\WINDOWS\System32\winitn.dll -->27/07/2008 15:07:06 C:\WINDOWS\System32\maag.dll -->27/07/2008 15:06:58 C:\WINDOWS\System32\ckll.dll -->27/07/2008 15:06:58 C:\WINDOWS\System32\bkll.dll -->27/07/2008 15:06:57 C:\WINDOWS\System32\akll.dll -->27/07/2008 15:06:57 C:\WINDOWS\System32\agsaamj.dll -->27/07/2008 15:06:57 C:\WINDOWS\System32\agsaami.dll -->27/07/2008 15:06:56 C:\WINDOWS\System32\agsaamg.dll -->27/07/2008 15:06:56 C:\WINDOWS\System32\agsaamc.dll -->27/07/2008 15:06:56 C:\WINDOWS\System32\MRT.exe -->25/06/2008 17:15:46 C:\WINDOWS\System32\mswsock.dll -->20/06/2008 18:41:06 C:\WINDOWS\System32\dnsapi.dll -->20/06/2008 18:41:06 C:\WINDOWS\System32\SymNeti.dll -->13/06/2008 15:45:48 C:\WINDOWS\System32\SymRedir.dll -->13/06/2008 15:45:44 C:\WINDOWS\WindowsUpdate.log -->14/08/2008 19:44:00 C:\WINDOWS\wiadebug.log -->14/08/2008 17:47:49 C:\WINDOWS\wiaservc.log -->14/08/2008 17:47:42 C:\WINDOWS\bootstat.dat -->14/08/2008 17:46:29 C:\WINDOWS\SchedLgU.Txt -->14/08/2008 00:51:40 C:\WINDOWS\NeroDigital.ini -->07/08/2008 13:22:59 C:\WINDOWS\phd2dll.INI -->05/08/2008 12:38:44 C:\WINDOWS\WMSysPr9.prx -->27/07/2008 14:10:03 C:\WINDOWS\win.ini -->27/07/2008 00:29:10 C:\WINDOWS\X2CD.INI -->07/07/2008 23:58:12 C:\WINDOWS\system.ini -->30/06/2008 11:14:56 C:\WINDOWS\mozver.dat -->19/06/2008 17:23:05 C:\WINDOWS\S7EB0C8A7.tmp -->14/06/2008 15:28:24 C:\WINDOWS\nsreg.dat -->13/06/2008 14:41:35 C:\WINDOWS\Sti_Trace.log -->13/06/2008 04:35:52 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1720 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x636e0000 0x29000 5.05.0001.0001 C:\Program Files\Spyware Doctor\smumhook.dll 0x5a000000 0x1f000 5.05.0001.0000 C:\Program Files\Spyware Doctor\klg.dat 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x10000000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x01490000 0x27000 C:\WINDOWS\system32\ckvo1.dll 0x01a70000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x6b170000 0x9a000 107.00.0003.0007 C:\Program Files\Fichiers communs\Symantec Shared\ccL70U.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x023c0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x014c0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x086c0000 0x244000 10.00.0000.3702 C:\WINDOWS\system32\wmvcore.dll 0x070d0000 0x3b000 10.00.0000.4060 C:\WINDOWS\system32\WMASF.DLL 0x67080000 0x1c000 3.01.0000.0001 C:\Program Files\FileZilla FTP Client\fzshellext.dll 0x59590000 0x19000 9.00.0000.3250 C:\WINDOWS\system32\wmpshell.dll 0x69dd0000 0x24000 15.00.0000.0058 C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll 0x02d70000 0x2e000 C:\Program Files\WinRAR\rarext.dll 0x02e10000 0x29000 6.00.0001.0409 C:\PROGRA~1\FICHIE~1\WEBROO~1\SHELLW~1.DLL 0x02eb0000 0x3c000 4.00.0000.0000 C:\Program Files\PowerISO\PWRISOSH.DLL 0x02ef0000 0x26000 3.00.0000.4396 C:\WINDOWS\system32\igfxpph.dll 0x02b80000 0x13000 3.00.0000.4396 C:\WINDOWS\system32\hccutils.DLL 0x02f20000 0x24000 3.00.0000.4396 C:\WINDOWS\system32\igfxres.dll 0x03e70000 0x16f000 3.00.0000.4396 C:\WINDOWS\system32\igfxress.dll 0x02de0000 0xe000 3.00.0000.4396 C:\WINDOWS\system32\igfxsrvc.dll 0x5b660000 0xd000 6.00.3800.2180 C:\WINDOWS\system32\twext.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll ------------------------------------------------------------------------------ explorer.exe pid: 3128 Command line: explorer.exe D:\ Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x636e0000 0x29000 5.05.0001.0001 C:\Program Files\Spyware Doctor\smumhook.dll 0x5a000000 0x1f000 5.05.0001.0000 C:\Program Files\Spyware Doctor\klg.dat 0x10000000 0x27000 C:\WINDOWS\system32\ckvo1.