danslagalere

copy.exe et host.exe sont revenus

ComboFix 09-02-03.01 - Administrateur 2009-02-04 11:59:15.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1014.690 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\copy.exe C:\host.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_0155431233659162MCINSTCLEANUP -------\Service_0155431233659162mcinstcleanup ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 )))))))))))))))))))))))))))))))))))) . 2009-02-04 12:01 . 2009-02-04 12:01 118,784 --a------ c:\windows\system32\chg.exe 2009-02-04 12:01 . 2006-05-20 18:19 70,207 -rahs---- C:\host.exe 2009-02-04 12:01 . 2006-05-13 04:40 1,211 -rahs---- C:\copy.exe 2009-02-04 11:18 . 2009-02-04 11:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-04 11:18 . 2009-02-04 11:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-04 11:18 . 2009-02-04 11:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-02-04 11:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-04 11:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-04 10:45 . 2009-02-04 10:45 <REP> d-------- c:\program files\Fichiers communs\Adobe 2009-02-04 10:41 . 2009-02-04 10:41 <REP> d-------- c:\program files\Google 2009-02-04 10:40 . 2009-02-04 11:32 <REP> d-------- c:\program files\NOS 2009-02-04 10:40 . 2009-02-04 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-04 10:13 . 2009-02-04 10:16 <REP> dr------- C:\Mes documents 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d--h----- C:\Local Settings 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d-------- C:\Favorites 2009-02-04 09:36 . 2009-02-04 09:36 <REP> dr------- C:\Favoris 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d---s---- C:\Cookies 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d-------- C:\Bureau 2009-02-04 09:35 . 2009-02-04 09:36 <REP> dr-h----- C:\Application Data 2009-02-04 09:17 . 2009-02-04 09:17 <REP> d-------- c:\program files\Avira 2009-02-04 09:17 . 2009-02-04 09:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-04 08:46 . 2009-02-04 08:59 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-02-03 13:09 . 2009-02-03 13:09 <REP> d---s---- c:\documents and settings\Administrateur\UserData 2009-02-03 12:54 . 2009-02-04 12:01 <REP> d-------- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2 2009-02-03 12:47 . 2009-02-03 12:47 0 --a------ c:\windows\vpc32.INI 2009-02-03 12:30 . 2009-02-03 12:30 <REP> dr------- c:\documents and settings\LocalService\Favoris 2009-02-03 12:26 . 2009-02-03 12:26 <REP> d-------- c:\program files\HP 2009-02-03 12:25 . 2009-02-03 12:25 <REP> d--h----- c:\windows\PIF 2009-02-03 12:24 . 2009-02-03 12:24 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Thunderbird 2009-02-03 12:24 . 2009-02-03 12:24 0 --a------ c:\windows\nsreg.dat 2009-02-03 12:23 . 2009-02-03 17:10 <REP> d-------- c:\program files\Mozilla Thunderbird 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\program files\Symantec AntiVirus 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\program files\Symantec 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Symantec 2009-02-03 12:11 . 2009-02-04 09:20 <REP> d-------- C:\Emelys - Données 2009-02-03 12:11 . 2009-02-03 12:11 <REP> d-------- C:\Data 2009-02-03 12:10 . 2009-02-03 12:10 <REP> d-------- c:\program files\OpenOffice.org 2.0 2009-02-03 12:10 . 2009-02-03 12:10 <REP> d-------- c:\program files\Emelys 2009-02-03 12:10 . 2009-02-03 12:09 720,896 --a------ c:\windows\iun6002ev.exe 2009-02-03 12:10 . 2009-02-03 12:11 169 --a------ c:\windows\ODBC.INI 2009-02-03 12:09 . 2009-02-03 12:10 <REP> d-------- C:\DOC. MICHEL 2009-02-03 12:09 . 2009-02-03 12:09 <REP> d-------- C:\doc ordi do+aurore 2009-02-03 12:09 . 2009-02-03 12:09 <REP> d-------- C:\DOC DOROTHEE 2009-02-03 12:09 . 2009-02-03 12:09 <REP> d-------- C:\CIVIS 2009-02-03 12:08 . 2009-02-03 12:09 <REP> d-------- C:\bak 2009-02-03 12:07 . 2009-01-14 10:19 105,748 --a------ c:\windows\system32\Télémaintenance Euro-Info.exe 2009-02-03 12:07 . 2009-01-12 18:45 3,262 --a------ c:\windows\system32\euro_info.ico 2009-02-03 12:07 . 2009-01-12 18:45 3,262 --a------ c:\windows\euro_info.ico 2009-02-03 12:07 . 2009-01-14 10:09 2,081 --a------ c:\windows\system32\ei_script.vbs 2009-02-03 12:07 . 2009-02-03 12:07 1,072 --a------ C:\Télémaintenance Euro-Info.lnk 2009-02-03 12:07 . 2009-01-14 10:06 168 --a------ c:\windows\system32\ei.url 2009-02-03 12:06 . 2008-05-21 02:35 434 --a------ c:\windows\myClean.bat 2009-02-03 12:04 . 2006-03-02 03:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-02-03 12:02 . 