Chris68

-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, March 1, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, March 01, 2009 12:07:59 Records in database: 1858765 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Files scanned: 80243 Threat name: 3 Infected objects: 5 Suspicious objects: 3 Duration of the scan: 02:14:20 File name / Threat name / Threats count C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08240000.VBN Infected: Packed.Win32.Krap.g 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80000.VBN Infected: Packed.Win32.Krap.g 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80000.VBN Infected: Packed.Win32.Krap.g 1 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E100000.VBN Infected: Packed.Win32.Krap.g 1 C:\WINDOWS\system32\Tools\Hide.exe Infected: not-a-virus:AdWare.Win32.Dm.wf 1 The selected area was scanned.

Bonjour, Hélas, en ayant réutilisé une ancienne clé USB j'ai à nouveau hérité du fameux troyan ! Je me suis permis de refaire la même manœuvre que initialement en rajoutant cette clé usb ! Voici le rapport Combofix DSL et Merci d'avance PS : Au fait quels dégâts fait ce troyan en question ? S'il en fait ! ComboFix 09-02-28.01 - XXXXXX 2009-03-01 10:44:51.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3327.2634 [GMT 1:00] Lancé depuis: C:\Documents and Settings\XXXX\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\XXXXXX\Bureau\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) FW: Symantec Client Firewall *disabled* * Un nouveau point de restauration a été créé FILE :: C:\hyetn1i.exe c:\windows\system32\msln.exe c:\windows\system32\mucltui.dll D:\hyetn1i.exe L:\hyetn1i.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\msln.exe c:\windows\system32\mucltui.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-01 au 2009-03-01 )))))))))))))))))))))))))))))))))))) . 2009-02-28 19:11 . 2009-02-28 19:11 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\CyberLink 2009-02-28 19:11 . 2009-02-28 19:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2009-02-28 19:10 . 2009-02-28 19:10 <REP> d-------- C:\Program Files\CyberLink 2009-02-28 19:10 . 2001-03-08 18:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2009-02-28 16:37 . 2009-02-28 16:37 <REP> d-------- C:\Program Files\DVD Shrink 2009-02-28 16:04 . 2009-02-28 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2009-02-28 08:48 . 2009-02-28 08:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GARMIN 2009-02-26 21:48 . 2009-02-26 21:48 <REP> d-------- C:\Documents and Settings\XXXX\Application Data\dvdcss 2009-02-26 21:47 . 2009-02-26 21:47 <REP> d-------- C:\Program Files\VideoLAN 2009-02-26 21:47 . 2009-02-26 21:48 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\vlc 2009-02-26 21:30 . 2009-02-28 19:51 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\DivX 2009-02-26 21:29 . 2009-02-26 21:29 <REP> d-------- C:\Program Files\DivX 2009-02-24 16:16 . 2009-02-24 16:16 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite 2009-02-24 16:16 . 2009-02-24 16:16 <REP> d-------- C:\Program Files\Fichiers communs\Nokia 2009-02-24 16:15 . 2009-02-24 16:15 <REP> d-------- C:\Program Files\PC Connectivity Solution 2009-02-22 17:40 . 2009-02-22 17:40 <REP> d-------- C:\WINDOWS\system32\LogFiles 2009-02-22 17:39 . 2008-04-13 11:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2009-02-22 17:39 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2009-02-22 17:39 . 2009-02-22 17:40 1,374 --a------ C:\WINDOWS\imsins.BAK 2009-02-22 17:39 . 2009-02-22 17:39 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-02-22 17:39 . 2009-02-22 17:39 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2009-02-22 17:38 . 2009-02-22 17:38 <REP> d-------- C:\Program Files\DIFX 2009-02-22 17:38 . 2009-02-22 17:40 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\PC Suite 2009-02-22 17:38 . 2009-02-22 17:43 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\Nokia 2009-02-22 17:38 . 2009-02-22 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2009-02-22 17:38 . 2008-08-26 09:26 18,816 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2009-02-22 17:37 . 2009-02-24 16:16 <REP> d-------- C:\Program Files\Nokia 2009-02-22 17:37 . 