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x6b170000 0x9a000 107.00.0003.0007 C:\Program Files\Fichiers communs\Symantec Shared\ccL70U.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x01980000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x086c0000 0x244000 10.00.0000.3702 C:\WINDOWS\system32\wmvcore.dll 0x070d0000 0x3b000 10.00.0000.4060 C:\WINDOWS\system32\WMASF.DLL ------------------------------------------------------------------------------ explorer.exe pid: 1168 Command line: explorer.exe D:\ Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x636e0000 0x29000 5.05.0001.0001 C:\Program Files\Spyware Doctor\smumhook.dll 0x5a000000 0x1f000 5.05.0001.0000 C:\Program Files\Spyware Doctor\klg.dat 0x10000000 0x27000 C:\WINDOWS\system32\ckvo1.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x6b170000 0x9a000 107.00.0003.0007 C:\Program Files\Fichiers communs\Symantec Shared\ccL70U.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x01980000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x086c0000 0x244000 10.00.0000.3702 C:\WINDOWS\system32\wmvcore.dll 0x070d0000 0x3b000 10.00.0000.4060 C:\WINDOWS\system32\WMASF.DLL 0x00fa0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 828 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x636e0000 0x29000 5.05.0001.0001 C:\Program Files\Spyware Doctor\smumhook.dll 0x5a000000 0x1f000 5.05.0001.0000 C:\Program Files\Spyware Doctor\klg.dat 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F441-9361 Répertoire de C:\WINDOWS\system 17/02/2004 18:51 1 458 176 SmWizard.exe 1 fichier(s) 1 458 176 octets 0 Rép(s) 680 415 232 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F441-9361 Répertoire de C:\WINDOWS\system32 19/08/2004 17:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 680 415 232 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F441-9361 Répertoire de C:\WINDOWS\Downloaded Program Files 11/08/2008 19:40 <REP> . 11/08/2008 19:40 <REP> .. 04/06/2008 18:28 65 desktop.ini 24/03/2008 20:33 1 527 056 FP_AX_CAB_INSTALLER.exe 16/05/2007 09:22 399 gp.inf 25/07/2008 15:55 1 569 hardwaredetection.inf 24/03/2008 20:18 247 swflash.inf 24/06/2008 09:05 455 744 wlscBase.dll 24/06/2008 09:07 320 wlscBase.inf 7 fichier(s) 1 985 400 octets Total des fichiers listés : 7 fichier(s) 1 985 400 octets 2 Rép(s) 680 415 232 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe"="C:\\Program Files\\TinaSoft\\Easy Cafe Server\\EasyServer.exe:*:Enabled:EasyServer" "C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableStatusMessages"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 19:58:03 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 136 - PAStiSvc.exe 208 - spoolsv.exe 356 - pctsAuxs.exe 424 - pctsSvc.exe 804 - csrss.exe 828 - winlogon.exe 872 - services.exe 884 - lsass.exe 948 - pctsTray.exe 1000 - MDM.EXE 1124 - svchost.exe 1168 - explorer.exe 1236 - svchost.exe 1296 - svchost.exe 1424 - svchost.exe 1500 - CCSVCHST.EXE 1720 - explorer.exe 2720 - OUTLOOK.EXE 2884 - msnmsgr.exe 2952 - IEXPLORE.EXE 3128 - explorer.exe 3428 - CCSVCHST.EXE 3436 - msnmsgr.exe 3484 - winamp.exe 3496 - EasyServer.exe 3504 - cmd.exe 3928 - ctfmon.exe 3952 - usnsvc.exe Total number of processes = 29 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F9A8D000 - \WINDOWS\system32\KDCOM.DLL F999D000 - \WINDOWS\system32\BOOTVID.dll F953D000 - ACPI.sys F9A8F000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F952C000 - pci.sys F958D000 - isapnp.sys F9B55000 - PCIIde.sys F980D000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS F9A91000 - intelide.sys F959D000 - MountMgr.sys F950D000 - ftdisk.sys F9A93000 - dmload.sys F94E7000 - dmio.sys F9815000 - PartMgr.sys F95AD000 - VolSnap.sys F94CF000 - atapi.sys F95BD000 - disk.sys F95CD000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F94AF000 - fltMgr.sys F949D000 - sr.sys F95DD000 - ikfilesec.sys F95ED000 - PxHelp20.sys F9486000 - KSecDD.sys F93F9000 - Ntfs.sys F93CC000 - NDIS.sys F93B1000 - Mup.sys F96ED000 - \SystemRoot\system32\DRIVERS\processr.sys F91EB000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys F91D7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F988D000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F91B4000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F9895000 - \SystemRoot\system32\DRIVERS\usbehci.sys F989D000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS F98A5000 - \SystemRoot\system32\DRIVERS\fdc.sys F91A0000 - \SystemRoot\system32\DRIVERS\parport.sys F96FD000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F98AD000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F98B5000 - \SystemRoot\system32\DRIVERS\mouclass.sys F918F000 - \SystemRoot\system32\DRIVERS\serial.sys F9A49000 - \SystemRoot\system32\DRIVERS\serenum.sys F970D000 - \SystemRoot\system32\DRIVERS\imapi.sys F98BD000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys F971D000 - \SystemRoot\system32\DRIVERS\cdrom.sys F972D000 - \SystemRoot\system32\DRIVERS\redbook.sys F916C000 - \SystemRoot\system32\DRIVERS\ks.sys F901C000 - \SystemRoot\system32\drivers\cmuda.sys F8FF8000 - \SystemRoot\system32\drivers\portcls.sys F973D000 - \SystemRoot\system32\drivers\drmk.sys F9CDC000 - \SystemRoot\system32\DRIVERS\audstub.sys F974D000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F9A51000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F8FE1000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F975D000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F976D000 - \SystemRoot\system32\DRIVERS\raspptp.sys F98C5000 - \SystemRoot\system32\DRIVERS\TDI.SYS F8F30000 - \SystemRoot\system32\DRIVERS\psched.sys F977D000 - \SystemRoot\system32\DRIVERS\msgpc.sys F98CD000 - \SystemRoot\system32\DRIVERS\ptilink.sys F98D5000 - \SystemRoot\system32\DRIVERS\raspti.sys F8ED7000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F978D000 - \SystemRoot\system32\DRIVERS\termdd.sys F98DD000 - \SystemRoot\system32\DRIVERS\SymIM.sys F9A9B000 - \SystemRoot\system32\DRIVERS\swenum.sys F8E7E000 - \SystemRoot\system32\DRIVERS\update.sys F9A6D000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F97BD000 - \SystemRoot\System32\Drivers\NDProxy.SYS F97DD000 - \SystemRoot\system32\DRIVERS\usbhub.sys F9A9D000 - \SystemRoot\system32\DRIVERS\USBD.SYS F98E5000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F0C80000 - \SystemRoot\system32\drivers\iksysflt.sys F965D000 - \SystemRoot\system32\drivers\KCOM.SYS F0C69000 - \SystemRoot\system32\drivers\iksyssec.sys F0C20000 - \SystemRoot\System32\Drivers\SRTSP.SYS F98F5000 - \SystemRoot\system32\DRIVERS\usbprint.sys F96AD000 - \SystemRoot\system32\DRIVERS\ser2pl.sys F9905000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F96BD000 - \SystemRoot\System32\Drivers\SRTSPX.SYS