A l'attention de ryzy 66

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 800

23:58:12 06/06/2008
mbam-log-6-6-2008 (23-58-12).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 106303
Temps écoulé: 1 hour(s), 25 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWay) -> Quarantined and deleted successfully. encore merci a toi marie ainsi qu'a tous voici encore un raport

lyonnais92 mon ordi fonctionne apparament bien si j'ai d'autre problemes je raplique dessuite merci de m'avoir consacrer un peut de ton temps

bonjour lyonnais92 suije obliger de passer par internet explorer moi mon navigateur c'est orange!!! c'est pas pareil .

KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 3:33:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/06/2008
Kaspersky Anti-Virus database records: 836748


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 71213
Number of viruses found 3
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 01:40:27

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_Compress_20060407_201508_1_1 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_PC_CHK.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Progress_log_Compress.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{A85D9A34-07EF-46BD-AEB4-5912F132866E}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\guasch eric\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Application Data\Kiwee Toolbar2\Logs\KiweeHook.log Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Application Data\Kiwee Toolbar2\Logs\KiweeIEToolbar.log Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Historique\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temp\sqlite_06s5eRPJmCbTJDC Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temp\sqlite_i8oIasqw3TfOfbB Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temp\sqlite_p0NL1vZyZm5ZdQM Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temp\sqlite_WKqesMD5PTKbeh7 Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temp\~DF6793.tmp Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temp\~DFADA0.tmp Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temp\~DFD3CE.tmp Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\guasch eric\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\guasch eric\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\guasch eric\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-06-07.11-24-49.log Object is locked skipped

C:\Program Files\Dlls\blessed.exe Infected: Trojan.BAT.Netstop.aa skipped

C:\Program Files\Dlls\power2.exe Infected: Trojan.Win32.VB.dcl skipped

C:\Program Files\Orange\Config\User0\Browser\Links.db Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP254\A0090907.exe Infected: Trojan.Win32.Obfuscated.aqn skipped

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP282\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\msdwm.exe Infected: Trojan.Win32.VB.dcl skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd1197.sys Object is locked skipped

C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\mcmsc_kUBeMpPqVRAVPeN Object is locked skipped

C:\WINDOWS\Temp\mcmsc_mzPYFaeA4RIIF6F Object is locked skipped

C:\WINDOWS\Temp\sqlite_qIgeJh93bTgSifN Object is locked skipped

C:\WINDOWS\Temp\sqlite_t256V7LDsR5g9Po Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
voila le rapport de kaspersky la je continu merci a+ c'est un peut long

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:47, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\guasch eric\Bureau\scan.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TrayMin220.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5311/mcfscan.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

hello loynnais92 pour le spouleur d'impression l'etat est :déma... le type de demarage est :automatique

le centre de securite :déma et automatique


le gestionnaire de disque dans etat ya rien et pour l'autre :manuel
je te remerci encore la je continue ce que tu me dit. a tout al

Deckard's System Scanner v20071014.68
Run by guasch eric on 2008-06-07 21:21:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2008-06-07 19:22:07 UTC - RP283 - Deckard's System Scanner Restore Point
66: 2008-06-06 22:29:39 UTC - RP282 - Supprimé Dell Media Experience
65: 2008-06-06 18:32:17 UTC - RP281 - ComboFix created restore point
64: 2008-06-06 12:24:54 UTC - RP280 - Removed SweetIM Toolbar for Internet Explorer 3.1
63: 2008-06-06 11:16:33 UTC - RP279 - Removed SweetIM for Messenger 2.5


-- First Restore Point --
1: 2008-04-08 11:43:33 UTC - RP217 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 510 MiB (512 MiB recommended)./color


-- HijackThis (run as guasch eric.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:10, on 07/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\guasch eric\Bureau\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\GUASCH~1\Bureau\guasch eric.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TrayMin220.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5311/mcfscan.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

ComboFix 08-06-05.3 - guasch eric 2008-06-07 23:31:12.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.293 [GMT 2:00]
Endroit: C:\Documents and Settings\guasch eric\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))))))))
.