2009-02-24 16:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2009-02-22 17:37 . 2008-09-15 07:56 91,136 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2009-02-22 17:30 . 2009-02-22 17:30 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Acronis 2009-02-22 17:28 . 2009-02-28 16:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis 2009-02-22 17:28 . 2009-02-22 17:28 441,760 --a------ C:\WINDOWS\system32\drivers\timntr.sys 2009-02-22 17:28 . 2009-02-22 17:28 44,384 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys 2009-02-22 17:27 . 2009-02-22 17:27 <REP> d-------- C:\Program Files\Fichiers communs\Acronis 2009-02-22 17:27 . 2009-02-22 17:27 <REP> d-------- C:\Program Files\Acronis 2009-02-22 17:27 . 2009-02-22 17:27 368,736 --a------ C:\WINDOWS\system32\drivers\tdrpman.sys 2009-02-22 17:27 . 2009-02-22 17:27 129,248 --a------ C:\WINDOWS\system32\drivers\snapman.sys 2009-02-22 16:38 . 2009-02-22 16:38 <REP> d-------- C:\Program Files\TeamViewer 2009-02-22 16:38 . 2009-02-22 16:38 <REP> d-------- C:\Documents and Settings\XXXXX\temp 2009-02-22 16:38 . 2009-02-22 16:38 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\TeamViewer 2009-02-22 13:28 . 2009-02-22 13:28 <REP> d-------- C:\WINDOWS\system32\MGE 2009-02-22 11:25 . 2009-02-28 08:48 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\GARMIN 2009-02-22 11:02 . 2009-02-22 11:05 <REP> d-------- C:\Backups 2009-02-22 09:49 . 2009-02-26 21:35 <REP> d--hs---- C:\Diskeeper 2009-02-22 09:40 . 2009-02-24 16:36 <REP> d-------- C:\WINDOWS\ERUNT 2009-02-21 22:41 . 2009-02-28 11:07 <REP> d-------- C:\Garmin 2009-02-21 22:41 . 2004-05-12 08:49 1,089,536 --------- C:\WINDOWS\system32\ROBOEX32.DLL 2009-02-21 22:41 . 2004-05-12 08:48 49,152 --------- C:\WINDOWS\system32\INETWH32.dll 2009-02-21 22:26 . 2009-02-21 22:26 <REP> d-------- C:\Program Files\AlerteGPS 2009-02-21 22:26 . 2003-07-16 14:27 43,264 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2009-02-21 22:10 . 2009-02-21 22:12 <REP> d-------- C:\Program Files\Ancestrologie 2009-02-21 22:09 . 2009-02-21 22:09 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\CD-LabelPrint 2009-02-21 15:48 . 2009-02-21 15:48 <REP> d-------- C:\Program Files\Diskeeper Corporation 2009-02-21 15:48 . 2009-02-21 15:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation 2009-02-21 14:01 . 2009-02-21 14:01 <REP> d-------- C:\Program Files\Microsoft LifeCam 2009-02-21 14:00 . 2009-02-24 16:15 <REP> d-------- C:\WINDOWS\system32\drivers\umdf 2009-02-21 13:18 . 2009-02-21 13:18 <REP> d-------- C:\Program Files\CCleaner 2009-02-21 11:41 . 2009-02-21 11:41 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2009-02-21 10:12 . 2009-02-21 10:13 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\Canon 2009-02-21 10:06 . 2009-02-21 10:06 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2009-02-21 10:05 . 2009-02-21 10:05 <REP> d-------- C:\Program Files\MSXML 4.0 2009-02-21 09:45 . 2008-10-16 14:06 208,744 --a------ C:\WINDOWS\system32\muweb.dll 2009-02-21 09:45 . 2008-10-16 14:06 27,496 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2009-02-20 23:14 . 2009-02-20 23:14 <REP> d-------- C:\Program Files\netpass 2009-02-20 20:56 . 2009-02-20 20:56 <REP> d-------- C:\WINDOWS\Logs 2009-02-20 19:38 . 2009-02-25 22:50 <REP> d-------- C:\Program Files\CyberMUT 2009-02-20 19:38 . 2002-07-04 17:54 176,128 --a------ C:\WINDOWS\calceuro.exe 2009-02-20 19:38 . 2001-07-05 16:10 102,400 --a------ C:\WINDOWS\system32\CmutEuro32.dll 2009-02-20 19:36 . 2009-02-20 19:36 <REP> d-------- C:\Program Files\InfraRecorder 2009-02-20 19:36 . 2009-02-20 20:21 <REP> d-------- C:\Documents and Settings\XXXXX\Application Data\InfraRecorder 2009-02-20 19:34 . 2009-03-01 10:35 <REP> d-------- C:\Documents and Settings\XXXXX\Tracing 2009-02-20 19:33 . 2009-02-20 19:33 <REP> d-------- C:\Program Files\Windows Live SkyDrive 2009-02-20 19:33 . 2009-02-20 19:33 <REP> d-------- C:\Program Files\Windows Live 2009-02-20 19:33 . 2009-02-20 19:33 <REP> d-------- C:\Program Files\Microsoft 2009-02-20 19:29 . 2009-02-20 19:29 <REP> d-------- C:\Program Files\Fichiers communs\Windows Live 2009-02-20 18:20 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2009-02-20 18:20 . 2009-02-20 18:20 385 --a------ C:\WINDOWS\ODBC.INI 2009-02-20 18:19 . 