F9AA1000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F9B6E000 - \SystemRoot\System32\Drivers\Null.SYS F9AA3000 - \SystemRoot\System32\Drivers\Beep.SYS F9915000 - \SystemRoot\System32\drivers\vga.sys F9AA5000 - \SystemRoot\System32\Drivers\mnmdd.SYS F9AA7000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F991D000 - \SystemRoot\System32\Drivers\Msfs.SYS F9925000 - \SystemRoot\System32\Drivers\Npfs.SYS F8F28000 - \SystemRoot\system32\DRIVERS\rasacd.sys F0B08000 - \SystemRoot\system32\DRIVERS\ipsec.sys F0AB0000 - \SystemRoot\system32\DRIVERS\tcpip.sys F0A84000 - \SystemRoot\System32\Drivers\SYMTDI.SYS F0A5F000 - \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS F8F1C000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS F9AA9000 - \SystemRoot\System32\Drivers\SYMDNS.SYS F9985000 - \SystemRoot\System32\Drivers\SYMNDIS.SYS F0A49000 - \SystemRoot\System32\Drivers\SYMFW.SYS F998D000 - \SystemRoot\System32\Drivers\SYMIDS.SYS F0A0B000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\ipsdefs\20080718.003\SymIDSCo.sys F09E3000 - \SystemRoot\system32\DRIVERS\netbt.sys F09C2000 - \SystemRoot\system32\DRIVERS\ipnat.sys F8FD1000 - \SystemRoot\system32\DRIVERS\wanarp.sys F09A0000 - \SystemRoot\System32\drivers\afd.sys F8FC1000 - \SystemRoot\system32\DRIVERS\netbios.sys F0909000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys F8FB1000 - \SystemRoot\System32\Drivers\SCDEmu.SYS F08DE000 - \SystemRoot\system32\DRIVERS\rdbss.sys F0847000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F8FA1000 - \SystemRoot\System32\Drivers\Fips.SYS F985D000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys F0747000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys F0729000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys F8F81000 - \SystemRoot\System32\Drivers\Cdfs.SYS BF800000 - \SystemRoot\System32\win32k.sys F9A25000 - \SystemRoot\System32\drivers\Dxapi.sys F9885000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F9BF4000 - \SystemRoot\System32\drivers\dxgthk.sys BF9E3000 - \SystemRoot\System32\ialmdnt5.dll BF9D5000 - \SystemRoot\System32\ialmrnt5.dll BFA05000 - \SystemRoot\System32\ialmdev5.DLL BFA3A000 - \SystemRoot\System32\ialmdd5.DLL F0609000 - \SystemRoot\system32\DRIVERS\ndisuio.sys F036E000 - \SystemRoot\System32\Drivers\Fastfat.SYS F9945000 - \??\C:\WINDOWS\system32\drivers\CO_Mon.sys F0179000 - \SystemRoot\system32\drivers\wdmaud.sys F0519000 - \SystemRoot\system32\drivers\sysaudio.sys EFF67000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F9A95000 - \SystemRoot\System32\Drivers\ParVdm.SYS EFE9D000 - \SystemRoot\system32\DRIVERS\srv.sys F9C82000 - \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys EF864000 - \SystemRoot\System32\Drivers\HTTP.sys BFB1C000 - \??\C:\WINDOWS\system32\drivers\klif.sys EF3A9000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080809.002\NAVEX15.SYS EF383000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080809.002\NAVENG.SYS EEE58000 - \SystemRoot\system32\drivers\kmixer.sys F9C3A000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 136 Liste des programmes installes Adobe Flash Player ActiveX Adobe Reader 8.1.2 - Français Adobe Shockwave Player 11 AppCore Ares 2.0.9 Assistant de connexion Windows Live AVI MPEG WMV RM to MP3 Converter 1.6.8 C-Media WDM Audio Driver ccCommon CCleaner (remove only) CloneCD Component Framework EasyCafe Server 2.2 (Firewall Edition) eSupportQFolder FileZilla Client 3.1.0.1 HijackThis 2.0.2 HP Deskjet 3900 series HP Image