2009-02-03 12:02 <REP> d-------- c:\program files\Raccourcis de programmes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 11:25 --------- d-----w c:\program files\Hewlett-Packard 2009-02-03 11:10 --------- d-----w c:\program files\Java 2009-02-03 06:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 06:43 --------- d-----w c:\program files\Services en ligne 2009-02-03 06:43 --------- d-----w c:\program files\Realtek 2009-02-03 06:43 --------- d-----w c:\program files\PDF Complete 2009-02-03 06:43 --------- d-----w c:\program files\MSXML 6.0 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft.NET 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft Works 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft SQL Server 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft Small Business 2009-02-03 06:43 --------- d-----w c:\program files\microsoft frontpage 2009-02-03 06:43 --------- d-----w c:\program files\InterVideo 2009-02-03 06:43 --------- d-----w c:\program files\HPQ 2009-02-03 06:42 --------- d-----w c:\program files\Fichiers communs\Java 2009-02-03 06:42 --------- d-----w c:\program files\Fichiers communs\InterVideo 2009-02-03 06:42 --------- d-----w c:\program files\Fichiers communs\InstallShield 2009-02-03 06:42 --------- d-----w c:\program files\Compaq 2009-02-03 06:42 --------- d-----w c:\program files\Altiris 2009-02-03 06:42 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites 2009-02-03 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-03 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 2009-02-03 06:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\SampleView 2009-02-03 06:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield 2008-12-15 18:39 2,065 --sha-r c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dx2400 Microtower PC_YB_0Comp_QCZC850_EKV330ETABF_48_I2A73h_SPEGATRON CORPORATION_V1.01_B5.33_T081107_WXP2_L40C_M1015_J250_7Intel_8Pentium Dual E2180_92_#081215_N10EC8168_(KV330ET#ABF)_X_CD3_Z.MRK 2008-12-15 18:20 315,392 ----a-w c:\windows\HideWin.exe . ((((((((((((((((((((((((((((( snapshot_2009-02-04_11.37.31.73 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-04 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-07-11 191872] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-12-15 576024] S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10621.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10621.sys [?] S3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI7.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [?] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=all&pf=cmdt uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=all&pf=cmdt uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {230EE768-5382-4804-9433-AA90DA6770B1} = 192.168.1.10 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-04 12:01:50 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\OpenOffice.org 2.0\program\soffice.exe c:\program files\OpenOffice.org 2.0\program\soffice.bin . ************************************************************************** . Heure de fin: 2009-02-04 12:02:56 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-04 11:02:54 ComboFix2.txt 2009-02-04 10:38:02 ComboFix3.txt 2009-02-03 12:15:40 ComboFix4.txt 2009-02-03 12:03:18 Avant-CF: 223 275 683 840 octets libres Après-CF: 223,211,851,776 octets libres 175 --- E O F --- 2009-02-03 16:43:48

déjà merci de ton calme rassurant et de tes conseils ... ComboFix 09-02-03.01 - Administrateur 2009-02-04 11:34:22.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1014.632 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\copy.exe C:\host.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-04 au 2009-02-04 )))))))))))))))))))))))))))))))))))) . 2009-02-04 11:36 . 2006-05-20 18:19 70,207 -rahs---- C:\host.exe 2009-02-04 11:36 . 2006-05-13 04:40 1,211 -rahs---- C:\copy.exe 2009-02-04 11:18 . 2009-02-04 11:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-04 11:18 . 2009-02-04 11:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-04 11:18 . 2009-02-04 11:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-02-04 11:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-04 11:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-04 10:45 . 2009-02-04 10:45 <REP> d-------- c:\program files\Fichiers communs\Adobe 2009-02-04 10:41 . 2009-02-04 10:41 <REP> d-------- c:\program files\Google 2009-02-04 10:40 . 2009-02-04 11:32 <REP> d-------- c:\program files\NOS 2009-02-04 10:40 . 2009-02-04 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-02-04 10:13 . 2009-02-04 10:16 <REP> dr------- C:\Mes documents 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d--h----- C:\Local Settings 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d-------- C:\Favorites 2009-02-04 09:36 . 