Aller au contenu

millechosesatedire

Membres
  • Compteur de contenus

    42
  • Inscription

  • Dernière visite

À propos de millechosesatedire

  • Date de naissance 30/10/1990

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Sexe
    Female
  • Localisation
    paris

Autres informations

  • Mes langues
    français

millechosesatedire's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Bonjour alors j'ai un problème avec mon ordi, il ne s'allume plus en mode normal, il bloque au démarrage, le bureau n'apparaît pas en fait. Mais lorsque je le démarre en mode sans échec, ou en mode sans echec avec prise en charge du réseau. Il fonctionne... Donc je ne sais pas trop où demander, car je sais pas si c'est un virus ou pas... Merci d'avance
  2. Kikou désolé pour le grand retard, alors le scan ne marche pas Par on a un autre problème : au démarrage du pc a la place du papier peint j'ai une belle page blanche avec : RECUPERATION ACTIVE DESKTOP. Lorsque je clic sur la recup. j'ai une erreur qui dit: Erreur survenue dans le script ligne: 65 caractère:1 erreur cette objet ne gere pas cette action code: 0 URL: file:///C:/Documents%20and%20Settings/parents/Application%20­Data/Microsoft/Internet%20Explorer/Desktop.htt J'ai échangé de faire une restauration de système j'ai fais un scan antivir : rien trouvé alors j'ai essayer de changer le fond d'écran ca marche par contre je n'arrive plus a aller sur internet il me marque qu'il y a un problème avec le "runtime" ou un truc comme ca je désespère
  3. Kikou désolé pr le grand retard, problème de temps, et je n'arrive pas a faire le scan BitDefender voici le rapport cleaner [ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\fixnavi.txt: trouvé ! C:\lopR.txt: trouvé ! C:\Lop SD: trouvé ! C:\Qoobox: trouvé ! C:\_OtMoveIt: trouvé ! C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé ! C:\Documents and Settings\patricia\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\patricia\Bureau\LopSD.exe: trouvé ! C:\Documents and Settings\patricia\Recent\HijackThis.lnk: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\CCleaner\cleannavi.txt: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\Qoobox\Quarantine\C\Lop SD: trouvé ! C:\Qoobox\Quarantine\C\Program Files\Navilog1: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé ! C:\Documents and Settings\patricia\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\patricia\Bureau\LopSD.exe: supprimé ! C:\Documents and Settings\patricia\Recent\HijackThis.lnk: supprimé ! C:\Program Files\Navilog1\Navilog1.bat: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\fixnavi.txt: supprimé ! C:\lopR.txt: supprimé ! C:\Program Files\CCleaner\cleannavi.txt: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\Lop SD: supprimé ! C:\Qoobox: supprimé ! C:\_OtMoveIt: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé ! C:\Program Files\Navilog1: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé !
  4. Kikou l'ordi est moins lent les fenetres publicitaires ne s'affichent plus voici le rapport : C:\Program Files\theupbird moved successfully. C:\Documents and Settings\patricia\Application Data\ItsLabel\ItsTV moved successfully. C:\Documents and Settings\patricia\Application Data\ItsLabel moved successfully. C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses moved successfully. C:\Documents and Settings\All Users\Application Data\BOONTY moved successfully. < C:\Documents and Settings\patricia\Cookies\patricia@advertstream[2].txt > C:\Documents and Settings\patricia\Cookies\patricia@advertstream[2].txt moved successfully. < C:\Documents and Settings\patricia\Cookies\patricia@advertising[1].txt > File/Folder C:\Documents and Settings\patricia\Cookies\patricia@advertising[1].txt not found. < C:\Documents and Settings\patricia\Cookies\[email protected][1].txt > C:\Documents and Settings\patricia\Cookies\[email protected][1].txt moved successfully. < C:\Documents and Settings\patricia\Cookies\[email protected][1].txt > C:\Documents and Settings\patricia\Cookies\[email protected][1].txt moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10192008_150805
  5. Kikou voici le rapport : l'ordi est beaucoup plus rapide --------------------\\ Lop S&D 4.2.4-5 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® III Mobile CPU 1133MHz ) BIOS : Ver 1.00PARTTBL USER : patricia ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated) C:\ (Local Disk) - NTFS - Total : 18 Go Free : 3 Go D:\ (CD or DVD) E:\ (USB) - FAT32 - Total : 247 Mo Free : 0 Go "C:\Lop SD" ( MAJ : 02-10-2008|23:42 ) Option : [1] ( 18/10/2008|16:04 ) --------------------\\ Listing des dossiers dans APPLIC~1 [30/08/2008|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [19/03/2008|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [19/03/2008|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [10/10/2008|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [29/04/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU [24/04/2008|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [10/05/2008|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations [15/10/2008|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [17/10/2008|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater [30/04/2008|11:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterAction studios [02/09/2008|16:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [22/09/2008|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [10/10/2008|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [27/04/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software [27/04/2008|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound [30/08/2008|22:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS [01/05/2008|18:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [06/09/2008|14:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [08/06/2008|15:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [22/04/2008|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia [26/08/2008|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems [13/11/2007|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [06/09/2008|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [25/06/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo! [01/05/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [13/11/2007|21:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [10/10/2008|14:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [14/08/2008|17:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [30/08/2008|22:54] C:\DOCUME~1\patricia\APPLIC~1\Adobe [25/03/2008|14:57] C:\DOCUME~1\patricia\APPLIC~1\Apple Computer [05/07/2008|05:37] C:\DOCUME~1\patricia\APPLIC~1\AVS4YOU [03/08/2008|15:45] C:\DOCUME~1\patricia\APPLIC~1\Creative [23/12/2007|23:52] C:\DOCUME~1\patricia\APPLIC~1\Google [15/11/2007|11:16] C:\DOCUME~1\patricia\APPLIC~1\GrabIt [01/05/2008|15:54] C:\DOCUME~1\patricia\APPLIC~1\Identities [30/06/2008|19:06] C:\DOCUME~1\patricia\APPLIC~1\ItsLabel [21/08/2008|12:23] C:\DOCUME~1\patricia\APPLIC~1\LG Electronics [17/10/2008|23:07] C:\DOCUME~1\patricia\APPLIC~1\LimeWire [25/04/2008|09:52] C:\DOCUME~1\patricia\APPLIC~1\Macromedia [02/09/2008|16:22] C:\DOCUME~1\patricia\APPLIC~1\Malwarebytes [15/11/2007|12:56] C:\DOCUME~1\patricia\APPLIC~1\Micro Application [17/09/2008|20:19] C:\DOCUME~1\patricia\APPLIC~1\Microsoft [26/04/2008|18:24] C:\DOCUME~1\patricia\APPLIC~1\Mozilla [27/04/2008|11:49] C:\DOCUME~1\patricia\APPLIC~1\NCH Swift Sound [01/05/2008|18:14] C:\DOCUME~1\patricia\APPLIC~1\PlayFirst [16/11/2007|19:18] C:\DOCUME~1\patricia\APPLIC~1\SecuROM [30/06/2008|16:55] C:\DOCUME~1\patricia\APPLIC~1\SPAMfighter [15/11/2007|12:08] C:\DOCUME~1\patricia\APPLIC~1\Sun [26/08/2008|15:58] C:\DOCUME~1\patricia\APPLIC~1\Ulead Systems [16/11/2007|20:50] C:\DOCUME~1\patricia\APPLIC~1\vlc [10/10/2008|14:10] C:\DOCUME~1\patricia\APPLIC~1\Windows Desktop Search [10/10/2008|14:42] C:\DOCUME~1\patricia\APPLIC~1\Windows Search [16/05/2008|21:52] C:\DOCUME~1\patricia\APPLIC~1\Yahoo! [01/05/2008|15:54] C:\DOCUME~1\patricia\APPLIC~1\Zylom [24/05/2008|10:26] C:\DOCUME~1\TEMP\APPLIC~1\Apple Computer(2) [24/05/2008|10:26] C:\DOCUME~1\TEMP\APPLIC~1\Macromedia(2) [24/05/2008|10:26] C:\DOCUME~1\TEMP\APPLIC~1\Microsoft(2) --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [18/10/2008 13:15][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [17/10/2008 10:28][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [18/10/2008 15:33][--ah-----] C:\WINDOWS\tasks\SA.DAT [02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [30/08/2008|22:48] C:\Program Files\Adobe [03/01/2008|14:36] C:\Program Files\Adobe(2) [16/11/2007|18:24] C:\Program Files\Alwil Software [15/11/2007|11:25] C:\Program Files\Anuman Interactive [24/05/2008|09:36] C:\Program Files\Apple Software Update [25/06/2008|10:02] C:\Program Files\Audacity [10/10/2008|13:34] C:\Program Files\Avira [07/09/2008|12:32] C:\Program Files\CCleaner [13/11/2007|21:31] C:\Program Files\ComPlus Applications [06/10/2008|13:54] C:\Program Files\Creative [03/08/2008|15:27] C:\Program Files\Creative Installation Information [14/10/2008|13:44] C:\Program Files\Fichiers communs [29/08/2008|13:36] C:\Program Files\Free Audio Pack [15/10/2008|14:31] C:\Program Files\Google [14/08/2008|17:02] C:\Program Files\Grisoft [22/09/2008|22:49] C:\Program Files\InstallShield Installation Information [16/10/2008|13:35] C:\Program Files\Internet Explorer [24/05/2008|09:32] C:\Program Files\iPod [24/05/2008|09:32] C:\Program Files\iTunes [15/11/2007|11:36] C:\Program Files\Java [14/11/2007|10:40] C:\Program Files\Lenovo [16/10/2008|14:23] C:\Program Files\LimeWire [12/05/2008|11:56] C:\Program Files\Logitech [02/09/2008|16:22] C:\Program Files\Malwarebytes' Anti-Malware [28/09/2008|17:13] C:\Program Files\Messenger [06/09/2008|15:07] C:\Program Files\Messenger Plus! Live [15/11/2007|12:50] C:\Program Files\Micro Application [17/11/2007|12:49] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [13/11/2007|21:37] C:\Program Files\microsoft frontpage [15/06/2008|11:05] C:\Program Files\Microsoft Office [21/03/2008|16:59] C:\Program Files\Microsoft SQL Server Compact Edition [28/09/2008|17:01] C:\Program Files\Movie Maker [10/05/2008|12:51] C:\Program Files\Mozilla Firefox [14/11/2007|00:18] C:\Program Files\MSBuild [28/09/2008|17:01] C:\Program Files\msn [13/11/2007|21:30] C:\Program Files\MSN Gaming Zone [10/08/2008|19:50] C:\Program Files\MSXML 4.0 [14/11/2007|08:24] C:\Program Files\MSXML 6.0 [16/10/2008|14:05] C:\Program Files\Navilog1 [21/08/2008|14:51] C:\Program Files\NCH Software [21/08/2008|14:50] C:\Program Files\NCH Swift Sound [28/09/2008|16:53] C:\Program Files\NetMeeting [30/08/2008|22:24] C:\Program Files\NOS [13/11/2007|21:30] C:\Program Files\Online Services [28/09/2008|16:53] C:\Program Files\Outlook Express [16/11/2007|18:20] C:\Program Files\PopUp Destroy [24/05/2008|09:28] C:\Program Files\QuickTime [25/04/2008|13:33] C:\Program Files\Real [14/11/2007|00:09] C:\Program Files\Reference Assemblies [28/04/2008|17:33] C:\Program Files\ReflexiveArcade [13/06/2008|18:42] C:\Program Files\Sallys Salon [13/11/2007|21:33] C:\Program Files\Services en ligne [14/08/2008|16:54] C:\Program Files\Spybot - Search & Destroy [12/08/2008|15:59] C:\Program Files\theupbird [13/11/2007|22:16] C:\Program Files\ThinkPad [11/10/2008|14:18] C:\Program Files\Trend Micro [26/08/2008|15:54] C:\Program Files\Ulead Systems [13/11/2007|21:44] C:\Program Files\Uninstall Information [13/11/2007|23:48] C:\Program Files\VideoLAN [10/10/2008|14:08] C:\Program Files\Windows Desktop Search [06/09/2008|15:01] C:\Program Files\Windows Live [13/10/2008|21:21] C:\Program Files\Windows Live Safety Center [14/11/2007|00:07] C:\Program Files\Windows Media Connect 2 [28/09/2008|16:53] C:\Program Files\Windows Media Player [28/09/2008|16:53] C:\Program Files\Windows NT [13/11/2007|21:33] C:\Program Files\WindowsUpdate [13/11/2007|21:37] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [15/11/2007|12:50] C:\Program Files\Fichiers communs\Acronis [30/08/2008|22:50] C:\Program Files\Fichiers communs\Adobe [19/03/2008|18:39] C:\Program Files\Fichiers communs\Apple [21/08/2008|14:44] C:\Program Files\Fichiers communs\AVSMedia [03/08/2008|15:23] C:\Program Files\Fichiers communs\Creative [12/05/2008|11:54] C:\Program Files\Fichiers communs\InstallShield [15/11/2007|11:34] C:\Program Files\Fichiers communs\Java [14/05/2008|16:41] C:\Program Files\Fichiers communs\Logitech [15/06/2008|11:05] C:\Program Files\Fichiers communs\Microsoft Shared [13/11/2007|21:32] C:\Program Files\Fichiers communs\MSSoap [25/04/2008|13:39] C:\Program Files\Fichiers communs\Oberon Media [13/11/2007|22:21] C:\Program Files\Fichiers communs\ODBC [13/11/2007|21:32] C:\Program Files\Fichiers communs\Services [13/11/2007|22:21] C:\Program Files\Fichiers communs\SpeechEngines [28/09/2008|16:53] C:\Program Files\Fichiers communs\System [26/08/2008|15:56] C:\Program Files\Fichiers communs\Ulead Systems [16/11/2007|18:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller --------------------\\ Process ( 42 Processes ) iexplore.exe ~ [PID:2204] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\patricia\Cookies\patricia@advertstream[2].txt C:\DOCUME~1\patricia\Cookies\patricia@advertising[1].txt C:\DOCUME~1\patricia\Cookies\[email protected][1].txt C:\DOCUME~1\patricia\Cookies\[email protected][1].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-18 16:05:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 1199 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:214][D:8]-> C:\DOCUME~1\patricia\LOCALS~1\Temp [F:224][D:0]-> C:\DOCUME~1\patricia\Cookies [F:5671][D:12]-> C:\DOCUME~1\patricia\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 18/10/2008|16:09 - Option : [1] --------------------\\ Fin du rapport a 16:09:14
  6. Kikou voici le rapport navilog: Search Navipromo version 3.6.6 commencé le 16/10/2008 à 13:55:55,11 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "patricia" Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** Favorit *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\patricia\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\TEMP\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\patricia\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\TEMP\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\patricia\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\patricia\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\TEMP\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\patricia\locals~1\applic~1" : * Dans "C:\DOCUME~1\TEMP\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 16/10/2008 à 14:05:42,46 ***
  7. Kikou voici le rapport : C:\Documents and Settings\patricia\Application Data\theupbird moved successfully. C:\Documents and Settings\All Users\Application Data\Warn Mfcd Trust Download moved successfully. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EoEngine > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\EoEngine deleted successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10152008_142241 Déja l'ordi est plus rapide mais les fenetres publicitaires s'affichent toujours
