le fameux triangle jaune disant infection

Bonjour,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

merci pour la rapidité :

SmitFraudFix v2.240

Rapport fait à 19:40:07,40, 15/10/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 hk.digitaltrends.com
127.0.0.1 microsoft.com.org #[IE-SpyAd]
127.0.0.1 www.www.microsoft.com.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\stef\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\stef\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{61C3116F-DFBD-422F-A71A-74E8D890BEF4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{61C3116F-DFBD-422F-A71A-74E8D890BEF4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{61C3116F-DFBD-422F-A71A-74E8D890BEF4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

re,

ComboFix 07-10-12.4 - stef 2007-10-15 19:47:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1492 [GMT 2:00]
Running from: C:\Documents and Settings\stef\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hammer.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.

2007-10-15 19:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 19:40 2,082 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-15 19:39 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-15 19:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-15 19:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-15 19:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-15 19:39 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-15 19:02 <REP> d-------- C:\Program Files\Trend Micro
2007-10-15 11:28 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-10-15 04:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xentient
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\VS80-KB925674-X86
2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP001.TMP
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP000.TMP
2007-10-15 04:24 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-14 20:25 <REP> d-------- C:\Documents and Settings\stef\Application Data\OpenOffice.org2
2007-10-14 20:23 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-14 18:20 <REP> d-------- C:\Documents and Settings\stef\Application Data\Symantec
2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\pw32a.dll
2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\patchw32.dll
2007-10-14 18:09 <REP> d-------- C:\Program Files\Symantec
2007-10-14 18:09 <REP> d-------- C:\Program Files\Norton Ghost
2007-10-14 18:09 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-14 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-14 18:09 131,808 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2007-10-14 18:09 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2007-10-14 18:09 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2007-10-14 18:09 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2007-10-14 18:09 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2007-10-14 18:09 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2007-10-14 16:40 <REP> d-------- C:\Documents and Settings\stef\Application Data\Ahead
2007-10-14 15:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\Lavasoft
2007-10-14 15:26 389,184 --a------ C:\WINDOWS\system32\oqinlokh.exe
2007-10-14 15:26 339,968 --a------ C:\WINDOWS\system32\hiwgosar.dll
2007-10-13 22:20 <REP> d-------- C:\WINDOWS\Sun
2007-10-13 22:19 <REP> d-------- C:\Program Files\Java
2007-10-13 22:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-13 22:17 <REP> d-------- C:\Program Files\Azureus
2007-10-13 20:14 <REP> d-------- C:\Program Files\Ubisoft
2007-10-13 20:08 <REP> d-------- C:\Program Files\fraps
2007-10-13 20:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-13 19:56 <REP> d-------- C:\Program Files\eMule
2007-10-13 19:52 <REP> d-------- C:\Documents and Settings\stef\Application Data\Canon
2007-10-13 19:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-13 19:52 140,288 --a------ C:\WINDOWS\system32\CNMLM7M.DLL
2007-10-13 19:52 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-13 19:52 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-13 19:52 8,704 --a------ C:\WINDOWS\system32\CNMVS7M.DLL
2007-10-13 19:50 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2007-10-13 19:50 221,184 --a------ C:\WINDOWS\system32\CNCC800.DLL
2007-10-13 19:50 139,264 --a------ C:\WINDOWS\system32\CNCL800.DLL
2007-10-13 19:50 77,824 --a------ C:\WINDOWS\system32\CNCA800.DLL
2007-10-13 19:50 69,632 --a------ C:\WINDOWS\system32\CNCI800.DLL
2007-10-13 19:50 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-10-13 19:42 <REP> d-------- C:\Program Files\Canon
2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\stef\Application Data\Azureus
2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-13 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-10-13 18:01 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2007-10-13 18:01 <REP> d-------- C:\Documents and Settings\stef\Application Data\DAEMON Tools Pro
2007-10-13 17:56 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-13 17:54 <REP> d-------- C:\Documents and Settings\stef\.homejukebox
2007-10-13 17:53 <REP> d-------- C:\Program Files\Home Jukebox
2007-10-13 17:48 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-10-13 17:48 <REP> d-------- C:\Documents and Settings\stef\Application Data\teamspeak2
2007-10-13 17:43 <REP> d-------- C:\Documents and Settings\stef\Application Data\Media Player Classic
2007-10-13 17:41 <REP> d-------- C:\Program Files\adslTV
2007-10-13 17:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\vlc
2007-10-13 17:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-13 16:49 <REP> d-------- C:\Program Files\Fichiers communs\ACD Systems
2007-10-13 16:49 <REP> d-------- C:\Program Files\ACD Systems
2007-10-13 16:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-10-13 16:23 <REP> d-------- C:\Documents and Settings\stef\WINDOWS
2007-10-13 16:23 297,472 --a------ C:\WINDOWS\uninst.exe
2007-10-13 16:14 59,392 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\stef\Application Data\Logitech
