Même problème que djams69

Bonjour,
J'ai le même problème que celui de djams69.
J'ai posté un message à la suite du sien mais ce n'est peut être pas le bon endroit.
J'ai téléchargé Ad-aware qui m'a dit avoir nettoyé mais quelques temps plus tard .. ça revient..
Je refais des scan et re-belote !
J'arrive à travailler un peu en arrêtant le processus explorer mais ce n'est pas très pratique.
Quelqu'un m'a dit de télécharger unlocker et d'aller supprimer des fichiers récents dans system32 mais ... je ne sais pas lesquels.
Voici le rapport hijackthis.
Grand merci d'avance à celui ou celle qui peut me guider ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:27, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\program files\u-storage tools2.1\ustorage.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vphc600.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\FolderShare\FolderShare.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\fichiers communs\aol\1142028331\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1142028331\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Christian DELAROCHE\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.packardbell.fr/easysear [...] eyword=aol
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\OPLIMIT\OCRAWARE.EXE
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57108EF1-38B6-1BF2-03C5-04581AB60D22} - C:\Program Files\jocsepsw\npjdssec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSVPS System - {AC546B33-036A-41DA-B1CC-C1D15659520E} - C:\WINDOWS\movctrlflm.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: The nssfrch - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - C:\WINDOWS\nssfrch.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools2.1\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tools2.1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [phc650] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hkfqratw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hkfqratw.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: TrayMin650.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/e [...] nSetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 7681624218
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: bxsbang - {9823B450-BB88-4F33-935D-F13E6D0F2912} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {0B995532-76BE-46E8-81F5-DAFC3AB48A9B} - C:\WINDOWS\ocgrep.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13838 bytes

------------------------------ C.D.

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

angeldark peut tu m'aider dans mon topic car je galere. et je sais si je vais rester connecter jusqu'a ce soir.
merci d'avance et désolé de faire ca.

Répondre à ninezu

On s'occupe déjà de ton cas

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

bon bin merci quand meme!

Répondre à ninezu

Je vois que je ne suis pas le seul à être infesté !
Voici le rapport de combofix

ComboFix 07-10-26.4 - C D 2007-10-26 16:20:38.1 - NTFSx86
Running from: C:\Documents and Settings\Cxxxxx xxxxxxxxx\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\hkfqratw.dll
C:\WINDOWS\system32\winspool.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))
.

2007-10-26 16:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 19:50 <REP> d-------- C:\Program Files\Lavasoft
2007-10-23 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-23 17:36 <REP> d-------- C:\Program Files\Windows Defender
2007-10-23 17:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-23 10:47 <REP> d-------- C:\Program Files\jocsepsw
2007-10-23 10:41 281,600 --a------ C:\WINDOWS\ocgrep.dll
2007-10-23 10:41 257,536 --a------ C:\WINDOWS\bxsbang.dll
2007-10-23 10:41 253,952 --a------ C:\WINDOWS\movctrlflm.dll
2007-10-23 10:41 75,776 --a------ C:\WINDOWS\nssfrch.dll
2007-10-15 11:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-10-10 08:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-06 18:15 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-06 18:15 <REP> d-------- C:\temp\ext48948
2007-10-06 18:15 <REP> d-------- C:\temp
2007-10-06 18:15 <REP> d-------- C:\Program Files\Microsoft FrontPage Express

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 07:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-23 18:25 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-23 18:25 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-15 09:35 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-10-06 22:55 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\Skype
2007-10-05 21:33 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\TribalWeb
2007-10-04 06:02 --------- d-----w C:\Program Files\Symantec
2007-10-03 21:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 21:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:38 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-25 20:49 --------- d-----w C:\Program Files\Picasa2
2007-09-21 13:21 --------- d-----w C:\Program Files\iTunes
2007-09-21 13:21 --------- d-----w C:\Program Files\iPod
2007-09-21 13:11 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-20 21:40 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-17 15:23 --------- d-----w C:\Program Files\Skype
2007-09-17 15:23 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-09-17 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-06 21:35 --------- d-----w C:\Program Files\MioNet
2007-09-06 10:16 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-08-29 21:18 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-29 06:18 --------- d-----w C:\Program Files\Java
2007-08-22 12:57 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:57 669,696 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 620,032 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:57 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:57 3,085,824 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:57 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:57 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 09:59 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 09:59 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 09:59 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 09:59 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 09:59 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 09:59 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-17 10:22 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2005-01-30 22:50 22,606,384 ----a-w C:\Program Files\AdbeRdr70_fra_full.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57108EF1-38B6-1BF2-03C5-04581AB60D22}]
2007-10-23 10:47 102400 --a------ C:\Program Files\jocsepsw\npjdssec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC546B33-036A-41DA-B1CC-C1D15659520E}]
2007-10-22 19:02 253952 --a------ C:\WINDOWS\movctrlflm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61AB8A39-FCCB-47CC-BAF3-750D1834E773}"= C:\WINDOWS\nssfrch.dll [2007-10-22 19:02 75776]