  8. J'ai un problème le premier scan combofix a été écrasé par le 2ème, le 1er était fais avec internet et les antivirus activés, par contre pour le scan que tu m'as demandé :"Une fenêtre bleue va apparaître: au message qui apparaît Type 1 to continue, or 2 to abort , tape 1 puis valide" je n'ai absolument pas eu ce message et j'ai eu exactement la meme procedure que pour le 1er scan, pourtant j'ai fais exactement ce que tu m'as demandé... voici quand meme le rapport : ComboFix 08-10-11.02 - patricia 2008-10-14 13:40:26.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.109 [GMT 2:00] Lancé depuis: C:\Documents and Settings\patricia\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\patricia\Bureau\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\documents and settings\patricia\local settings\application data\oaiswqo.exe C:\WINDOWS\system32\drivers\136a870d.sys C:\WINDOWS\system32\epyb.dll C:\WINDOWS\system32\gnc.exe C:\WINDOWS\system32\lphcatkj0eg5v.exe C:\WINDOWS\system32\sysrest32.exe C:\WINDOWS\tmp403009.bat . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\patricia\Application Data\EoRezo C:\Documents and Settings\patricia\Application Data\EoRezo\cmhost.cyp C:\Documents and Settings\patricia\Application Data\EoRezo\ConfMedia.cyp C:\Documents and Settings\patricia\Application Data\EoRezo\db\cat.cyp C:\Documents and Settings\patricia\Application Data\EoRezo\eoDesktop\config.xml C:\Documents and Settings\patricia\Application Data\EoRezo\eoDesktop\eoDesktop.html C:\Documents and Settings\patricia\Application Data\EoRezo\eoDesktop\userConfig.xml C:\Documents and Settings\patricia\Application Data\EoRezo\eoStats\eoStats.txt C:\Documents and Settings\patricia\Application Data\EoRezo\host.cyp C:\Documents and Settings\patricia\Application Data\EoRezo\user.cyp C:\Documents and Settings\patricia\Local Settings\Application Data\oaiswqo.dat C:\documents and settings\patricia\local settings\application data\oaiswqo.exe C:\Documents and Settings\patricia\Local Settings\Application Data\oaiswqo_nav.dat C:\Documents and Settings\patricia\Local Settings\Application Data\oaiswqo_navps.dat C:\Lop SD C:\Lop SD\App-Prog.lsd C:\Lop SD\AuDoss.lsd C:\Lop SD\AutrInf.cmd C:\Lop SD\AWF.cmd C:\Lop SD\Back.cmd C:\Lop SD\Boo.reg C:\Lop SD\BooFix.cmd C:\Lop SD\catchme.exe C:\Lop SD\catchme.log C:\Lop SD\Changelog Lop SD.txt C:\Lop SD\DirectFix.cmd C:\Lop SD\Discl_en.vbs C:\Lop SD\Discl_fr.vbs C:\Lop SD\Discl_ne.vbs C:\Lop SD\Discl_sp.vbs C:\Lop SD\Discl_su.vbs C:\Lop SD\Doss.lsd C:\Lop SD\egd1.egd C:\Lop SD\egd2.egd C:\Lop SD\FichKill.txt C:\Lop SD\Icon_Lop.ico C:\Lop SD\KILL.cmd C:\Lop SD\Langues.cmd C:\Lop SD\lopR.txt C:\Lop SD\LopR_1.txt C:\Lop SD\LopScript.cmd C:\Lop SD\LopSD.cmd C:\Lop SD\lsTasks.exe C:\Lop SD\Orph.egd C:\Lop SD\OsV.exe C:\Lop SD\paths.bat C:\Lop SD\Proc.txt C:\Lop SD\pv.exe C:\Lop SD\RegLop.reg C:\Lop SD\RKit.lsd C:\Lop SD\RoGUeS.lsd C:\Lop SD\RunTool.txt C:\Lop SD\S_LopV.cmd C:\Lop SD\S_LopX.cmd C:\Lop SD\sed.exe C:\Lop SD\setpath.exe C:\Lop SD\task.txt C:\Lop SD\Uninstal.exe C:\Program Files\Navilog1 C:\Program Files\Navilog1\Backupnavi\kcumioo.dat C:\Program Files\Navilog1\Backupnavi\KCUMIOO.EXE-2AAF1F25.pf C:\Program Files\Navilog1\Backupnavi\kcumioo.exe C:\Program Files\Navilog1\Backupnavi\kcumioo_nav.dat C:\Program Files\Navilog1\Backupnavi\kcumioo_navps.dat C:\Program Files\Navilog1\catchme.exe C:\Program Files\Navilog1\cleannavi.txt C:\Program Files\Navilog1\Contents\Filess.bat C:\Program Files\Navilog1\Contents\Folders.bat C:\Program Files\Navilog1\Contents\Folderss.bat C:\Program Files\Navilog1\Contents\Gnc2.bat C:\Program Files\Navilog1\Contents\Gnc2su.bat C:\Program Files\Navilog1\Contents\Gncs.bat C:\Program Files\Navilog1\Contents\Gncssfil.bat C:\Program Files\Navilog1\Contents\Heurs.bat C:\Program Files\Navilog1\Contents\Heurss.bat C:\Program Files\Navilog1\Contents\Orphus.bat C:\Program Files\Navilog1\Contents\Wlist.bat C:\Program Files\Navilog1\GetPaths.exe C:\Program Files\Navilog1\gnc.exe C:\Program Files\Navilog1\navilog1.bat C:\Program Files\Navilog1\Navreb.bat C:\Program Files\Navilog1\oem2ansi.exe C:\Program Files\Navilog1\Process.exe C:\Program Files\Navilog1\rapport peut etre a donner.txt C:\Program Files\Navilog1\reg.exe C:\Program Files\Navilog1\regnavi.reg C:\Program Files\Navilog1\Report\catchme.log C:\Program Files\Navilog1\Safebackup\backup_registry.dat C:\Program Files\Navilog1\Safebackup\HKCU_Run.reg C:\Program Files\Navilog1\Safebackup\HKLM_Arpcache.reg C:\Program Files\Navilog1\Safebackup\HKLM_Run.reg C:\Program Files\Navilog1\Safebackup\HKLM_Uninstall.reg C:\Program Files\Navilog1\traite.bat C:\Program Files\Navilog1\traite2.bat C:\Program Files\Navilog1\traite3.bat C:\Program Files\Navilog1\unins000.dat C:\Program Files\Navilog1\unins000.exe C:\WINDOWS\system32\912525 C:\WINDOWS\system32\blphcatkj0eg5v.scr C:\WINDOWS\system32\gnc.exe C:\WINDOWS\system32\netwbix32.dll C:\WINDOWS\tmp403009.bat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_SYSREST.SYS -------\Service_136a870d -------\Service_Boonty Games -------\Service_sysrest.sys ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 )))))))))))))))))))))))))))))))))))) . 