2009-02-20 18:19 <REP> d-------- C:\WINDOWS\SHELLNEW 2009-02-20 18:19 . 2009-02-20 18:19 <REP> d-------- C:\Program Files\Microsoft.NET 2009-02-20 17:01 . 2009-02-20 17:01 0 --a------ C:\WINDOWS\vpc32.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 18:10 --------- d--h--w C:\Program Files\InstallShield Installation Information 2009-02-27 19:02 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2009-02-21 21:34 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2009-02-20 14:59 --------- d-----w C:\Program Files\Fichiers communs\PDFView 2009-02-20 14:58 --------- d-----w C:\Program Files\NewSoft 2009-02-20 14:52 --------- d-----w C:\Program Files\ScanSoft 2009-02-20 14:52 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared 2009-02-20 14:52 --------- d-----w C:\Documents and Settings\XXXXX\Application Data\ScanSoft 2009-02-20 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2009-02-20 14:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2009-02-20 14:51 --------- d-----w C:\Program Files\ArcSoft 2009-02-20 14:50 --------- d-----w C:\Program Files\Fichiers communs\CANON 2009-02-20 14:49 --------- d-----w C:\Program Files\Canon 2009-02-20 14:48 --------- d--h--w C:\Program Files\CanonBJ 2009-02-20 14:40 --------- d-----w C:\Program Files\KONICA MINOLTA 2009-02-20 14:37 --------- d-----w C:\Program Files\Bi-Exploreur 2009-02-20 14:32 --------- d-----w C:\Program Files\CD-LabelPrint 2009-02-20 13:57 --------- d-----w C:\Program Files\Symantec Client Security 2009-02-20 13:57 --------- d-----w C:\Program Files\Symantec 2009-02-20 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2009-02-20 13:49 --------- d-----w C:\Program Files\Realtek 2009-02-20 13:48 315,392 ----a-w C:\WINDOWS\HideWin.exe 2009-02-20 13:42 --------- d-----w C:\Program Files\LG Soft India 2009-02-20 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2009-02-20 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2009-02-20 13:31 --------- d-----w C:\Program Files\microsoft frontpage 2009-02-20 13:30 --------- d-----w C:\Program Files\Services en ligne . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:34 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 18:51 3885408] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:34 1695232] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 12:47 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 12:52 13524992] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 12:52 86016] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-11-15 13:28 85744] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45 75304] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 15:39 707360] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 17:01 2620336] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 17:36 904880] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-10-07 17:08 140568] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152] "nwiz"="nwiz.exe" [2008-03-24 12:52 1626112 C:\WINDOWS\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 08:21 16384000 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 17:34 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe [2009-02-20 14:42:44 1097728] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ a\0u\0t\0o\0c\0h\0e\0c\0k\0 \0a\0u\0t\0o\0c\0h\0k\0 \0*\0\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-27 20:02:27 101936] R3 LGDDCDevice;LGDDCDevice;C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-02-20 14:42:44 14336] S2 MGE Service module;MGE Service module;C:\WINDOWS\system32\MGE\RunSC.exe [2009-02-22 13:28:30 122880] S3 LGII2CDevice;LGII2CDevice;C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-02-20 14:42:44 13312] S3 SavRoam;SAVRoam;C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2005-11-15 13:27:56 169200] . Contenu du dossier 'Tâches planifiées' 2009-02-21 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job - C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-12 17:48] 2009-02-20 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - C:\Documents and Settings\XXXXX\Application Data\Mozilla\Firefox\Profiles\6pn7nrvw.default\ FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr/ FF - component: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true.

