Infecté par virus heat

Résolu
morgan44390 Messages postés 29 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
bonjour,
pourriez-vous m'aidez svp, je suis infecté par ce virus heat, je ne sais pas comment faire pour m'en débarasser, j'ai norton 360, cet antivirus n'est donc pas efficace pour ce genre de programme? Par avance, merci
j'ai écrit ce message deux fois pour changer mes configuration qui sont vista premium, firefox

J'ai enregistrer hijackthis, voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:23, on 30/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Nouveau dossier\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1478739037-1503273959-3168364529-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Véro')
O4 - S-1-5-21-1478739037-1503273959-3168364529-1003 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Véro')
O4 - S-1-5-21-1478739037-1503273959-3168364529-1003 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Véro')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

15 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut morgan

    oui norton n´est pas ce qu´il se fait de mieux en qualité de protection...

    passe ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau rapport hijack this.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    @+
    2
  2. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonjour morgan44390,

    pour le moment on a encore rien supprimé, donc le message doit encore etre present...

    voici la suite :

    Copie le texte ci-dessous :

    File::
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

    Folder::
    C:\Program Files\NetProject

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"=-
    [-HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

    Driver::
    France Telecom Routing Table Service
    FTRTSVC

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    1
    1. morgan44390 Messages postés 29 Statut Membre
       
      salut g!rly, voilà les scans;

      ComboFix 08-03-30.3 - morgan 2008-04-01 16:23:04.3 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1888 [GMT 2:00]
      Endroit: C:\Users\morgan\Desktop\ComboFix.exe
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
      .

      2008-03-30 22:38 . 2008-03-31 19:08 <REP> d-------- C:\Nouveau dossier
      2008-03-30 22:19 . 2008-03-30 22:19 <REP> d-------- C:\Program Files\Trend Micro
      2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Windows\System32\375013
      2008-03-27 12:52 . 2008-03-27 12:52 <REP> d-------- C:\Users\morgan\AppData\Roaming\Samsung
      2008-03-27 12:51 . 2006-05-03 23:53 174,592 --a------ C:\Windows\System32\framedyn.dll
      2008-03-27 12:50 . 2006-07-24 17:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
      2008-03-27 12:40 . 2008-03-27 12:43 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
      2008-03-27 12:40 . 2008-03-27 12:40 <REP> d-------- C:\Program Files\Samsung
      2008-03-27 12:40 . 2007-05-02 12:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
      2008-03-27 12:40 . 2007-05-02 12:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
      2008-03-27 12:40 . 2007-05-02 12:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
      2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
      2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
      2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
      2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
      2008-03-27 12:40 . 2005-08-28 21:51 766 --a------ C:\Windows\System32\Uninstall.ico
      2008-03-21 21:49 . 2008-03-21 21:49 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
      2008-03-19 17:38 . 2008-03-19 17:38 <REP> d-------- C:\Users\morgan\THE BEST OF ROCK- JIMY HENDRIX, ACDC, BEATLES, U2, BOB MARLEY, POLICE, THE DOORS, EAGLES, THE BOSS, THE WHO.... ETC........... LOS MEJORES 40 TEMAS
      2008-03-12 19:04 . 2008-04-01 16:20 <REP> d-------- C:\Users\morgan\AppData\Roaming\OpenOffice.org2
      2008-03-12 15:39 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
      2008-03-12 15:39 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
      2008-03-02 15:05 . 2008-04-01 11:10 <REP> d-------- C:\Users\Véro\AppData\Roaming\OpenOffice.org2
      2008-03-02 14:52 . 2008-03-02 15:01 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
      2008-03-02 14:51 . 2008-03-29 21:27 <REP> d-------- C:\Program Files\Java
      2008-03-02 14:51 . 2008-03-02 14:51 <REP> d-------- C:\Program Files\Common Files\Java