2008-10-13 23:27 . 2008-10-13 23:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-13 23:27 . 2008-10-13 23:27 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-12 16:45 . 2008-10-12 22:57 <REP> d--hsc--- C:\RECYCLER(2) 2008-10-11 14:18 . 2008-10-11 14:18 <REP> d-------- C:\Program Files\Trend Micro 2008-10-10 14:42 . 2008-10-10 14:42 <REP> d-------- C:\Documents and Settings\patricia\Application Data\Windows Search 2008-10-10 14:10 . 2008-10-10 14:10 <REP> d-------- C:\Documents and Settings\patricia\Application Data\Windows Desktop Search 2008-10-10 14:08 . 2008-10-10 14:08 <REP> d-------- C:\Program Files\Windows Desktop Search 2008-10-10 14:07 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-10-10 14:07 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-10-10 14:07 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-10-10 13:34 . 2008-10-10 13:34 <REP> d-------- C:\Program Files\Avira 2008-10-10 13:34 . 2008-10-10 13:34 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira 2008-09-28 17:00 . 2008-09-28 17:00 <REP> d-------- C:\WINDOWS\system32\fr 2008-09-28 17:00 . 2008-09-28 17:00 <REP> d-------- C:\WINDOWS\system32\bits 2008-09-28 17:00 . 2008-09-28 17:01 <REP> d-------- C:\WINDOWS\l2schemas 2008-09-28 16:54 . 2008-09-28 17:02 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-09-20 14:12 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-14 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-13 19:21 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-10-11 12:12 --------- d-----w C:\Program Files\Google 2008-10-06 11:54 --------- d-----w C:\Program Files\Creative 2008-09-22 20:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-22 20:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-09-07 10:32 --------- d-----w C:\Program Files\CCleaner 2008-09-06 13:07 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-09-06 13:01 --------- d-----w C:\Program Files\Windows Live 2008-09-06 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-06 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-02 14:22 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-02 14:22 --------- d-----w C:\Documents and Settings\patricia\Application Data\Malwarebytes 2008-09-02 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-01 22:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-01 22:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-30 20:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-30 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-08-30 20:24 --------- d-----w C:\Program Files\NOS 2008-08-29 11:36 --------- d-----w C:\Program Files\Free Audio Pack 2008-08-26 13:58 --------- d-----w C:\Documents and Settings\patricia\Application Data\Ulead Systems 2008-08-26 13:56 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems 2008-08-26 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-08-26 13:54 --------- d-----w C:\Program Files\Ulead Systems 2008-08-21 12:51 --------- d-----w C:\Program Files\NCH Software 2008-08-21 12:50 --------- d-----w C:\Program Files\NCH Swift Sound 2008-08-21 12:44 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-08-21 10:23 --------- d-----w C:\Documents and Settings\patricia\Application Data\LG Electronics 2008-08-20 08:02 --------- d-----w C:\Documents and Settings\patricia\Application Data\theupbird 2008-08-20 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Warn Mfcd Trust Download 2008-08-14 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy . ------- Sigcheck ------- 2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe 2008-04-14 04:34 17408 75da6c17e92183f919a175b408da9847 C:\WINDOWS\system32\svchost.exe 2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2008-04-14 04:34 516096 68fb2de479ee5b5ae02f9d58ffe86cbe C:\WINDOWS\system32\winlogon.exe 2008-04-14 04:34 1040384 931832f199dbdd5464bf00f0014928a7 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe 2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe 2008-04-14 04:34 111104 e3e9be48e9841afb8a362b21a8f8bfa4 C:\WINDOWS\system32\services.exe 2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe 2008-04-14 04:34 14848 2da8f90a3c908b4e312eb0f86cee9707 C:\WINDOWS\system32\lsass.exe 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe 2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe 2008-04-14 04:34 58880 bf52753edadff8ab7881e96fba843486 C:\WINDOWS\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-01 39408] "Creative Detector U"="C:\Program Files\Creative\MediaSource5\CTDetctu.exe" [2006-06-27 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "EoEngine"="" [bU] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-04-26 22832] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592] . Contenu du dossier 'Tâches planifiées' 2008-10-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-10-14 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-14 13:51:33 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\WINDOWS\system32\ibmpmsvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\TpKmpSvc.exe C:\WINDOWS\system32\searchindexer.