2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-10-13 16:13 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-10-13 16:13 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-10-13 16:13 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-10-13 16:13 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\stef\Application Data\InstallShield
2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-13 16:09 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-10-13 16:09 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-10-13 16:09 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-10-13 16:09 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-10-13 16:05 <REP> d-------- C:\Program Files\Logitech
2007-10-13 16:05 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-10-13 16:01 1,287 --a------ C:\WINDOWS\mozver.dat
2007-10-13 15:43 <REP> d-------- C:\Program Files\IncrediMail
2007-10-13 15:37 <REP> d-------- C:\Program Files\quicken
2007-10-13 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-13 15:06 <REP> d-------- C:\Program Files\MSBuild
2007-10-13 15:05 <REP> d-------- C:\WINDOWS\system32\XPSViewer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 16:37 --------- d-----w C:\Program Files\Ad-Aware
2007-10-14 14:14 --------- d-----w C:\Program Files\Spybot
2007-10-13 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-10-13 02:09 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-12 20:29 --------- d-----w C:\Documents and Settings\stef\Application Data\ATI
2007-10-12 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-10-12 20:23 --------- d-----w C:\Program Files\ATI Technologies
2007-10-12 20:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-12 19:21 --------- d-----w C:\Documents and Settings\stef\Application Data\Xentient
2007-10-12 19:20 --------- d-----w C:\Program Files\Styler
2007-10-12 19:20 --------- d-----w C:\Documents and Settings\stef\Application Data\Styler
2007-10-12 19:19 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-12 19:18 --------- d-----w C:\Program Files\Cener Development
2007-10-12 19:12 --------- d-----w C:\Program Files\Windows Live
2007-10-12 19:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-12 19:12 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-12 19:11 77,184 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2007-10-12 19:11 45,824 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2007-10-12 19:11 36,924 ----a-w C:\WINDOWS\system32\fwapi.dll
2007-10-12 19:11 --------- d-----w C:\Program Files\Nero
2007-10-12 19:11 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-12 19:11 --------- d-----r C:\Program Files\Windows Sidebar
2007-10-12 19:06 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-12 19:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-02 14:32 4,613,120 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-27 12:20 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.EXE
2007-09-15 01:23 169,856 ----a-w C:\WINDOWS\system32\drivers\atinavt2.sys
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-17 17:28 --------- d-----w C:\Program Files\MSN Messenger
2007-08-03 11:22 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 15:51 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-07-26 16:06 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-07-26 15:09 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2007-07-25 13:24 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-14 15:26 339968 --a------ C:\WINDOWS\system32\hiwgosar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\hiwgosar.dll [2007-10-14 15:26 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\hiwgosar.dll [2007-10-14 15:26 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 15:00]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37]
"TransBar"="C:\WINDOWS\system32\transbar.exe" [2004-08-28 15:00]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-10-12 21:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 C:\WINDOWS\RTHDCPL.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-07-31 17:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 15:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"AWMON"="C:\Program Files\Ad-Aware\Ad-Watch.exe" [2005-05-25 13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"nltide2"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N
"nltide_2"=regsvr32 /s /n /i:U shell32
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hiwgosar]
hiwgosar.dll 2007-10-14 15:26 339968 C:\WINDOWS\system32\hiwgosar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjheee]
ljjheee.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 Jraid;Jraid;C:\WINDOWS\system32\DRIVERS\jraid.sys
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-15 17:41:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 19:49:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 19:50:04 - machine was rebooted
.
--- E O F ---

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hiwgosar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hiwgosar.dll
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O20 - Winlogon Notify: hiwgosar - C:\WINDOWS\SYSTEM32\hiwgosar.dll
O20 - Winlogon Notify: ljjheee - ljjheee.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7291 bytes

Re,

- Assure toi d'avoir accès aux dossiers/fichiers cachés
-> Démarrer
-> Panneau de configuration
-> Options des Dossiers, onglet Affichage :
. Clique sur Afficher les dossiers cachés
. Décoche Masquer les extensions des fichiers dont le type est connu
. Décoche Masquer les fichiers protégés du système d'exploitation

Va sur le site de S!ri
Clique sur Parcourir... puis ouvre:

C:\WINDOWS\SYSTEM32\hiwgosar.dll

Clique ensuite sur Upload.

ok c'est fait captain  

Re,

On supprime maintenant  

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

y'a eu redemmarage  

voici combofix :

ComboFix 07-10-12.4 - stef 2007-10-15 21:24:15.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1070 [GMT 2:00]
Running from: C:\Documents and Settings\stef\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\stef\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\hiwgosar.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\hiwgosar.dll
C:\WINDOWS\system32\hiwgosar.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.