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-01 09:42 1,310,720 --sha-w C:\Users\Véro\NTUSER.DAT
      2008-04-01 09:42 1,310,720 --sha-w C:\Users\Véro\NTUSER.DAT
      2008-04-01 09:10 --------- d-----w C:\Users\Véro\AppData\Roaming\OpenOffice.org2
      2008-03-29 19:33 --------- d-----w C:\Program Files\Yahoo!
      2008-03-29 19:32 --------- d-----w C:\Program Files\Packard Bell
      2008-03-28 15:04 --------- d-----w C:\Users\morgan\AppData\Roaming\InstallShield
      2008-03-27 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-27 10:47 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-03-25 11:50 --------- d-----w C:\Users\Véro\AppData\Roaming\Macromedia
      2008-03-12 16:27 --------- d-----w C:\Program Files\Windows Mail
      2008-03-07 14:04 --------- d-----w C:\Users\morgan\AppData\Roaming\Packard Bell
      2008-03-07 13:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
      2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
      2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
      2008-03-03 20:04 --------- d-----w C:\Users\Véro\AppData\Roaming\Roxio
      2008-02-26 19:45 --------- d-----w C:\Program Files\Microsoft Works
      2008-02-26 19:36 --------- d-----w C:\Users\morgan\AppData\Roaming\Template
      2008-02-14 19:14 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-14 19:14 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-14 19:10 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-14 19:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-14 19:10 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-14 19:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-14 19:10 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-14 19:10 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-14 19:10 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-14 19:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-14 19:10 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-14 19:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-14 19:10 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
      2008-02-14 19:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-14 19:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-14 19:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-14 19:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-14 19:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-14 19:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-14 19:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-14 19:07 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-14 19:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-14 19:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-14 19:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-11 10:17 --------- d-----w C:\Program Files\DivX
      2008-02-11 10:03 --------- d-----w C:\Program Files\BitTorrent
      2008-02-11 10:00 --------- d-----w C:\Users\morgan\AppData\Roaming\BitTorrent
      2008-02-10 11:42 --------- d-----w C:\Program Files\Shareaza Applications
      2008-01-21 10:42 168 ----a-w C:\Users\Véro\AppData\Roaming\wklnhst.dat
      2008-01-14 17:06 74,752 ----a-w C:\Windows\ST6UNST.EXE
      2008-01-14 17:06 290,816 ------w C:\Windows\Setup1.exe
      2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2008-01-09 22:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2008-01-09 22:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2008-01-09 22:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2008-01-09 22:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2008-01-09 22:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2008-01-09 22:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
      2008-01-09 22:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
      2008-01-09 22:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2008-01-09 22:15 2,923,520 ----a-w C:\Windows\explorer.exe
      2008-01-09 22:15 2,027,008 ----a-w C:\Windows\System32\win32k.sys
      2008-01-09 22:14 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
      2008-01-09 22:14 7,680 ----a-w C:\Windows\System32\spwmp.dll
      2008-01-09 22:14 4,096 ----a-w C:\Windows\System32\dxmasf.dll
      2008-01-09 22:14 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2008-01-09 22:12 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2008-01-09 22:12 84,480 ----a-w C:\Windows\System32\INETRES.dll
      2008-01-09 22:12 8,704 ----a-w C:\Windows\System32\hcrstco.dll
      2008-01-09 22:12 8,704 ----a-w C:\Windows\System32\hccoin.dll
      2008-01-09 22:12 737,792 ----a-w C:\Windows\System32\inetcomm.dll
      2008-01-09 22:12 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2008-01-09 22:12 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2008-01-09 22:11 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-01-09 22:10 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
      2008-01-09 11:57 53,080 ----a-w C:\Windows\System32\wuauclt.exe
      2008-01-09 11:57 43,352 ----a-w C:\Windows\System32\wups2.dll
      2008-01-09 11:57 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
      2008-01-09 11:57 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
      2008-01-09 11:56 80,896 ----a-w C:\Windows\System32\wudriver.dll
      2008-01-09 11:56 549,720 ----a-w C:\Windows\System32\wuapi.dll
      2008-01-09 11:56 33,624 ----a-w C:\Windows\System32\wups.dll
      2008-01-09 11:56 31,232 ----a-w C:\Windows\System32\wuapp.exe
      2008-01-09 11:56 163,000 ----a-w C:\Windows\System32\wuwebv.dll
      2008-01-08 18:50 0 ----a-w C:\Users\morgan\AppData\Roaming\wklnhst.dat
      2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
      2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
      2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
      2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
      2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
      2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
      2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
      2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
      2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
      2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
      2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
      2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
      2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
      2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
      2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
      2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
      2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
      .