bonjour, J'ai refais la même manœuvre, et même issue ! ComboFix s'arrête à l'étape _50 et plus rien. Mais je crois que l'essentiel est fait, mais depuis 24 heures plus de troyan ou autres ... le pc est propre Je crois que c'est bon ! En tout cas, je tiens à vous remercier et vous félicite pour ce super travail et aussi de votre patience ! Encore Merci et je pense que l'on peut mettre ce post en " résolu " @++

Dsl de vous solliciter à ce point ! Voilà ce qu'il y a dans la fenetre BootExecute autocheck a autocheck u autocheck t autocheck o autocheck c autocheck h autocheck e autocheck c autocheck k autocheck autocheck a autocheck u autocheck t autocheck o autocheck c autocheck h autocheck k autocheck autocheck * Puis je laisser tout ça ou remplacer le tout par la ligne que vous conseiller ? Merci bcp

il y a bien les deux valeurs dans la base de registre autocheck autochk * Mais comme ici, une en dessous de l'autre .... est ce que c'est bon ?? Merci à vous Cordialement PS: Depuis 14 heures j'ai plus de messages d'erreurs de Norton ! pourvu que ça dure !

Re Bonjour, J'ai fais ce qui est décrit plus haut, mais je n'ais pas eu le message Type 1 to continue, mais une erreur, puis il a fait son scann et supprimé quelques fichiers, puis la fenetre bleu est restée, au bout de 10 mn voyant que rien ne réagissait plus j'ai fait un Hardboot ! Voilà ce qui en ressort du rapport que j'ai sorti moi meme... Merci à vous PS : Pour l'instant Norton n'affiche plus rien ! au fait était ce grave docteur ?? ou est ce grave si encore ... ?? ComboFix 09-02-21.01 - XXXXXXXXXXX 2009-02-22 13:51:31.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3327.2683 [GMT 1:00] Lancé depuis: C:\Documents and Settings\XXXXXXXX\Bureau\Combofix.exe Commutateurs utilisés :: C:\Documents and Settings\XXXXXXXXX\Bureau\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) FW: Symantec Client Firewall *enabled* * Un nouveau point de restauration a été créé FILE :: C:\hyetn1i.exe c:\windows\system32\msln.exe c:\windows\system32\mucltui.dll D:\hyetn1i.exe .

Voilà ce qui en ressort ! Merci d'avance ... ComboFix 09-02-21.01 - XXXXXXXX 2009-02-22 11:40:39.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3327.2624 [GMT 1:00] Lancé depuis: c:\documents and settings\XXXXXXX\Bureau\XXX.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) FW: Symantec Client Firewall *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Co2c40en.dll c:\windows\system32\Implode.dll c:\windows\system32\olhrwef.exe c:\windows\system32\Pg32.dll D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 )))))))))))))))))))))))))))))))))))) . 2009-02-22 11:25 . 2009-02-22 11:25 <REP> d-------- c:\documents and settings\XXXXXX\Application Data\GARMIN 2009-02-22 11:22 . 2009-02-22 11:22 <REP> d-------- c:\windows\LastGood 2009-02-22 11:08 . 2009-02-22 11:08 46,640 --a------ c:\windows\system32\msln.exe 2009-02-22 09:49 . 2009-02-22 09:49 <REP> d--hs---- C:\Diskeeper 2009-02-22 09:40 . 2009-02-22 09:40 <REP> d-------- c:\windows\ERUNT 2009-02-22 09:21 . 2009-02-22 11:05 <REP> d-------- C:\SDFix 2009-02-21 22:41 . 2009-02-22 11:17 <REP> d-------- C:\Garmin 2009-02-21 22:41 . 2004-05-12 08:49 1,089,536 --------- c:\windows\system32\ROBOEX32.DLL 2009-02-21 22:41 . 2004-05-12 08:48 49,152 --------- c:\windows\system32\INETWH32.dll 2009-02-21 22:26 . 2009-02-21 22:26 <REP> d-------- c:\program files\AlerteGPS 2009-02-21 22:26 . 2003-07-16 14:27 43,264 --------- c:\windows\system32\drivers\ser2pl.sys 2009-02-21 22:10 . 2009-02-21 22:12 <REP> d-------- c:\program files\Ancestrologie 2009-02-21 22:09 . 2009-02-21 22:09 <REP> d-------- c:\documents and settings\XXXXXX\Application Data\CD-LabelPrint 2009-02-21 15:48 . 2009-02-21 15:48 <REP> d-------- c:\program files\Diskeeper Corporation 2009-02-21 15:48 . 