2007-10-15 20:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-15 20:44 <REP> C:\WINDOWS\LastGood.Tmp
2007-10-15 19:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 19:40 2,082 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-15 19:39 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-15 19:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-15 19:39 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-15 19:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-15 19:39 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-15 19:02 <REP> d-------- C:\Program Files\Trend Micro
2007-10-15 11:28 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-10-15 04:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Xentient
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\VS80-KB925674-X86
2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-15 04:24 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP001.TMP
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\IXP000.TMP
2007-10-15 04:24 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-10-15 04:24 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-14 20:25 <REP> d-------- C:\Documents and Settings\stef\Application Data\OpenOffice.org2
2007-10-14 20:23 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2007-10-14 18:20 <REP> d-------- C:\Documents and Settings\stef\Application Data\Symantec
2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\pw32a.dll
2007-10-14 18:15 215,144 -ra------ C:\WINDOWS\patchw32.dll
2007-10-14 18:09 <REP> d-------- C:\Program Files\Symantec
2007-10-14 18:09 <REP> d-------- C:\Program Files\Norton Ghost
2007-10-14 18:09 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-14 18:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-14 18:09 131,808 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2007-10-14 18:09 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2007-10-14 18:09 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2007-10-14 18:09 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2007-10-14 18:09 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2007-10-14 18:09 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2007-10-14 16:40 <REP> d-------- C:\Documents and Settings\stef\Application Data\Ahead
2007-10-14 15:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\Lavasoft
2007-10-14 15:26 389,184 --a------ C:\WINDOWS\system32\oqinlokh.exe
2007-10-13 22:20 <REP> d-------- C:\WINDOWS\Sun
2007-10-13 22:19 <REP> d-------- C:\Program Files\Java
2007-10-13 22:19 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-10-13 22:17 <REP> d-------- C:\Program Files\Azureus
2007-10-13 20:14 <REP> d-------- C:\Program Files\Ubisoft
2007-10-13 20:08 <REP> d-------- C:\Program Files\fraps
2007-10-13 20:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-13 19:56 <REP> d-------- C:\Program Files\eMule
2007-10-13 19:52 <REP> d-------- C:\Documents and Settings\stef\Application Data\Canon
2007-10-13 19:52 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-10-13 19:52 140,288 --a------ C:\WINDOWS\system32\CNMLM7M.DLL
2007-10-13 19:52 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-13 19:52 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-13 19:52 8,704 --a------ C:\WINDOWS\system32\CNMVS7M.DLL
2007-10-13 19:50 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2007-10-13 19:50 221,184 --a------ C:\WINDOWS\system32\CNCC800.DLL
2007-10-13 19:50 139,264 --a------ C:\WINDOWS\system32\CNCL800.DLL
2007-10-13 19:50 77,824 --a------ C:\WINDOWS\system32\CNCA800.DLL
2007-10-13 19:50 69,632 --a------ C:\WINDOWS\system32\CNCI800.DLL
2007-10-13 19:50 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-10-13 19:42 <REP> d-------- C:\Program Files\Canon
2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\stef\Application Data\Azureus
2007-10-13 18:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-13 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-10-13 18:01 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2007-10-13 18:01 <REP> d-------- C:\Documents and Settings\stef\Application Data\DAEMON Tools Pro
2007-10-13 17:56 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-13 17:54 <REP> d-------- C:\Documents and Settings\stef\.homejukebox
2007-10-13 17:53 <REP> d-------- C:\Program Files\Home Jukebox
2007-10-13 17:48 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2007-10-13 17:48 <REP> d-------- C:\Documents and Settings\stef\Application Data\teamspeak2
2007-10-13 17:43 <REP> d-------- C:\Documents and Settings\stef\Application Data\Media Player Classic
2007-10-13 17:41 <REP> d-------- C:\Program Files\adslTV
2007-10-13 17:41 <REP> d-------- C:\Documents and Settings\stef\Application Data\vlc
2007-10-13 17:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-10-13 16:49 <REP> d-------- C:\Program Files\Fichiers communs\ACD Systems
2007-10-13 16:49 <REP> d-------- C:\Program Files\ACD Systems
2007-10-13 16:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-10-13 16:23 <REP> d-------- C:\Documents and Settings\stef\WINDOWS
2007-10-13 16:23 297,472 --a------ C:\WINDOWS\uninst.exe
2007-10-13 16:14 59,392 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\stef\Application Data\Logitech
2007-10-13 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-10-13 16:13 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-10-13 16:13 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-10-13 16:13 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-10-13 16:13 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\stef\Application Data\InstallShield
2007-10-13 16:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-13 16:09 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-10-13 16:09 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-10-13 16:09 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-10-13 16:09 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-10-13 16:05 <REP> d-------- C:\Program Files\Logitech
2007-10-13 16:05 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-10-13 16:01 1,287 --a------ C:\WINDOWS\mozver.dat
2007-10-13 15:43 <REP> d-------- C:\Program Files\IncrediMail
2007-10-13 15:37 <REP> d-------- C:\Program Files\quicken
2007-10-13 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-13 15:06 <REP> d-------- C:\Program Files\MSBuild