[HKEY_CLASSES_ROOT\CLSID\{61AB8A39-FCCB-47CC-BAF3-750D1834E773}]
[HKEY_CLASSES_ROOT\nssfrch.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}]
[HKEY_CLASSES_ROOT\nssfrch.ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 17:18]
"UStorage"="c:\program files\u-storage tools2.1\ustorage.exe" [2003-05-28 17:20]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 C:\WINDOWS\SoundMan.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"phc650"="C:\WINDOWS\vphc600.exe" [2005-07-20 19:55]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14]
"Net-It Launcher"="C:\WINDOWS\system32\NILaunch.exe" [1998-02-05 21:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe" [2006-11-17 15:16]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 12:01]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 C:\WINDOWS\ALCWZRD.EXE]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-29 08:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-15 11:34]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 23:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

C:\Documents and Settings\Christian DELAROCHE\Menu Démarrer\Programmes\Démarrage\
TribalWeb.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]
TribalWeb.net.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
AOL 9.0 Icône AOL.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2004-12-16 21:09:07]
AOL Compagnon.lnk - C:\Program Files\AOL Compagnon\companion.exe [2004-10-28 02:06:35]
Exif Launcher.lnk - C:\Program Files\Exif Launcher\QuickDCF.exe [2005-10-16 23:13:41]
TrayMin650.exe.lnk - C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe [2006-09-18 19:29:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxsbang"= {9823B450-BB88-4F33-935D-F13E6D0F2912} - C:\WINDOWS\bxsbang.dll [2007-10-26 10:11 257536]
"ocgrep"= {0B995532-76BE-46E8-81F5-DAFC3AB48A9B} - C:\WINDOWS\ocgrep.dll [2007-10-22 19:02 281600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 phc600;USB PC Camera (phc650);C:\WINDOWS\system32\DRIVERS\phc600.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USTOR;U-Storage Controller;C:\WINDOWS\system32\DRIVERS\UStork.sys

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-21 13:11:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-26 14:32:17 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-23 15:06:17 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Christian DELAROCHE.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 16:30:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-10-26 16:36:12 - machine was rebooted
.
--- E O F ---

------------------------------ C.D.
Répondre à alboni

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\movctrlflm.dll
C:\WINDOWS\nssfrch.dll
C:\WINDOWS\bxsbang.dll
C:\WINDOWS\ocgrep.dll

Folder::
C:\Program Files\jocsepsw

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57108EF1-38B6-1BF2-03C5-04581AB60D22}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC546B33-036A-41DA-B1CC-C1D15659520E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61AB8A39-FCCB-47CC-BAF3-750D1834E773}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxsbang"=-
"ocgrep"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Voici donc les deux rapports...

ComboFix 07-10-26.4 - Christian DELAROCHE 2007-10-26 17:11:42.2 - NTFSx86
Running from: C:\Documents and Settings\Christian DELAROCHE\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christian DELAROCHE\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\bxsbang.dll
C:\WINDOWS\movctrlflm.dll
C:\WINDOWS\nssfrch.dll
C:\WINDOWS\ocgrep.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\jocsepsw
C:\Program Files\jocsepsw\npjdssec.dll
C:\WINDOWS\bxsbang.dll
C:\WINDOWS\movctrlflm.dll
C:\WINDOWS\nssfrch.dll
C:\WINDOWS\ocgrep.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))))))))
.

2007-10-26 16:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 19:50 <REP> d-------- C:\Program Files\Lavasoft
2007-10-23 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-23 17:36 <REP> d-------- C:\Program Files\Windows Defender
2007-10-23 17:25 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-15 11:35 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2007-10-10 08:00 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-06 18:15 <REP> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-06 18:15 <REP> d-------- C:\temp\ext48948
2007-10-06 18:15 <REP> d-------- C:\temp
2007-10-06 18:15 <REP> d-------- C:\Program Files\Microsoft FrontPage Express