2009-02-04 09:36 <REP> dr------- C:\Favoris 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d---s---- C:\Cookies 2009-02-04 09:36 . 2009-02-04 09:36 <REP> d-------- C:\Bureau 2009-02-04 09:35 . 2009-02-04 09:36 <REP> dr-h----- C:\Application Data 2009-02-04 09:17 . 2009-02-04 09:17 <REP> d-------- c:\program files\Avira 2009-02-04 09:17 . 2009-02-04 09:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-02-04 08:46 . 2009-02-04 08:59 <REP> d-------- c:\windows\system32\CatRoot_bak 2009-02-03 13:09 . 2009-02-03 13:09 <REP> d---s---- c:\documents and settings\Administrateur\UserData 2009-02-03 12:54 . 2009-02-04 11:36 <REP> d-------- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2 2009-02-03 12:47 . 2009-02-03 12:47 0 --a------ c:\windows\vpc32.INI 2009-02-03 12:30 . 2009-02-03 12:30 <REP> dr------- c:\documents and settings\LocalService\Favoris 2009-02-03 12:26 . 2009-02-03 12:26 <REP> d-------- c:\program files\HP 2009-02-03 12:25 . 2009-02-03 12:25 <REP> d--h----- c:\windows\PIF 2009-02-03 12:24 . 2009-02-03 12:24 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Thunderbird 2009-02-03 12:24 . 2009-02-03 12:24 0 --a------ c:\windows\nsreg.dat 2009-02-03 12:23 . 2009-02-03 17:10 <REP> d-------- c:\program files\Mozilla Thunderbird 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\program files\Symantec AntiVirus 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\program files\Symantec 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared 2009-02-03 12:13 . 2009-02-03 12:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Symantec 2009-02-03 12:11 . 2009-02-04 09:20 <REP> d-------- C:\Emelys - Données 2009-02-03 12:11 . 2009-02-03 12:11 <REP> d-------- C:\Data 2009-02-03 12:10 . 2009-02-03 12:10 <REP> d-------- c:\program files\OpenOffice.org 2.0 2009-02-03 12:10 . 2009-02-03 12:10 <REP> d-------- c:\program files\Emelys 2009-02-03 12:10 . 2009-02-03 12:09 720,896 --a------ c:\windows\iun6002ev.exe 2009-02-03 12:10 . 2009-02-03 12:11 169 --a------ c:\windows\ODBC.INI 2009-02-03 12:09 . 2009-02-03 12:10 <REP> d-------- C:\DOC. MICHEL 2009-02-03 12:09 . 2009-02-03 12:09 <REP> d-------- C:\doc ordi do+aurore 2009-02-03 12:09 . 2009-02-03 12:09 <REP> d-------- C:\DOC DOROTHEE 2009-02-03 12:09 . 2009-02-03 12:09 <REP> d-------- C:\CIVIS 2009-02-03 12:08 . 2009-02-03 12:09 <REP> d-------- C:\bak 2009-02-03 12:07 . 2009-01-14 10:19 105,748 --a------ c:\windows\system32\Télémaintenance Euro-Info.exe 2009-02-03 12:07 . 2009-01-12 18:45 3,262 --a------ c:\windows\system32\euro_info.ico 2009-02-03 12:07 . 2009-01-12 18:45 3,262 --a------ c:\windows\euro_info.ico 2009-02-03 12:07 . 2009-01-14 10:09 2,081 --a------ c:\windows\system32\ei_script.vbs 2009-02-03 12:07 . 2009-02-03 12:07 1,072 --a------ C:\Télémaintenance Euro-Info.lnk 2009-02-03 12:07 . 2009-01-14 10:06 168 --a------ c:\windows\system32\ei.url 2009-02-03 12:06 . 2008-05-21 02:35 434 --a------ c:\windows\myClean.bat 2009-02-03 12:04 . 2006-03-02 03:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-02-03 12:02 . 2009-02-03 12:02 <REP> d-------- c:\program files\Raccourcis de programmes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 11:25 --------- d-----w c:\program files\Hewlett-Packard 2009-02-03 11:10 --------- d-----w c:\program files\Java 2009-02-03 06:43 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 06:43 --------- d-----w c:\program files\Services en ligne 2009-02-03 06:43 --------- d-----w c:\program files\Realtek 2009-02-03 06:43 --------- d-----w c:\program files\PDF Complete 2009-02-03 06:43 --------- d-----w c:\program files\MSXML 6.0 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft.NET 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft Works 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft SQL Server 2009-02-03 06:43 --------- d-----w c:\program files\Microsoft Small Business 2009-02-03 06:43 --------- d-----w c:\program files\microsoft frontpage 2009-02-03 06:43 --------- d-----w c:\program files\InterVideo 2009-02-03 06:43 --------- d-----w c:\program files\HPQ 2009-02-03 06:42 --------- d-----w c:\program files\Fichiers communs\Java 2009-02-03 06:42 --------- d-----w c:\program files\Fichiers communs\InterVideo 2009-02-03 06:42 --------- d-----w c:\program files\Fichiers communs\InstallShield 2009-02-03 06:42 --------- d-----w c:\program files\Compaq 2009-02-03 06:42 --------- d-----w c:\program files\Altiris 2009-02-03 06:42 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites 2009-02-03 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-03 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 2009-02-03 06:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\SampleView 