      ((((((((((((((((((((((((((((( snapshot_2008-04-01_16.18.44.09 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-01 14:14:52 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-01 14:21:47 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-01 14:11:51 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-04-01 14:23:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-04-01 14:16:41 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-01 14:17:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
      + 2008-04-01 14:17:28 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
      - 2008-04-01 09:28:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2008-04-01 14:19:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2008-04-01 09:28:26 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2008-04-01 14:19:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2008-04-01 09:28:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2008-04-01 14:19:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2008-04-01 14:05:03 107,416 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-04-01 14:23:34 107,416 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-04-01 14:05:03 121,814 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-04-01 14:23:34 121,814 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-04-01 14:05:03 618,272 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-04-01 14:23:34 618,272 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-04-01 14:05:03 699,984 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-04-01 14:23:34 699,984 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-04-01 14:08:02 7,166 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1478739037-1503273959-3168364529-1002_UserData.bin
      + 2008-04-01 14:18:10 7,292 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1478739037-1503273959-3168364529-1002_UserData.bin
      - 2008-04-01 14:08:02 48,916 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-04-01 14:18:10 49,142 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 00:11 1232896]
      "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
      "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
      "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-24 09:04 1006264]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 11:06 4669440 C:\Windows\RtHDVCpl.exe]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
      "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-23 23:50 243200]
      "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
      "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
      "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-09 11:16 98304]
      "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]
      "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]

      C:\Users\V‚ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

      C:\Users\morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{AC3E4ACF-13B8-4D22-932C-C90551683157}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
      "{127FAF6E-42E8-48F8-B071-D0F7A70F44D1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{0BAAA4B3-8034-42A5-85F4-019E291425E5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{A8DEACBD-F05D-4420-B4F1-8CAF90455D07}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
      "{00D7C41E-A778-412D-857F-3408060EF992}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
      "{7AAC86C1-C054-4D5F-8557-11882A700281}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
      "{06C9F014-C1CE-4BFE-BE2E-0C02AFA84519}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
      "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

      R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080331.001\IDSvix86.sys [2008-02-13 18:18]
      R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
      S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
      S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
      S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11]
      S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11]
      S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11]
      S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-04-15 23:29]
      S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50]

      *Newly Created Service* - COMHOST
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-04-01 14:00:01 C:\Windows\Tasks\Extension de garantie.job"
      - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
      "2008-03-31 16:46:32 C:\Windows\Tasks\User_Feed_Synchronization-{53099A0A-B43D-4A6E-9686-392C162327E5}.job"
      - C:\Windows\system32\msfeedssync.exe
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-01 16:24:43
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-01 16:25:14
      ComboFix-quarantined-files.txt 2008-04-01 14:25:11
      ComboFix2.txt 2008-04-01 14:19:11
      ComboFix3.txt 2008-03-31 17:02:47
      Pre-Run: 85,035,634,688 octets libres
      Post-Run: 85,010,063,360 octets libres
      .
      2008-03-27 19:53:26 --- E O F ---
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:26:32, on 01/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Picasa2\PicasaMediaDetector.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Orange\Systray\SystrayApp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\ehome\ehmsas.exe
      C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
      C:\Windows\Explorer.exe
      C:\Nouveau dossier\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
      O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
      O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O15 - Trusted Zone: https://www.orange.fr/portail
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok morgan44390,

    performes maintenant ce scan :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @+
    1
    1. morgan44390 Messages postés 29 Statut Membre
       
      tjrs moi;