2008-06-07 23:31 . 2008-06-07 23:31 <REP> d-------- C:\Program Files\Wanadoo
2008-06-07 22:43 . 2008-06-07 22:43 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-06-07 21:21 . 2008-06-07 21:21 <REP> d----c--- C:\Deckard
2008-06-07 17:22 . 2008-06-07 17:22 6,115,448 --a--c--- C:\Firefox Setup 2.0.0.14.exe
2008-06-07 16:44 . 2008-06-07 16:45 <REP> d----c--- C:\bfu
2008-06-07 16:43 . 2008-06-07 16:43 78,686 --a--c--- C:\bfu.zip
2008-06-07 11:50 . 2008-06-07 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-07 10:39 . 2008-06-07 10:39 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-06 22:18 . 2008-06-06 22:18 <REP> d-------- C:\Documents and Settings\guasch eric\Application Data\Malwarebytes
2008-06-06 22:12 . 2008-06-06 22:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 22:12 . 2008-06-06 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 22:12 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 22:12 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-05 23:09 . 2008-06-05 23:09 <REP> d-------- C:\WINDOWS\McAfee.com
2008-06-05 17:27 . 2008-06-05 17:27 268 --ah-c--- C:\sqmdata00.sqm
2008-06-05 17:27 . 2008-06-05 17:27 244 --ah-c--- C:\sqmnoopt00.sqm
2008-06-04 21:46 . 2008-06-04 21:46 <REP> d-------- C:\Program Files\Dlls
2008-06-04 21:46 . 2008-06-03 03:01 61,444 -r-hs---- C:\WINDOWS\msdwm.exe
2008-05-31 01:53 . 2008-05-31 01:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-05-31 01:50 . 2008-05-31 01:51 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-27 23:53 . 2008-05-31 01:50 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-18 17:53 . 2008-05-19 11:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 17:23 . 2008-05-16 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2008-05-16 17:21 . 2008-06-05 22:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
2008-05-12 23:02 . 2008-05-12 23:02 0 --a--c--- C:\DMguard.dll
2008-05-11 02:41 . 2008-05-11 02:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-05-10 11:07 . 2008-05-10 11:07 <REP> d-------- C:\Documents and Settings\guasch eric\Application Data\Steinberg
2008-05-10 11:03 . 2008-05-10 13:14 <REP> d-------- C:\Program Files\Steinberg

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-06 22:29 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-06-06 11:22 --------- d-----w C:\Program Files\McAfee
2008-06-06 11:11 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:11 --------- d-----w C:\Program Files\AVS4YOU
2008-06-04 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-02 20:22 230,432 -c--a-w C:\SPC220NC.DAT
2008-05-31 23:08 --------- d-----w C:\Program Files\eMule
2008-05-11 21:53 6,686 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-11 20:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-11 20:42 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\AdobeUM
2008-05-08 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-01 09:25 --------- d-----w C:\Program Files\Orange
2008-05-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-04-29 22:47 --------- d-----w C:\Program Files\TmNationsForever
2008-04-28 22:42 --------- d-----w C:\Program Files\McAfee.com
2008-04-28 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-28 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-28 22:34 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-04-28 19:55 --------- d-----w C:\Program Files\Google
2008-04-22 20:24 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-20 22:05 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\AVS4YOU
2008-04-20 13:10 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\McAfee
2008-04-18 10:58 --------- d-----w C:\Program Files\Corel
2008-04-18 10:48 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-04-15 18:55 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\ArcSoft
2008-04-14 09:21 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-04-11 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 13:17 --------- d-----w C:\Program Files\ArcSoft
2008-04-11 13:16 --------- d-----w C:\Program Files\Philips
2008-04-11 13:14 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\InstallShield
2008-04-08 18:32 --------- d-----w C:\Program Files\Windows Live
2008-04-08 18:31 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-08 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 16:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-08 10:27 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-04-08 10:22 --------- d-----w C:\Program Files\Securitoo
2008-04-08 10:22 --------- d-----w C:\Program Files\Inventel
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-06_20.40.29,09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 11:21:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-07 15:02:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-06 15:08:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-07 18:00:12 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-06 15:08:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-07 18:00:12 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-06-06 15:08:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-07 18:00:12 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 21:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 21:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 21:23 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-23 06:20 98304]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"Monitor"="C:\WINDOWS\Philips\SPC220NC\Monitor.exe" [2006-11-03 11:01 319488]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 10:51 56456]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-15 21:56:13 124400]
TrayMin220.lnk - C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2008-04-11 15:16:51 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
R3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 17:59]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-28 22:34:05 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-31 23:00:52 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2006-03-29 21:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 23:34:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\GUASCH~1\LOCALS~1\Temp\mc21.tmp"
.
Temps d'accomplissement: 2008-06-07 23:36:23
ComboFix-quarantined-files.txt 2008-06-07 21:36:11
ComboFix2.txt 2008-06-06 18:41:18