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************** . Heure de fin: 2008-10-14 14:01:16 - La machine a redémarré [patricia] ComboFix-quarantined-files.txt 2008-10-14 12:00:02 ComboFix2.txt 2008-10-12 13:57:45 ComboFix3.txt 2008-10-12 13:43:19 Avant-CF: 4,233,453,568 octets libres Après-CF: 4,273,905,664 octets libres 273 --- E O F --- 2008-09-28 15:17:19 -------------------------------------------- voici le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:43:42, on 14/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource5\CTDetctu.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\LVComsX.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?rls=ig R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: recherche &google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: version de la page actuelle disponible dans le cache google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15103/CTPID.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 8829 bytes
  9. bonjour pour le premier rapport je n'ai pas fais attention et du coup je l'ai fais avec internet et antivir et spybot activé...
  10. Kikou voici le rapport combofix: ComboFix 08-10-11.02 - patricia 2008-10-12 15:48:18.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.93 [GMT 2:00] Lancé depuis: C:\Documents and Settings\patricia\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-12 au 2008-10-12 )))))))))))))))))))))))))))))))))))) . 2008-10-12 13:04 . 2008-10-12 13:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-10-12 13:04 . 2008-10-12 13:04 1,409 --a------ C:\WINDOWS\QTFont.for 2008-10-11 17:04 . 2008-06-05 18:18 5,737 --a------ C:\WINDOWS\system32\gnc.exe 2008-10-11 14:18 . 2008-10-11 14:18 <REP> d-------- C:\Program Files\Trend Micro 2008-10-10 14:42 . 2008-10-10 14:42 <REP> d-------- C:\Documents and Settings\patricia\Application Data\Windows Search 2008-10-10 14:10 . 2008-10-10 14:10 <REP> d-------- C:\Documents and Settings\patricia\Application Data\Windows Desktop Search 2008-10-10 14:08 . 2008-10-10 14:08 <REP> d-------- C:\Program Files\Windows Desktop Search 2008-10-10 14:07 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-10-10 14:07 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-10-10 14:07 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-10-10 13:34 . 2008-10-10 13:34 <REP> d-------- C:\Program Files\Avira 2008-10-10 13:34 . 2008-10-10 13:34 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Avira 2008-10-09 16:39 . 2008-10-11 16:37 <REP> d-------- C:\WINDOWS\system32\912525 2008-10-09 16:37 . 2008-10-12 15:53 82,910 --a------ C:\WINDOWS\system32\drivers\136a870d.sys 2008-10-09 16:36 . 2008-10-09 16:36 245 --a------ C:\WINDOWS\tmp403009.bat 2008-09-28 17:00 . 2008-09-28 17:00 <REP> d-------- C:\WINDOWS\system32\fr 2008-09-28 17:00 . 2008-09-28 17:00 <REP> d-------- C:\WINDOWS\system32\bits 2008-09-28 17:00 . 2008-09-28 17:01 <REP> d-------- C:\WINDOWS\l2schemas 2008-09-28 16:54 . 2008-09-28 17:02 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-09-20 14:12 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-09-18 13:13 . 2008-10-11 17:37 <REP> d-------- C:\Program Files\Navilog1 2008-09-16 14:47 . 2008-09-16 14:52 <REP> d----c--- C:\Lop SD 2008-09-12 16:15 . 2008-09-12 16:15 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-12 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-11 17:32 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-10-11 12:12 --------- d-----w C:\Program Files\Google 2008-10-06 11:54 --------- d-----w C:\Program Files\Creative 2008-09-22 20:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-22 20:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-09-07 10:32 --------- d-----w C:\Program Files\CCleaner 2008-09-06 13:07 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-09-06 13:01 --------- d-----w C:\Program Files\Windows Live 2008-09-06 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-06 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-02 14:22 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-02 14:22 --------- d-----w C:\Documents and Settings\patricia\Application Data\Malwarebytes 2008-09-02 14:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-01 22:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-01 22:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-30 20:50 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-30 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-08-30 20:24 --------- d-----w C:\Program Files\NOS 2008-08-29 11:36 --------- d-----w C:\Program Files\Free Audio Pack 2008-08-26 13:58 --------- d-----w C:\Documents and Settings\patricia\Application Data\Ulead Systems 2008-08-26 13:56 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems 2008-08-26 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-08-26 13:54 --------- d-----w C:\Program Files\Ulead Systems 2008-08-21 12:52 --------- d-----w C:\Documents and Settings\patricia\Application Data\EoRezo 2008-08-21 12:51 --------- d-----w C:\Program Files\NCH Software 2008-08-21 12:50 --------- d-----w