      Malwarebytes' Anti-Malware 1.10
      Version de la base de données: 582

      Type de recherche: Examen rapide
      Eléments examinés: 29728
      Temps écoulé: 4 minute(s), 22 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 8
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 3

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40} (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Windows\System32\375013 (Trojan.Zlob) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Users\morgan\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
      0
      1. morgan44390 Messages postés 29 Statut Membre > morgan44390 Messages postés 29 Statut Membre
         
        J'ai l'impression que le problème est résolu, je n'ai plus de message, ni d'icône.
        Merci beaucoup à la communauté et à g!rly en particulier.
        Quelle serait la meilleure des protections pour surfer (si tenté de penser que la perfection n'existe pas)?
        Norton 360 ne fait pas du bon boulot appartemment, comment puis-je compléter ses failles? Avec malware's bytes uniquement?
        Que puis-je rajouter en protection qui ne rentrerais pas en conflit avec norton?
        Dois-je remplacer norton?
        0
  4. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonjour morgan44390,

    oui norton est comme il est, mais j´immagine que tu paie une liscence !? donc on va peut etre pas le remplacer ?!

    garde malwarebytes pour scanner de temps en temps ;-)

    je peux te proposer ce logiciel qui le completera a souhait :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

    dis moi

    @+
    1
    1. morgan44390 Messages postés 29 Statut Membre
       
      encore merci.
      Tu es informaticien(ne) pour connaitre tout ça où?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonsoir morgan44390,

    non je suis coiffeuse ;-)

    comment va ton pc maintenant ?

    si c´est ok

    on va supprimer les outils que l´on a utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    @+
    1
    1. morgan44390 Messages postés 29 Statut Membre
       
      salut miss g!rly,
      après avoir supprimer il me dit qu'il est impossible de créer le fichier tcleaner.txt, accès refusé;
      -->- Recherche:

      C:\Qoobox: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
      C:\Qoobox: ERREUR DE SUPPRESSION !!
      C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
      C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
      C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
      0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut morgan44390

    oui je voie ca...

    il va faloir que tu supprime les outils utilisés manuellement :

    supprime hijack this > C:\Nouveau dossier\HijackThis.exe

    et combofix + C:\Qoobox+combofix .txt

    et tool cleaner

    dis moi

    @+
    1
    1. morgan44390 Messages postés 29 Statut Membre
       
      Ca y est miss, le ménage est fait je pense.
      donc si j'ai bien compris, le malwares bytes et le spyware blaster sont efficaces eux contre ce genre d'intrus que sont virus heat et compagnie?
      0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    cool morgan ;-)

    spyware blaster est resident, il va bloquer beaucoup de tentatives d´intrusion sans rien te dire. comme celle que tu as eu ;-)

    pensse a le tenir a jour ;-)

    malware bytes est un antispyware qui scan a la recherche d´infections, tu peux scanner de temps en temps pour voir si tout est ok.

    Voila nos chemins se separent maintenant...

    Bonne continuation/week end`

    Bye`

    g!rly`

    ;D
    1
    1. morgan44390 Messages postés 29 Statut Membre
       
      merci à toi, bonne route.
      0
  9. nottip Messages postés 317 Statut Membre 31
     
    Hello,

    Va sur le lien ci-dessous, il explique bien comment t'y prendre, mais c'est en anglais.

    http://www.pchubs.com/blogs/virus-heat-removal-process-remove-virus-heat

    Good luck.
    0
  10. morgan44390 Messages postés 29 Statut Membre
     
    je ne suis pas sur mon ordi en ce moment, mais je vais faire tout ça cet après midi. Merci pour ton aide
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok morgan,

    @+
    0
    1. franckydeladombes Messages postés 1802 Statut Membre 99
       
      Bonjours,Girly
      0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut francky ;-)
    Tu vas bientot pouvoir aider les autres a force de trainer par ici ;D
    Bonne journée`
    @+
    0
    1. franckydeladombes Messages postés 1802 Statut Membre 99
       
      C'est ce que j'essaye de faire apprendre;par contre j'ai eu un soucis avec paypal et j'ai du supprimer le compte ils me disaient que quelqu'un essayait de visiter mon compte via une autre adresse est-ce que ça vient de moi ou est-ce externe?
      0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    C´est cool, rejoind nous vite car il y a de plus en plus de gents infectés qui demandent de l´aide sur le site j´ai l´impression ?!