Pre-Run: 8,911,798,272 octets libres
Post-Run: 8,980,791,296 octets libres

197 --- E O F --- 2008-05-31 19:58:10
re re je n'ai pas eu besoins de le telecharger je l'ai fais hier soir
par contre j'ai un autre probleme quant l'ordi se ralume au quant j'ouvre un fichier j'ai une petite fenetre qui s'ouvre
"PRELOAD DELL France installer"
"error 1706 N° valid source could be for product preload dell france installerthe windos installer cannot continue desoler de te deranger encore et merci

pour repondre aussi a ton impression il y a que deux mois que j'ai internet. les deux premier jour l'anti virus n'etait vraiment pas a jour il daté de 2006 c'est peut etre pour ca qu'il a laisser passer quelque choses ....
pour le problemes de preload dell ca me l'a fait il y a au moins un an ... je suis arrivé" a m'en debarasser en faisant une restauration la je ne sais pas si je peut en faire une avec tous ce que j'ai fait aujourd'huit
l

la je t'abandonne je reviendrer demains je commence a avoir les yeux carrés bone nuit a toi

ComboFix 08-06-05.3 - guasch eric 2008-06-08 11:06:10.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.253 [GMT 2:00]
Endroit: C:\Documents and Settings\guasch eric\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\guasch eric\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\msdwm.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Dlls
C:\Program Files\Dlls\blessed.exe
C:\Program Files\Dlls\power2.exe
C:\Program Files\Dlls\start.bat
C:\WINDOWS\msdwm.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))))))))
.

2008-06-07 22:43 . 2008-06-07 22:43 <REP> d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2008-06-07 21:21 . 2008-06-07 21:21 <REP> d----c--- C:\Deckard
2008-06-07 17:22 . 2008-06-07 17:22 6,115,448 --a--c--- C:\Firefox Setup 2.0.0.14.exe
2008-06-07 16:44 . 2008-06-07 16:45 <REP> d----c--- C:\bfu
2008-06-07 16:43 . 2008-06-07 16:43 78,686 --a--c--- C:\bfu.zip
2008-06-07 11:50 . 2008-06-07 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-07 10:39 . 2008-06-07 10:39 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-06 22:18 . 2008-06-06 22:18 <REP> d-------- C:\Documents and Settings\guasch eric\Application Data\Malwarebytes
2008-06-06 22:12 . 2008-06-06 22:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 22:12 . 2008-06-06 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 22:12 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-06 22:12 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-05 23:09 . 2008-06-05 23:09 <REP> d-------- C:\WINDOWS\McAfee.com
2008-06-05 17:27 . 2008-06-05 17:27 268 --ah-c--- C:\sqmdata00.sqm
2008-06-05 17:27 . 2008-06-05 17:27 244 --ah-c--- C:\sqmnoopt00.sqm
2008-05-31 01:53 . 2008-05-31 01:53 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-05-31 01:50 . 2008-05-31 01:51 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-27 23:53 . 2008-05-31 01:50 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-05-18 17:53 . 2008-05-19 11:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 17:23 . 2008-05-16 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2008-05-16 17:21 . 2008-06-05 22:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
2008-05-12 23:02 . 2008-05-12 23:02 0 --a--c--- C:\DMguard.dll
2008-05-11 02:41 . 2008-05-11 02:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-05-10 11:07 . 2008-05-10 11:07 <REP> d-------- C:\Documents and Settings\guasch eric\Application Data\Steinberg
2008-05-10 11:03 . 2008-05-10 13:14 <REP> d-------- C:\Program Files\Steinberg