Zone Express HP Software Update HP Solution Center & Imaging Support Tools 5.0 HP USB Disk Storage Format Tool HPDeskjet3900Series HPProductAssistant Intel® Extreme Graphics 2 Driver IsoBuster 2.3 J2SE Runtime Environment 5.0 Update 3 JPEG Camera v0.97 K-Lite Codec Pack 3.9.5 (Full) LiveUpdate (Symantec Corporation) Ma-Config.com Messenger Plus! Live Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Office Professional Edition 2003 Microsoft PhotoDraw 2000 Version 2 Microsoft Visual C++ 2005 Redistributable Mise à jour de sécurité pour Windows XP (KB923789) Mozilla Firefox (2.0.0.16) MSVC80_x86 MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero OEM neroxml Norton AntiVirus Norton AntiVirus Help Norton Confidential Core Norton Internet Security Norton Internet Security (Symantec Corporation) Norton Protection Center OneTouch Version 3.0 Package de pilotes Windows - Nokia Modem (05/22/2008 3. Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) PaperPort 7.02 PC Connectivity Solution PL-2303 USB-to-Serial PowerISO ReaConverter Pro 3.5 Real Alternative 1.60 Lite SolutionCenter SPBBC 32bit Spyware Doctor 5.5 Symantec Real Time Storage Protection Component SymNet Tunatic WebFldrs XP WebReg Winamp Window Washer Windows Imaging Component Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Media Format Runtime Windows Media Player Firefox Plugin WinRAR archiver XML Paper Specification Shared Components Pack 1.0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F441-9361 Répertoire de C:\Program Files 14/08/2008 11:46 <REP> . 14/08/2008 11:46 <REP> .. 05/06/2008 23:09 <REP> Adobe 20/06/2008 00:20 <REP> Ahead 08/08/2008 17:43 <REP> Amor SWF to Video Converter 28/07/2008 15:00 <REP> AMT 14/06/2008 23:47 <REP> Ares 27/07/2008 17:08 <REP> AVI MPEG WMV RM to MP3 Converter 06/06/2008 13:57 <REP> Borland 05/06/2008 22:12 <REP> CCleaner 04/06/2008 18:25 <REP> ComPlus Applications 18/07/2008 20:50 <REP> DIFX 28/07/2008 13:51 <REP> Fichiers communs 03/08/2008 11:47 <REP> FileZilla FTP Client 01/08/2008 12:16 <REP> HDGraph 06/06/2008 00:57 <REP> Hewlett-Packard 06/06/2008 01:07 <REP> HP 01/08/2008 01:26 <REP> Internet Explorer 25/06/2008 19:32 <REP> IObit 28/07/2008 13:55 <REP> Java 24/07/2008 19:37 <REP> JPEG Camera 05/06/2008 22:11 <REP> K-Lite Codec Pack 02/08/2008 12:34 <REP> ma-config.com 05/06/2008 04:15 <REP> Messenger 05/06/2008 22:33 <REP> Messenger Plus! Live 04/06/2008 18:31 <REP> microsoft frontpage 07/06/2008 18:43 <REP> Microsoft Office 05/06/2008 22:41 <REP> Microsoft Visual Studio 13/06/2008 04:10 <REP> Microsoft Works 05/06/2008 22:44 <REP> Microsoft.NET 19/07/2008 20:07 <REP> MOBILedit! 04/06/2008 18:27 <REP> Movie Maker 14/08/2008 11:13 <REP> Mozilla Firefox 04/06/2008 18:24 <REP> MSN 04/06/2008 18:25 <REP> MSN Gaming Zone 06/06/2008 20:40 <REP> MSXML 4.0 01/08/2008 01:10 <REP> MSXML 6.0 19/06/2008 01:00 <REP> Nero 06/06/2008 14:26 <REP> NeroInstall.bak 04/06/2008 18:27 <REP> NetMeeting 22/07/2008 12:25 <REP> NewLive All Media To Mp3 Converter 05/06/2008 00:13 <REP> Norton Internet Security 05/06/2008 04:12 <REP> Outlook Express 18/07/2008 20:49 <REP> PC Connectivity Solution 14/06/2008 20:12 <REP> PowerISO 27/07/2008 17:42 <REP> QuickMediaConverter 28/07/2008 11:28 <REP> ReaConverter Pro 27/07/2008 01:35 <REP> Real Alternative 05/07/2008 22:56 <REP> SatelliteTVforPC 08/06/2008 19:25 <REP> ScanSoft 04/06/2008 18:28 <REP> Services en ligne 14/06/2008 15:25 <REP> SlySoft 30/06/2008 17:11 <REP> Smart Projects 12/08/2008 11:24 <REP> Spyware Doctor 04/06/2008 20:16 <REP> Symantec 06/06/2008 13:58 <REP> TinaSoft 14/08/2008 11:46 <REP> Trend Micro 30/06/2008 16:56 <REP> Tunatic 07/07/2008 21:32 <REP> TVAnts 07/08/2008 12:21 <REP> uTorrent 08/06/2008 19:50 <REP> Visioneer OneTouch 14/06/2008 19:00 <REP> Webroot 05/06/2008 22:26 <REP> Winamp 09/08/2008 11:24 <REP> WinAVI Video Converter 05/06/2008 22:28 <REP> Windows Live 11/08/2008 19:45 <REP> Windows Live Safety Center 06/06/2008 13:52 <REP> Windows Media Player 04/06/2008 18:25 <REP> Windows NT 04/06/2008 19:49 <REP> Windows Sidebar 05/06/2008 22:09 <REP> WinRAR 08/07/2008 00:30 <REP> X2CD 04/06/2008 18:31 <REP> xerox 0 fichier(s) 0 octets 72 Rép(s) 584 171 520 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F441-9361 Répertoire de C:\Program Files\fichiers communs 28/07/2008 13:51 <REP> . 28/07/2008 13:51 <REP> .. 05/06/2008 23:10 <REP> Adobe 20/06/2008 00:19 <REP> Ahead 05/06/2008 22:42 <REP> DESIGNER 06/06/2008 01:07 <REP> HP 18/07/2008 21:09 <REP> InstallShield 28/07/2008 13:51 <REP> Java 13/06/2008 04:10 <REP> Microsoft Shared 04/06/2008 18:27 <REP> MSSoap 19/06/2008 01:00 <REP> Nero 04/06/2008 18:12 <REP> ODBC 08/06/2008 19:42 <REP> ScanSoft Shared 04/06/2008 18:27 <REP> Services 04/06/2008 18:12 <REP> SpeechEngines 14/08/2008 19:54 <REP> Symantec Shared 05/06/2008 22:41 <REP> System 14/06/2008 19:00 <REP> Webroot Shared 0 fichier(s) 0 octets 18 Rép(s) 584 167 424 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F441-9361 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 13/06/2008 04:11 <REP> . 13/06/2008 04:11 <REP> .. 05/06/2008 22:42 <REP> 1033 13/06/2008 04:11 <REP> 1036 20/09/2005 13:33 1 293 008 MSONSEXT.DLL 22/03/2007 20:29 39 256 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 11/07/2003 03:25 80 448 PKMWS.DLL 18/03/1999 04:37 593 977 RAGENT.DLL 6 fichier(s) 2 256 659 octets 4 Rép(s) 584 167 424 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est F441-9361 Répertoire de C:\ Attention : C:\autorun.inf existe ;0csi7wa9e8mr8313a2oJ3eSes4eJijd33qiKAjAwak2J7AJ5drs6knaioK1kDplL12Kkf4jwidwqd0F sls2Kao [AutoRun] ;9lkJakrwKawoA2Saiiq6r1qk50mad4jiFw3wi57spK5wC4X03JZeDDqr open=t1ypkh.exe ;DsDfqkK22a2dC2FiirlLa3ls1a8DaJweiLe79jaf42La2wik4a3c0akkdA4f453IseaAks4q7rs4a18 shell\open\Command=t1ypkh.exe ;65Li7orli84dsqk41i24K3LZj4efAK2j12KiqJ0KiXqLJ2sKSd3i5wsk0i0S4aAkLnac091dkrrr0p0 d2q24kSaoajsdjaKklODDoseaJ45DlkfDaL shell\open\Default=1 ;ks3lkJdaDd2qp9sDdL5wsL9c4jArwasoj32w3AUwwii3wjD3aD330lSKCdai9KL1aj1r0wa4iZrmsdw f235sS4rw27eilqKoofaekX02nI8KHsS4i12 shell\explore\Command=t1ypkh.exe ;jlDsSr21aw4dKj9r0diJass4dwXkUAr0i20aD3ms4k32askd92kKa8o72DkroDLn3 c:\Documents and Settings\Abdelhamid\Application Data\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\ARPPRODUCTICON.exe c:\Documents and Settings\Abdelhamid\Application Data\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\NewShortcut1_8527C3D5BA1D46E988D2AF25544311A3.exe c:\Documents and Settings\Abdelhamid\Application Data\Microsoft\Installer\{8527C3D5-BA1D-46E9-88D2-AF25544311A3}\NewShortcut2_8527C3D5BA1D46E988D2AF25544311A3.exe c:\Documents and Settings\Abdelhamid\Application Data\U3\temp\cleanup.exe c:\Documents and Settings\Abdelhamid\Bureau\HJTInstall.