    Pour pay pal; c´est externe je dirais. Quelqu´un qui a essayé de hacker ton compte ! ;-(

    @+
    0
    1. franckydeladombes Messages postés 1802 Statut Membre 99
       
      ok merci et à+bonne journée à toi aussi...
      0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    ;-)
    0
  15. morgan44390 Messages postés 29 Statut Membre
     
    ça y est, j'ai laissé travaillé combofix et hjt, voilà leurs rapports;

    ComboFix 08-03-30.3 - morgan 2008-03-31 18:59:40.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1882 [GMT 2:00]
    Endroit: C:\Users\morgan\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .
    TimedOut: Windir.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    ----- BITS: Possible sites infectés -----

    hxxp://rad.msn.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-30 22:38 . 2008-03-31 00:09 <REP> d-------- C:\Nouveau dossier
    2008-03-30 22:19 . 2008-03-30 22:19 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Windows\System32\375013
    2008-03-30 20:44 . 2008-03-30 20:44 <REP> d-------- C:\Program Files\NetProject
    2008-03-27 12:52 . 2008-03-27 12:52 <REP> d-------- C:\Users\morgan\AppData\Roaming\Samsung
    2008-03-27 12:51 . 2006-05-03 23:53 174,592 --a------ C:\Windows\System32\framedyn.dll
    2008-03-27 12:50 . 2006-07-24 17:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
    2008-03-27 12:40 . 2008-03-27 12:43 <REP> d-------- C:\Windows\System32\Samsung_USB_Drivers
    2008-03-27 12:40 . 2008-03-27 12:40 <REP> d-------- C:\Program Files\Samsung
    2008-03-27 12:40 . 2007-05-02 12:11 109,704 --a------ C:\Windows\System32\drivers\ss_mdm.sys
    2008-03-27 12:40 . 2007-05-02 12:11 83,592 --a------ C:\Windows\System32\drivers\ss_bus.sys
    2008-03-27 12:40 . 2007-05-02 12:11 15,112 --a------ C:\Windows\System32\drivers\ss_mdfl.sys
    2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_whnt.sys
    2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_wh.sys
    2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_cmnt.sys
    2008-03-27 12:40 . 2007-05-02 12:11 12,424 --a------ C:\Windows\System32\drivers\ss_cm.sys
    2008-03-27 12:40 . 2005-08-28 21:51 766 --a------ C:\Windows\System32\Uninstall.ico
    2008-03-21 21:49 . 2008-03-21 21:49 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
    2008-03-19 17:38 . 2008-03-19 17:38 <REP> d-------- C:\Users\morgan\THE BEST OF ROCK- JIMY HENDRIX, ACDC, BEATLES, U2, BOB MARLEY, POLICE, THE DOORS, EAGLES, THE BOSS, THE WHO.... ETC........... LOS MEJORES 40 TEMAS
    2008-03-12 19:04 . 2008-03-31 18:45 <REP> d-------- C:\Users\morgan\AppData\Roaming\OpenOffice.org2
    2008-03-12 15:39 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-03-12 15:39 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
    2008-03-02 15:05 . 2008-03-31 00:07 <REP> d-------- C:\Users\Véro\AppData\Roaming\OpenOffice.org2
    2008-03-02 14:52 . 2008-03-02 15:01 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-03-02 14:51 . 2008-03-29 21:27 <REP> d-------- C:\Program Files\Java
    2008-03-02 14:51 . 2008-03-02 14:51 <REP> d-------- C:\Program Files\Common Files\Java
    2008-02-26 21:52 . 2008-03-27 13:13 <REP> d-------- C:\Users\morgan\AbiSuite
    2008-02-26 21:36 . 2008-02-26 21:36 <REP> d-------- C:\Users\morgan\AppData\Roaming\Template
    2008-02-26 21:35 . 1997-08-26 14:06 315,904 --a------ C:\Windows\IsUninst.exe
    2008-02-26 21:24 . 2008-02-26 21:24 <REP> d--h----- C:\Windows\msdownld.tmp
    2008-02-17 13:46 . 2008-01-10 07:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-02-14 21:14 . 2008-02-14 21:14 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-02-14 21:14 . 2008-02-14 21:14 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-02-14 21:10 . 2008-02-14 21:10 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 21:09 . 2008-02-14 21:09 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 21:09 . 2008-02-14 21:09 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-02-11 12:00 . 2008-02-11 12:00 <REP> d-------- C:\Users\morgan\AppData\Roaming\BitTorrent
    2008-02-11 12:00 . 2008-02-11 12:03 <REP> d-------- C:\Program Files\BitTorrent
    2008-02-10 13:43 . 2008-02-10 13:43 <REP> d-------- C:\My Downloads
    2008-02-10 13:42 . 2008-02-10 13:42 <REP> d-------- C:\Program Files\Shareaza Applications
    2008-02-10 13:42 . 2006-11-12 12:39 483,328 --a------ C:\Windows\System32\actskn45.ocx