2009-02-21 15:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Diskeeper Corporation 2009-02-21 14:01 . 2009-02-21 14:01 <REP> d-------- c:\program files\Microsoft LifeCam 2009-02-21 14:00 . 2009-02-21 14:00 <REP> d-------- c:\windows\system32\drivers\umdf 2009-02-21 13:18 . 2009-02-21 13:18 <REP> d-------- c:\program files\CCleaner 2009-02-21 11:41 . 2009-02-21 11:41 <REP> dr------- c:\documents and settings\LocalService\Favoris 2009-02-21 10:12 . 2009-02-21 10:13 <REP> d-------- c:\documents and settings\XXXXXXX\Application Data\Canon 2009-02-21 10:06 . 2009-02-21 10:06 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-02-21 10:05 . 2009-02-21 10:05 <REP> d-------- c:\program files\MSXML 4.0 2009-02-21 09:45 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-02-21 09:45 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-02-21 09:45 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-02-20 23:14 . 2009-02-20 23:14 <REP> d-------- c:\program files\netpass 2009-02-20 20:56 . 2009-02-20 20:56 <REP> d-------- c:\windows\Logs 2009-02-20 19:38 . 2009-02-20 19:49 <REP> d-------- c:\program files\CyberMUT 2009-02-20 19:38 . 2002-07-04 17:54 176,128 --a------ c:\windows\calceuro.exe 2009-02-20 19:38 . 2001-07-05 16:10 102,400 --a------ c:\windows\system32\CmutEuro32.dll 2009-02-20 19:36 . 2009-02-20 19:36 <REP> d-------- c:\program files\InfraRecorder 2009-02-20 19:36 . 2009-02-20 20:21 <REP> d-------- c:\documents and settings\XXXXXX\Application Data\InfraRecorder 2009-02-20 19:34 . 2009-02-22 11:06 <REP> d-------- c:\documents and settings\XXXXXX\Tracing 2009-02-20 19:33 . 2009-02-20 19:33 <REP> d-------- c:\program files\Windows Live SkyDrive 2009-02-20 19:33 . 2009-02-20 19:33 <REP> d-------- c:\program files\Windows Live 2009-02-20 19:33 . 2009-02-20 19:33 <REP> d-------- c:\program files\Microsoft 2009-02-20 19:29 . 2009-02-20 19:29 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2009-02-20 18:20 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll 2009-02-20 18:20 . 2009-02-20 18:20 385 --a------ c:\windows\ODBC.INI 2009-02-20 18:19 . 2009-02-20 18:19 <REP> d-------- c:\windows\SHELLNEW 2009-02-20 18:19 . 2009-02-20 18:19 <REP> d-------- c:\program files\Microsoft.NET 2009-02-20 17:01 . 2009-02-20 17:01 0 --a------ c:\windows\vpc32.INI 2009-02-20 16:29 . 2009-02-17 07:18 107,564 -r-hs---- C:\hyetn1i.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 21:41 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-21 21:34 --------- d-----w c:\program files\Fichiers communs\Adobe 2009-02-20 18:55 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2009-02-20 14:59 --------- d-----w c:\program files\Fichiers communs\PDFView 2009-02-20 14:58 --------- d-----w c:\program files\NewSoft 2009-02-20 14:52 --------- d-----w c:\program files\ScanSoft 2009-02-20 14:52 --------- d-----w c:\program files\Fichiers communs\ScanSoft Shared 2009-02-20 14:52 --------- d-----w c:\documents and settings\XXXXXX\Application Data\ScanSoft 2009-02-20 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft 2009-02-20 14:51 --------- d-----w c:\program files\Fichiers communs\InstallShield 2009-02-20 14:51 --------- d-----w c:\program files\ArcSoft 2009-02-20 14:50 --------- d-----w c:\program files\Fichiers communs\CANON 2009-02-20 14:49 --------- d-----w c:\program files\Canon 2009-02-20 14:48 --------- d--h--w c:\program files\CanonBJ 2009-02-20 14:40 --------- d-----w c:\program files\KONICA MINOLTA 2009-02-20 14:37 --------- d-----w c:\program files\Bi-Exploreur 2009-02-20 14:32 --------- d-----w c:\program files\CD-LabelPrint 2009-02-20 13:57 --------- d-----w c:\program files\Symantec Client Security 2009-02-20 13:57 --------- d-----w c:\program files\Symantec 2009-02-20 13:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-20 