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 16:37 --------- d-----w C:\Program Files\Ad-Aware
2007-10-14 14:14 --------- d-----w C:\Program Files\Spybot
2007-10-13 18:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-10-13 14:13 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-10-13 02:09 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-10-12 20:58 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-10-12 20:29 --------- d-----w C:\Documents and Settings\stef\Application Data\ATI
2007-10-12 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-10-12 20:23 --------- d-----w C:\Program Files\ATI Technologies
2007-10-12 20:21 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-12 19:21 --------- d-----w C:\Documents and Settings\stef\Application Data\Xentient
2007-10-12 19:20 --------- d-----w C:\Program Files\Styler
2007-10-12 19:20 --------- d-----w C:\Documents and Settings\stef\Application Data\Styler
2007-10-12 19:19 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-12 19:18 --------- d-----w C:\Program Files\Cener Development
2007-10-12 19:12 --------- d-----w C:\Program Files\Windows Live
2007-10-12 19:12 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-12 19:12 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-12 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-10-12 19:11 77,184 ----a-w C:\WINDOWS\system32\drivers\lnsfw1.sys
2007-10-12 19:11 45,824 ----a-w C:\WINDOWS\system32\drivers\lnsfw.sys
2007-10-12 19:11 36,924 ----a-w C:\WINDOWS\system32\fwapi.dll
2007-10-12 19:11 --------- d-----w C:\Program Files\Nero
2007-10-12 19:11 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-12 19:11 --------- d-----r C:\Program Files\Windows Sidebar
2007-10-12 19:06 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-10-12 19:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-02 14:32 4,613,120 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-27 12:20 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.EXE
2007-09-15 01:23 169,856 ----a-w C:\WINDOWS\system32\drivers\atinavt2.sys
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-17 17:28 --------- d-----w C:\Program Files\MSN Messenger
2007-08-03 11:22 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-29 15:51 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-07-26 16:06 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe
2007-07-26 15:09 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2007-07-25 13:24 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-15_19.49.50.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 11:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 11:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-10-15 19:27:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a20.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 15:00]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37]
"TransBar"="C:\WINDOWS\system32\transbar.exe" [2004-08-28 15:00]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2007-10-12 21:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 14:20 C:\WINDOWS\RTHDCPL.EXE]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-07-31 17:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 15:00]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"AWMON"="C:\Program Files\Ad-Aware\Ad-Watch.exe" [2005-05-25 13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"nltide2"=cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N
"nltide_2"=regsvr32 /s /n /i:U shell32
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

R0 Jraid;Jraid;C:\WINDOWS\system32\DRIVERS\jraid.sys
R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-15 17:52:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 21:27:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 21:27:39 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-15 19:50
.
--- E O F ---




et voici l'autre :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware\Ad-Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Ad-Aware\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7006 bytes


merci pour ton temps

Mieux ?

trop fort y'a plus le triangle, plus la barre security sur internet explorer et plus 2 raccourcis moisis sur le bureau pour avoir soi disant un super anti-spyware.

J'ai 35 balais et c'est grâce à des gars comme toi sur les forums qui me dépannent que j'ai pas laisser tomber l'informatique car des problèmes sont fréquents à cause de mecs qui n'ont que ça à faire que de plmober les ordis des gens.
MERCi encore MERCI et longue vie pour ce forum.

PS: tu pourrais me dire quel antivirus te considère comme le meilleur en ce moment? merci.

Payant : Nod32 - Kaspersy
Gratuit : AntiVir