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-31 16:59 1,310,720 --sha-w C:\Users\Véro\NTUSER.DAT
    2008-03-31 16:59 1,310,720 --sha-w C:\Users\Véro\NTUSER.DAT
    2008-03-30 22:07 --------- d-----w C:\Users\Véro\AppData\Roaming\OpenOffice.org2
    2008-03-29 19:33 --------- d-----w C:\Program Files\Yahoo!
    2008-03-29 19:32 --------- d-----w C:\Program Files\Packard Bell
    2008-03-28 15:04 --------- d-----w C:\Users\morgan\AppData\Roaming\InstallShield
    2008-03-27 10:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-27 10:47 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-25 11:50 --------- d-----w C:\Users\Véro\AppData\Roaming\Macromedia
    2008-03-12 16:27 --------- d-----w C:\Program Files\Windows Mail
    2008-03-07 14:04 --------- d-----w C:\Users\morgan\AppData\Roaming\Packard Bell
    2008-03-07 13:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
    2008-03-03 20:04 --------- d-----w C:\Users\Véro\AppData\Roaming\Roxio
    2008-02-26 19:45 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-14 19:10 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 19:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 19:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 19:10 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 19:10 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 19:10 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 19:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 19:10 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 19:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 19:10 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 19:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 19:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 19:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 19:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 19:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 19:07 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 19:07 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-14 19:07 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 19:07 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-11 10:17 --------- d-----w C:\Program Files\DivX
    2008-01-31 14:28 --------- d-----w C:\Program Files\Norton 360
    2008-01-29 17:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-29 17:06 --------- d-----w C:\Users\Véro\AppData\Roaming\Yahoo!
    2008-01-29 17:06 --------- d-----w C:\Users\Véro\AppData\Roaming\Google
    2008-01-29 16:55 --------- d-----w C:\Users\Véro\AppData\Roaming\Packard Bell
    2008-01-21 10:42 168 ----a-w C:\Users\Véro\AppData\Roaming\wklnhst.dat
    2008-01-14 17:06 74,752 ----a-w C:\Windows\ST6UNST.EXE
    2008-01-14 17:06 290,816 ------w C:\Windows\Setup1.exe
    2008-01-09 22:15 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-01-09 22:15 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-01-09 22:15 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-01-09 22:15 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-01-09 22:15 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-01-09 22:15 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-01-09 22:15 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2008-01-09 22:15 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
    2008-01-09 22:15 2,923,520 ----a-w C:\Windows\explorer.exe
    2008-01-09 22:15 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-01-09 22:14 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
    2008-01-09 22:14 7,680 ----a-w C:\Windows\System32\spwmp.dll
    2008-01-09 22:14 4,096 ----a-w C:\Windows\System32\dxmasf.dll
    2008-01-09 22:14 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
    2008-01-09 22:12 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2008-01-09 22:12 84,480 ----a-w C:\Windows\System32\INETRES.dll
    2008-01-09 22:12 8,704 ----a-w C:\Windows\System32\hcrstco.dll
    2008-01-09 22:12 8,704 ----a-w C:\Windows\System32\hccoin.dll
    2008-01-09 22:12 737,792 ----a-w C:\Windows\System32\inetcomm.dll
    2008-01-09 22:12 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2008-01-09 22:12 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-01-09 22:11 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-09 22:10 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-01-09 11:57 53,080 ----a-w C:\Windows\System32\wuauclt.exe
    2008-01-09 11:57 43,352 ----a-w C:\Windows\System32\wups2.dll
    2008-01-09 11:57 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
    2008-01-09 11:57 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
    2008-01-09 11:56 80,896 ----a-w C:\Windows\System32\wudriver.dll
    2008-01-09 11:56 549,720 ----a-w C:\Windows\System32\wuapi.dll
    2008-01-09 11:56 33,624 ----a-w C:\Windows\System32\wups.dll
    2008-01-09 11:56 31,232 ----a-w C:\Windows\System32\wuapp.exe
    2008-01-09 11:56 163,000 ----a-w C:\Windows\System32\wuwebv.dll
    2008-01-08 18:50 0 ----a-w C:\Users\morgan\AppData\Roaming\wklnhst.dat
    2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2007-10-23 21:31 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C109800-A5D5-438F-9640-18D17E168B88}]
    2008-03-30 20:44 10240 --a------ C:\Program Files\NetProject\sbmdl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [2008-03-30 20:44 85504]