2009-02-03 06:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\InstallShield 2008-12-15 18:39 2,065 --sha-r c:\windows\system32\drivers\103C_HP_BPC_HP Compaq dx2400 Microtower PC_YB_0Comp_QCZC850_EKV330ETABF_48_I2A73h_SPEGATRON CORPORATION_V1.01_B5.33_T081107_WXP2_L40C_M1015_J250_7Intel_8Pentium Dual E2180_92_#081215_N10EC8168_(KV330ET#ABF)_X_CD3_Z.MRK 2008-12-15 18:20 315,392 ----a-w c:\windows\HideWin.exe . ((((((((((((((((((((((((((((( snapshot@2009-02-03_13.02.53.00 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-03 12:28:46 26,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\db5db94df5cb1d479ab6a20ea9605aeb\Accessibility.ni.dll + 2009-02-03 12:28:49 860,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f0cb1c4c9dda1e4492beaa10b6d6e812\AspNetMMCExt.ni.dll + 2009-02-03 12:28:50 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\664e01717c6dc34cb8b006c95fd7fbcf\CustomMarshalers.ni.dll + 2009-02-03 12:28:50 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\32cc2b9b53fe9d47bd7b55a1ec69c799\dfsvc.ni.exe + 2009-02-03 12:28:52 880,640 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0826588560ce34289da05d4caf2d404\Microsoft.Build.Engine.ni.dll + 2009-02-03 12:28:52 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c83f02b04a13df4b977483b46ddf0273\Microsoft.Build.Framework.ni.dll + 2009-02-03 12:28:55 1,691,648 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7b9a2161fefded4abdf8f738634bb6ff\Microsoft.Build.Tasks.ni.dll + 2009-02-03 12:28:55 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1715fd9e343cec4491e1197b70d15a2a\Microsoft.Build.Utilities.ni.dll + 2009-02-03 12:28:57 1,724,416 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\87d34572e545f346a0cc92d4d1a9cc90\Microsoft.VisualBasic.ni.dll + 2009-02-03 12:28:58 962,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c27c521c3a93e947940c2d356d4a9b81\System.Configuration.ni.dll + 2009-02-03 12:28:59 1,716,224 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\30b8180c61db5d4c97bf5b4194e3ad9a\System.Deployment.ni.dll + 2009-02-03 12:29:00 1,220,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\072ec1462fabdd46b2e888f271939ef7\System.DirectoryServices.ni.dll + 2009-02-03 12:29:01 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8c9118ecc9a1074395f5e15d48643515\System.DirectoryServices.Protocols.ni.dll + 2009-02-03 12:29:02 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\730d74e8978c9d4ebf4ed3f4b52f572d\System.EnterpriseServices.ni.dll + 2009-02-03 12:29:02 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\730d74e8978c9d4ebf4ed3f4b52f572d\System.EnterpriseServices.Wrapper.dll + 2009-02-03 12:29:03 729,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ea0fd1f88e9f7c4191084a4aab9ac9c6\System.Security.ni.dll + 2009-02-03 12:29:04 684,032 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\6d76ae5a4670244684cf4a1ce3b79229\System.Transactions.ni.dll + 2009-02-03 12:29:20 2,310,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\cd3228ac8cb05f4b9d83458171d49f79\System.Web.Mobile.ni.dll + 2009-02-03 12:29:21 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\0192e7876d18a748995b0b9fabfcf2ff\System.Web.RegularExpressions.ni.dll + 2009-02-03 12:29:23 1,945,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d1c6c8cc10d6ff4d99f1a241beafc22e\System.Web.Services.ni.dll + 2009-02-03 12:29:17 11,796,480 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\849173602370c4469932d1ab205f90ee\System.Web.ni.dll + 2007-12-12 14:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1036-7B44-A90000000001}\SC_Reader.exe - 2009-02-02 22:46:02 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-02-04 09:41:37 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-02-02 22:46:02 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2009-02-04 09:41:37 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-05-09 11:15:47 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 16:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-10-30 09:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2004-08-19 15:08:46 679,936 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PCL5ERES.DLL - 2003-11-04 07:01:32 263,680 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL + 2004-08-19 15:09:48 264,704 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL - 2003-11-04 07:01:32 204,288 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL + 2004-08-19 15:09:48 199,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL - 2003-11-04 07:01:28 620,544 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL + 2004-08-19 15:09:06 620,544 ----a-w c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL - 2004-11-18 09:47:56 22,752 ----a-w c:\windows\system32\spupdsvc.exe + 2005-02-25 03:35:24 22,752 ----a-w c:\windows\system32\spupdsvc.exe + 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-04 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-07-11 191872] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-12-15 576024] S2 0155431233659162mcinstcleanup;McAfee Application Installer Cleanup (0155431233659162);c:\docume~1\ADMINI~1\LOCALS~1\Temp\015543~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\015543~1.EXE c:\progra~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S3 EraserUtilDrv10621;EraserUtilDrv10621;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10621.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10621.sys [?] S3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI7.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [?] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - SSMDRV . . ------- Examen supplémentaire ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=all&pf=cmdt uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=all&pf=cmdt uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {230EE768-5382-4804-9433-AA90DA6770B1} = 192.168.1.10 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-04 11:36:51 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\OpenOffice.org 2.0\program\soffice.exe c:\program files\OpenOffice.org 2.0\program\soffice.bin . ************************************************************************** . Heure de fin: 2009-02-04 11:38:01 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-04 10:37:58 ComboFix2.txt 2009-02-03 12:15:40 ComboFix3.txt 2009-02-03 12:03:18 Avant-CF: 223 218 733 056 octets libres Après-CF: 223,285,891,072 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 221 --- E O F --- 2009-02-03 16:43:48

MBAM ne trouve aucun élément nuisible .. j'ai pourtant toujours les fameux copy.exe et host.exe qui sont impossible à supprimer voici le rapport MBAM Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1725 Windows 5.1.2600 Service Pack 2 04/02/2009 11:23:02 mbam-log-2009-02-04 (11-23-02).txt Type de recherche: Examen rapide Eléments examinés: 54969 Temps écoulé: 3 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

excusez moi ... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:42, on 04/02/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\PDF Complete\pdfsvc.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\explorer.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\NOS\bin\getPlus_HelperSvc.exe C:\Program Files\NOS\bin\getPlus_HelperSvc.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe C:\Documents and Settings\Administrateur\Bureau\Programme d'installation d'Adobe Reader 9\setup.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmdt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmdt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{230EE768-5382-4804-9433-AA90DA6770B1}: NameServer = 192.168.1.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{230EE768-5382-4804-9433-AA90DA6770B1}: NameServer = 192.168.1.10 O23 - Service: McAfee Application Installer Cleanup (0155431233659162) (0155431233659162mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\015543~1.EXE (file missing) O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe -- End of file - 5384 bytes

Bonjour je viens d'installer Antivir et il a trouvé deux virus qu'il ne parvient pas à supprimer ; Perlovga et Drop Small apparemment ils créent continuellement des fichiers copy.exe et host.exe qu'il est impossible de supprimer voici le fichier log donné par hijack C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\NOS\bin\getPlus_HelperSvc.exe C:\Program Files\NOS\bin\getPlus_HelperSvc.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe C:\Documents and Settings\Administrateur\Bureau\Programme d'installation d'Adobe Reader 9\setup.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\MsiExec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmdt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmdt R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{230EE768-5382-4804-9433-AA90DA6770B1}: NameServer = 192.168.1.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{230EE768-5382-4804-9433-AA90DA6770B1}: NameServer = 192.168.1.10 O23 - Service: McAfee Application Installer Cleanup (0155431233659162) (0155431233659162mcinstcleanup) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\015543~1.EXE (file missing) O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe -- End of file - 5384 bytes quelqu'un peut me sauver la vie ? a moins que ce virus ne soit pas vraiment dangereux ?