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Abdelhamid\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\All Users\Application Data\NortonProtectionMemo.exe c:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Nokia_PC_Suite_rel_7_0_7_0_fre_web.exe c:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstCCD.exe c:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCS.exe c:\Documents and Settings\All Users\Application Data\Installations\{2B8BEBBF-73A0-497D-9900-8474D022AB3F}\Installer\CommonCustomActions\UninstPCSFEMsi.exe c:\Documents and Settings\All Users\Documents\avg_avwt_stf_g7_8_156a1345.exe c:\Documents and Settings\All Users\Documents\easysetup.exe c:\Documents and Settings\All Users\Documents\Anti Autorun\autorun 15751586157516041577 16011610158516081587.exe c:\Documents and Settings\All Users\Documents\nis2008\NIS2008_OEM90.exe c:\Documents and Settings\All Users\Documents\Nouveau dossier\flt-tmnt\TMNTGame.exe c:\Documents and Settings\Abdelhamid\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\AppLU.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\AVLUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CCCMNLUM.DLL c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccMSLLuM.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccResLuM.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccRtkLuM.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\ccSEDLuM.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CFLUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\COH32LUR.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\COL32LU.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\CW20.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\decluman.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\DRMLUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\hnlureg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\HTEC_LU.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUBBReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUShdsRg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NAVLUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\NISLUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\SymAbLRM.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\SymLTLRM.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\uiLUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\VALUReg.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\WA20.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\WP20.dll c:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\patch25.dll c:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_CYBERCHABAB.tar.gz a l'adresse http://upload.malekal.com -------------------------------------------- merci d'avance a tout l'equipe merci bk poyr votre aides

salut tout le monde je suis nouveau parmi vous je vien juste de faire une analyse avec hijackthis et j'ai sauvgarder mon fichier log mnt je sais pas comment faire vous pouviez m'aider SVP voila mon fichier log ------------------------------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:49:57, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\cleanmgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\TinaSoft\Easy Cafe Server\EASYSERVER.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe O4 - HKLM\..\Policies\Explorer\Run: [] O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_3_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{742C343D-4B6A-426E-8418-A14B6D008D62}: NameServer = 192.168.1.1 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 8145 bytes ---------------------------------------------------------------------- merci bk d'avance