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-06 22:29 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-06-06 11:22 --------- d-----w C:\Program Files\McAfee
2008-06-06 11:11 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-06-06 11:11 --------- d-----w C:\Program Files\AVS4YOU
2008-06-04 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-02 20:22 230,432 -c--a-w C:\SPC220NC.DAT
2008-05-31 23:08 --------- d-----w C:\Program Files\eMule
2008-05-11 21:53 6,686 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-11 20:44 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-11 20:42 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\AdobeUM
2008-05-08 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-01 09:25 --------- d-----w C:\Program Files\Orange
2008-05-01 09:25 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-04-29 22:47 --------- d-----w C:\Program Files\TmNationsForever
2008-04-28 22:42 --------- d-----w C:\Program Files\McAfee.com
2008-04-28 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-28 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-28 22:34 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-04-28 19:55 --------- d-----w C:\Program Files\Google
2008-04-22 20:24 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-20 22:05 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\AVS4YOU
2008-04-20 13:10 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\McAfee
2008-04-18 10:58 --------- d-----w C:\Program Files\Corel
2008-04-18 10:48 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-04-15 18:55 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\ArcSoft
2008-04-14 09:21 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-04-11 13:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 13:17 --------- d-----w C:\Program Files\ArcSoft
2008-04-11 13:16 --------- d-----w C:\Program Files\Philips
2008-04-11 13:14 --------- d-----w C:\Documents and Settings\guasch eric\Application Data\InstallShield
2008-04-08 18:32 --------- d-----w C:\Program Files\Windows Live
2008-04-08 18:31 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-08 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-08 16:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-08 10:27 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-04-08 10:22 --------- d-----w C:\Program Files\Securitoo
2008-04-08 10:22 --------- d-----w C:\Program Files\Inventel
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-06_20.40.29,09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 11:21:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 07:35:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-06 15:08:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-08 07:41:30 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-06 15:08:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-06-08 07:41:30 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-06-06 15:08:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-08 07:41:30 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-10 11:01:42 185,016 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-08 07:35:11 185,816 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-05-24 10:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 13:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 13:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll [2008-04-03 10:52 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37 1057280]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 21:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 21:22 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 21:19 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 21:23 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-23 06:20 98304]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 19:17 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 19:30 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"Monitor"="C:\WINDOWS\Philips\SPC220NC\Monitor.exe" [2006-11-03 11:01 319488]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 10:51 56456]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-15 21:56:13 124400]
TrayMin220.lnk - C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2008-04-11 15:16:51 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
R3 SPC220NC;Philips SPC220NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC220NC.SYS [2007-01-09 17:59]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-28 22:34:05 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-31 23:00:52 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2006-03-29 21:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 11:09:11
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\GUASCH~1\LOCALS~1\Temp\mc27.tmp"
.
Temps d'accomplissement: 2008-06-08 11:11:16
ComboFix-quarantined-files.txt 2008-06-08 09:11:10
ComboFix2.txt 2008-06-07 21:36:24
ComboFix3.txt 2008-06-06 18:41:18

Pre-Run: 8,874,414,080 octets libres
Post-Run: 8,899,117,056 octets libres

209 --- E O F --- 2008-05-31 19:58:10
bonjour a toi et bon dimanche là je vais me deconnaictais et lancer hijack merci a+

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:33, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\guasch eric\Bureau\guasch eric.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TrayMin220.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5311/mcfscan.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

hello!!! j'ai un problèmes??? quant j'allume mon ordi j'ai une fenètre qui s'ouvre dedans il y a marquer PRELOAD DELL France installer
the feature you are trying to use on a netxork resource that is unavailable

cclik OK to try again.or enter an alternat path to a folder containing the installation package "PRELOAD DELL France installer.msi" in the box below

Je clik sur OK et ca m'ouvre une autr fenetre ou il y a marquer

the path
"c:\document~1\guasch~1\locals~1\temp\-is2~\PRELOAD DELL France installer.msi" cannot be found.
verify that you have access to this location and try again,or try to find the installation package "PRELOAD DELL France installer.msi" ina folder from which you can install the product.


je click sur ok ca ne fait rien. quant j'essais de fermer ca me marque
"error 1706.N°VALID SOURCE could be found for product PRELOAD DELL France installer
the windows installer cannot continu

voila je comprant rient en anglais si tu peut me traduire sa c'est super cool de ta part merci encore pour tout... , pour le reste ca roule

bonjour lyonnais 92 comment va tu ? moi sa va aprés une bonne saison. a par l'ordi qui rame grave . c'est pour ca que je me permait de coller ici un rapport combofix si tu peut me dire ce que tu en pense . je te remerci par avance et te souhaite une bonne journée









ComboFix 08-11-20.02 - guasch eric 2008-11-21 13:31:05.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.214 [GMT 1:00]
Lancé depuis: c:\documents and settings\guasch eric\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\documents\setup.exe
c:\windows\win32t4.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 ))))))))))))))))))))))))))))))))))))
.