13:49 --------- d-----w c:\program files\Realtek 2009-02-20 13:48 315,392 ----a-w c:\windows\HideWin.exe 2009-02-20 13:42 --------- d-----w c:\program files\LG Soft India 2009-02-20 13:42 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield 2009-02-20 13:39 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-02-20 13:31 --------- d-----w c:\program files\microsoft frontpage 2009-02-20 13:30 --------- d-----w c:\program files\Services en ligne 2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-11-15 85744] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800] "VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "nwiz"="nwiz.exe" [2008-03-24 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-02-20 1097728] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck msln\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-20 99376] R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2009-02-20 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-02-20 13312] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\hyetn1i.exe \Shell\open\Command - D:\hyetn1i.exe . Contenu du dossier 'Tâches planifiées' 2009-02-21 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job - c:\program files\Microsoft LifeCam\LifeExp.exe [2007-01-12 17:48] 2009-02-20 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\XXXXXX\Application Data\Mozilla\Firefox\Profiles\6pn7nrvw.default\ FF - prefs.js: browser.startup.homepage - hxxp://portail.free.fr/ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 11:41:29 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Heure de fin: 2009-02-22 11:42:01 ComboFix-quarantined-files.txt 2009-02-22 10:41:59 Avant-CF: 147 360 370 688 octets libres Après-CF: 147,348,234,240 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 186 --- E O F --- 2009-02-22 09:31:26

Bonjour, Déjà Merci de vous occuper de mes problèmes ! Voilà, j'ai fais ce que vous me disiez, sauf que je n'ais pu démarer le pc qu'en mode sans echec reseau, et que après avoir lancé SDfix une ligne d'erreur s'est affiché me disant Impossible de charger ..... ( je ne sais plus quoi dsl ) Ensuite il a fait une analyse et voilà ce qui en est sorti Pour l'instant Norton affiche tjs avoir trouvé Infostealer Gampass Count 46 Filename nmdfgds0.dll Encore Merci de votre aide SDFix: Version 1.240 Run by XXXXXXXX on 22/02/2009 at 09:41 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\autorun.inf - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 09:43:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe" "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 17 Feb 2009 107,564 ..SHR --- "C:\hyetn1i.exe" Tue 17 Feb 2009 107,564 ..SHR --- "C:\WINDOWS\system32\olhrwef.exe" Fri 8 Sep 2006 304,704 A..H. --- "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uinstrsc.dll" Sun 22 Feb 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\330b3bd669ac05283ff55af103ae13c7\BIT15.tmp" Sun 22 Feb 2009 3,975,928 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\753414bc43037164bcc66c194d5dbe4a\BIT5.tmp" Sun 22 Feb 2009 5,104,702 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b15f12905daf2d5f4bb1d398773d75a0\BIT14.tmp" Finished!

Bonjour, Tout est dans le titre ! Un troyan nommé Infostealer Gampass, qui me fait démarer mon pc plusieurs fois à chaque session, et qui est détecté par Norton, qui apriori le détecte et l'efface, mais la session suivante je suis à nouveau infecté ! Comment faire ?? Merci davance Voici le rapport HijackThis, si cela suffit ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:55:16, on 21/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\SCHREI~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: forteManager.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 6798 bytes