C:\Program Files\NCH Swift Sound 2008-08-21 12:44 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-08-21 10:23 --------- d-----w C:\Documents and Settings\patricia\Application Data\LG Electronics 2008-08-20 08:02 --------- d-----w C:\Documents and Settings\patricia\Application Data\theupbird 2008-08-20 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Warn Mfcd Trust Download 2008-08-14 14:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-08-12 13:59 --------- d-----w C:\Program Files\theupbird 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll . ------- Sigcheck ------- 2006-03-02 14:00 14336 2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe 2008-04-14 04:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\ServicePackFiles\i386\svchost.exe md5deep: C:\WINDOWS\system32\svchost.exe: error at offset 0: Permission denied 2006-03-02 14:00 506368 123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe 2008-04-14 04:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe 2008-04-14 04:34 516096 68fb2de479ee5b5ae02f9d58ffe86cbe C:\WINDOWS\system32\winlogon.exe md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe 2006-03-02 14:00 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2008-04-14 04:34 1037824 f2317622d29f9ff0f88aeecd5f60f0dd C:\WINDOWS\ServicePackFiles\i386\explorer.exe 2006-03-02 14:00 108544 63dcde1a0d86eeb8924d6738ff616ead C:\WINDOWS\$NtServicePackUninstall$\services.exe 2008-04-14 04:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\ServicePackFiles\i386\services.exe md5deep: C:\WINDOWS\system32\services.exe: error at offset 0: Permission denied 2006-03-02 14:00 13312 259af82a0932eea4f316f92db94707b6 C:\WINDOWS\$NtServicePackUninstall$\lsass.exe 2008-04-14 04:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\ServicePackFiles\i386\lsass.exe md5deep: C:\WINDOWS\system32\lsass.exe: error at offset 0: Permission denied 2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2005-06-11 01:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe 2006-03-02 14:00 57856 df9fc62ad51cb082b0ae371919a232cb C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 2008-04-14 04:34 57856 460e4ce148bd07218da0b6a3d31885a9 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe md5deep: C:\WINDOWS\system32\spoolsv.exe: error at offset 0: Permission denied . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-01 39408] "Creative Detector U"="C:\Program Files\Creative\MediaSource5\CTDetctu.exe" [2006-06-27 110592] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "XRcvTiDDCrk"= {7C48A7C5-D6E2-0D6F-FF57-299A87BA56B4} - C:\WINDOWS\system32\epyb.dll [2008-04-14 32768] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-04-26 22832] S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592] . Contenu du dossier 'Tâches planifiées' 2008-10-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-10-12 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [] . . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\patricia\Application Data\Mozilla\Firefox\Profiles\rz5xtj2n.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-12 15:52:03 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\136a870d] "ImagePath"="\SystemRoot\System32\drivers\136a870d.sys" . Heure de fin: 2008-10-12 15:57:43 ComboFix-quarantined-files.txt 2008-10-12 13:57:15 ComboFix2.txt 2008-10-12 13:43:19 Avant-CF: 4 309 377 024 octets libres Après-CF: 4,309,086,208 octets libres 165 --- E O F --- 2008-09-28 15:17:19 --------------------------- voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:26:38, on 12/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Creative\MediaSource5\CTDetctu.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?rls=ig R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: recherche &google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: version de la page actuelle disponible dans le cache google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15103/CTPID.cab O21 - SSODL: XRcvTiDDCrk - {7C48A7C5-D6E2-0D6F-FF57-299A87BA56B4} - C:\WINDOWS\system32\epyb.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 8925 bytes
  11. oui je sais mais j'y peux rien sinon pour désactiver le controle des utilisateurs je n'ai pas "Activer ou désactiver le contrôle des comptes d’utilisateurs" j'ai seulement : modifier un compte créer un nouveau compte modifier la manière dont les utilisateurs ouvrent et ferment une session ensuite je n'arrive pas a faire une recherche avec navilog en plein milieu du scan windows met un message sur fond bleu en plein écran (comme quand windows a mal été arrêté) je ne comprends pas ce qu'ils disent seulement que si c'est pas la premiere fois que ca arrive il faut appuyer sur F8 et après l'ordi se redémarre et reviens a l'écran où il s'était arrêté. sinon je me suis permis de faire un scan spybot et un scan antivir voici le rapport d'antivir: Avira AntiVir Personal Report file date: samedi 11 octobre 2008 14:31 Scanning for 1676136 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: patricia Computer name: PATRICIA-PORT Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 