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 07:55 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-10-23 18:25 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-23 18:25 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-15 09:35 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-10-06 22:55 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\Skype
2007-10-05 21:33 --------- d-----w C:\Documents and Settings\Christian DELAROCHE\Application Data\TribalWeb
2007-10-04 06:02 --------- d-----w C:\Program Files\Symantec
2007-10-03 21:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 21:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:38 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-25 20:49 --------- d-----w C:\Program Files\Picasa2
2007-09-21 13:21 --------- d-----w C:\Program Files\iTunes
2007-09-21 13:21 --------- d-----w C:\Program Files\iPod
2007-09-21 13:11 --------- d-----w C:\Program Files\Apple Software Update
2007-09-20 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-20 21:40 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-17 15:23 --------- d-----w C:\Program Files\Skype
2007-09-17 15:23 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-09-17 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-06 21:35 --------- d-----w C:\Program Files\MioNet
2007-09-06 10:16 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-08-29 21:18 --------- d-----w C:\Program Files\MSXML 4.0
2007-08-29 06:18 --------- d-----w C:\Program Files\Java
2007-08-22 12:57 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:57 669,696 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:57 620,032 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:57 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:57 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:57 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:57 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:57 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:57 3,085,824 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:57 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:57 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:57 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:57 1,498,624 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:57 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 09:59 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 09:59 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 09:59 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 09:59 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 09:59 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 09:59 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-17 10:22 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2005-01-30 22:50 22,606,384 ----a-w C:\Program Files\AdbeRdr70_fra_full.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 17:18]
"UStorage"="c:\program files\u-storage tools2.1\ustorage.exe" [2003-05-28 17:20]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 C:\WINDOWS\SoundMan.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
"phc650"="C:\WINDOWS\vphc600.exe" [2005-07-20 19:55]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 03:14]
"Net-It Launcher"="C:\WINDOWS\system32\NILaunch.exe" [1998-02-05 21:16]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe" [2006-11-17 15:16]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 12:01]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 C:\WINDOWS\ALCWZRD.EXE]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 23:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-29 08:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-15 11:34]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" []
"FolderShare"="C:\Program Files\FolderShare\FolderShare.exe" [2005-10-30 23:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

C:\Documents and Settings\Christian DELAROCHE\Menu Démarrer\Programmes\Démarrage\
TribalWeb.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]
TribalWeb.net.lnk - C:\Program Files\TribalWeb.net\tribalweb.exe [2006-04-30 15:26:17]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
AOL 9.0 Icône AOL.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2004-12-16 21:09:07]
AOL Compagnon.lnk - C:\Program Files\AOL Compagnon\companion.exe [2004-10-28 02:06:35]
Exif Launcher.lnk - C:\Program Files\Exif Launcher\QuickDCF.exe [2005-10-16 23:13:41]
TrayMin650.exe.lnk - C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe [2006-09-18 19:29:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 phc600;USB PC Camera (phc650);C:\WINDOWS\system32\DRIVERS\phc600.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USTOR;U-Storage Controller;C:\WINDOWS\system32\DRIVERS\UStork.sys

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-21 13:11:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-26 15:20:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-23 15:06:17 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Christian DELAROCHE.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-26 17:20:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-10-26 17:24:39 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-26 16:36
.
--- E O F ---

******************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:07, on 26/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\program files\u-storage tools2.1\ustorage.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\vphc600.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\NILaunch.exe
C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\FolderShare\FolderShare.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Program Files\Philips\Philips SPC650NC Webcam\TrayMin650.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\fichiers communs\aol\1142028331\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe
c:\program files\fichiers communs\aol\1142028331\ee\aolsoftware.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christian DELAROCHE\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.packardbell.fr/easysear [...] eyword=aol
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools2.1\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tools2.1
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [phc650] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1142028331\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: TrayMin650.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/e [...] nSetup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 7681624218
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12500 bytes

------------------------------ C.D.
Répondre à alboni

C'est mieux maintenant ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

angeldark toi tu est tout le temps la moi mon helper est pas souvent la. du coup j'attend.

Répondre à ninezu

Bah t'attends Je suis là par période, lui est là le soir.
C'est juste les fins d'après midi pour moi.

Message édité par Angeldark le 26-10-2007 à 17:40:35

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

justement quand je n'y suis pas, bon bin ce soir j'y resterai tant pis.
merci quand meme et désolé du dérangement.

Répondre à ninezu

Pour le moment cela se passe bien, mon PC fonctionne correctement, mais cela m'est déjà arrivé qu'au bout de 2 ou 3 heures le problème re-surgisse ...
De toutes façons, je te remercie infiniment !
J'admire ta rapidité de réponse !
J'espère ne plus te déranger lundi.
Je vais en profiter pour faire quelques sauvegardes.
Bon week-end et merci encore !

------------------------------ C.D.
Répondre à alboni

Tiens moi au courant

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Je me suis absenté quelques jours.
Mon PC a l'air d'aller bien.
Merci encore.

------------------------------ C.D.
Répondre à alboni

Même problème que djams69

Forum Sécurité - Virus : Même problème que djams69

Attention