    [HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [2008-03-30 20:44 85504]

    [HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 00:11 1232896]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
    "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-24 09:04 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 11:06 4669440 C:\Windows\RtHDVCpl.exe]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 13:15 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 13:15 8466432]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 13:15 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-23 23:50 243200]
    "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-09 11:16 98304]
    "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]
    "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]

    C:\Users\V‚ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

    C:\Users\morgan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 23:57:56 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{AC3E4ACF-13B8-4D22-932C-C90551683157}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
    "{127FAF6E-42E8-48F8-B071-D0F7A70F44D1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{0BAAA4B3-8034-42A5-85F4-019E291425E5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{A8DEACBD-F05D-4420-B4F1-8CAF90455D07}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{00D7C41E-A778-412D-857F-3408060EF992}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
    "{7AAC86C1-C054-4D5F-8557-11882A700281}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
    "{06C9F014-C1CE-4BFE-BE2E-0C02AFA84519}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 18:18]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 12:11]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 12:11]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 12:11]
    S4 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-04-15 23:29]
    S4 nvsmu;nvsmu;C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 08:50]

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-31 17:00:06 C:\Windows\Tasks\Extension de garantie.job"
    - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
    "2008-03-31 16:46:32 C:\Windows\Tasks\User_Feed_Synchronization-{53099A0A-B43D-4A6E-9686-392C162327E5}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-31 19:02:19
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-31 19:02:47
    ComboFix-quarantined-files.txt 2008-03-31 17:02:44
    Pre-Run: 88,417,951,744 octets libres
    Post-Run: 88,393,269,248 octets libres
    .
    2008-03-27 19:53:26 --- E O F ---
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:08:23, on 31/03/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\eMule\emule.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Nouveau dossier\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: https://www.orange.fr/portail
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
    1. morgan44390 Messages postés 29 Statut Membre
       
      par contre depuis peu je n'ai plus mes gadget sur le bureau (ce n'est pas si grave mais...) et je ne peut plus ouvrir emule...c'est en rapport avec les scan ou...?
      0
      1. morgan44390 Messages postés 29 Statut Membre > morgan44390 Messages postés 29 Statut Membre
         
        Non fausse alerte, je viens de redémarrer l'ordi et tout est revenu sur le bureau, par contre tjrs ce satané message...
        0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    Merci ;-)
    0