13:57:51 ANTIVIR3.VDF : 7.0.7.27 109056 Bytes 10/10/2008 11:36:17 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 10/10/2008 13:58:05 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49 AERDL.DLL : 8.1.1.2 438644 Bytes 10/10/2008 13:58:03 AEPACK.DLL : 8.1.2.3 364918 Bytes 10/10/2008 13:58:02 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 10/10/2008 13:58:00 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/10/2008 13:57:59 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 10/10/2008 13:57:56 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 10/10/2008 13:57:55 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 10/10/2008 13:57:54 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 11 octobre 2008 14:31 The scan of running processes will be started Scan process 'avwsc.exe' - '0' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'oaiswqo.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'TpKmapMn.exe' - '1' Module(s) have been scanned Scan process 'TpKmapMn.exe' - '1' Module(s) have been scanned Scan process 'TpKmpSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CTDetctu.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'TpKmapMn.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'schedul2.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '54' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\patricia\Local Settings\Temp\Répertoire temporaire 2 pour bratisla boys.Crack.All.Version.zip\Crack.All.Version.exe [DETECTION] Is the TR/Dldr.Small.aesu Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\phcatkj0eg5v.bmp [DETECTION] Is the TR/Fakealert.AAF Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\912525\912525.dll [DETECTION] Is the TR/BHO.Gen Trojan [NOTE] The file was deleted! C:\WINDOWS\system32\drivers\136a870d.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'D:\' Search path D:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. End of the scan: samedi 11 octobre 2008 16:40 Used time: 2:09:23 Hour(s) The scan has been done completely. 5716 Scanning directories 131585 Files were scanned 3 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 3 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 131579 Files not concerned 1312 Archives were scanned 3 Warnings 3 Notes
  12. Bonjour voici le nouveau rapport hijackthis par contre les icones antivir c'était simplement des raccourcis il a confondu, des fenetres publicitaires s'affichent toujours, le PC est redenu lent, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:19:02, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Creative\MediaSource5\CTDetctu.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\SearchIndexer.exe c:\documents and settings\patricia\local settings\application data\oaiswqo.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [lphcatkj0eg5v] C:\WINDOWS\system32\lphcatkj0eg5v.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R O4 - HKCU\..\Run: [oaiswqo] "c:\documents and settings\patricia\local settings\application data\oaiswqo.exe" oaiswqo O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: recherche &google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: version de la page actuelle disponible dans le cache google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15103/CTPID.cab O21 - SSODL: XRcvTiDDCrk - {7C48A7C5-D6E2-0D6F-FF57-299A87BA56B4} - C:\WINDOWS\system32\epyb.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 9915 bytes
  13. Kikou désolé pour le grand retard antivir n'est pas réapparu, et la dernière fois tu m'avais dis de désinstaller Hijackthis et comme aucun logiciel ne peut etre télécharger... je ne peux pas faire le rapport désolé rectification : mon copain a miraculesement touché a quelque chose qui a remis antivir par contre il y a maintenant 3 icones d'antivir dans la barre des taches et sinon les alertes windows continuent toujours alors que antivir a été remis a jour et un scan a été effectué...
  14. HELP kikou alors je n'ai pas eu le temps de faire ce que tu m'as demandé par contre j'ai UN GROS SOUCIS l'anti virus a disparu il a disparu de l'ordi impossible de le retélécharger, des "messages d'erreurs windows" s'affichent comme quoi le téléchargement n'est pas possible et des messages d'erreurs comme quoi il n'y a pas d'antivirus activé... enfin bon bref mon copain est un peu en panique parce qu'il ne s'y connait pas du tout, ses soeurs pas trop et ils savent pas comment ca s'est fait... si tu pouvais m'aider
  15. Merci bah le PC est toujours un peu lent mais de tte facon je crois qu'on pourra pas faire grand chose je n'y connais pas grand chose mais je pense déja qu'il y a trop de fichiers et comme c'est pas mon ordi et que mon copain a des soeurs... je ne peux pas surveiller sur quels sites elles vont, et comme une d'entre elles avait une clef USB avec des photos je suppose infectées par le virus d'avant elle a dû les remettre... mais je peux toujours essayer de donner des conseils de sécurité .... en tout cas merci beaucoup, parce que l'ordi est quand meme moins lent qu'avant
×
×
  • Créer...