2008-11-12 14:55 . 2008-11-12 14:55 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-12 14:55 . 2008-11-12 14:55 1,409 --a------ c:\windows\QTFont.for
2008-11-09 01:11 . 2008-11-09 01:14 <REP> d----c--- C:\Temp
2008-10-27 19:54 . 2008-10-27 19:54 <REP> d-------- c:\documents and settings\guasch eric\Application Data\Creative
2008-10-27 19:54 . 2008-10-27 19:54 409,600 --a------ c:\windows\system32\wrap_oal.dll
2008-10-27 19:54 . 2008-10-27 19:54 114,688 --a------ c:\windows\system32\OpenAL32.dll
2008-10-27 19:53 . 2008-10-27 19:54 <REP> d-------- c:\windows\system32\data
2008-10-26 01:05 . 2008-10-26 01:05 29 --a------ c:\windows\system32\oqdieauf.tmp
2008-10-25 13:21 . 2008-10-25 13:52 <REP> d-------- c:\windows\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 06:26 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-20 21:22 --------- d-----w c:\documents and settings\guasch eric\Application Data\OpenOffice.org2
2008-11-18 10:59 --------- d-----w c:\program files\McAfee
2008-11-16 02:44 --------- d-----w c:\program files\eMule
2008-11-07 21:53 6,686 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-11-07 04:41 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-30 17:33 --------- d-----w c:\program files\Burn4Free
2008-10-27 22:11 --------- d-----w c:\program files\DivX
2008-10-26 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-19 14:05 --------- d-----w c:\documents and settings\guasch eric\Application Data\OnlineStorage
2008-10-19 13:43 --------- d-----w c:\program files\mes données
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-09 21:02 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-09 20:44 --------- d-----w c:\program files\Google
2008-10-02 16:29 --------- d-----w c:\program files\VirtualDJ
2008-10-02 16:28 --------- d-----w c:\documents and settings\guasch eric\Application Data\MSNInstaller
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 21:46 --------- d-----w c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-09-29 21:40 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-25 21:21 --------- d-----w c:\program files\Windows Live Safety Center
2008-09-22 11:01 --------- d-----w c:\program files\Kiwee Toolbar
2008-09-22 11:01 --------- d-----w c:\documents and settings\LocalService\Application Data\agi
2008-09-22 11:01 --------- d-----w c:\documents and settings\guasch eric\Application Data\agi
2008-09-22 11:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2008-09-22 10:59 --------- d-----w c:\documents and settings\All Users\Application Data\agi
2008-09-22 10:58 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-09-22 10:58 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-09-22 10:58 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2008-09-22 10:58 --------- d-----w c:\program files\AGI
2008-09-16 16:26 1,332,197 ----a-w c:\windows\system32\pythondll.zip
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-09-22 12:01 277648 --a------ c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-09-22 277648]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll" [2008-09-22 277648]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-23 98304]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur d’état.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur d’état.lnk
backup=c:\windows\pss\Contrôleur d’état.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin220.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin220.lnk
backup=c:\windows\pss\TrayMin220.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^guasch eric^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\guasch eric\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2005-08-31 12:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 10:01 319488 c:\windows\Philips\SPC220NC\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=

R2 AGWinService;AG Windows Service;"c:\program files\AGI\common\win32\PythonService.exe" [2008-09-22 10240]
R3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\DRIVERS\SPC220NC.SYS [2008-04-11 507136]
S2 proqssrv;proqssrv;\??\c:\windows\system32\drivers\proqssrv.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-06-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2006-03-29 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-05 13:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKLM-Run-mapkgvai - c:\windows\mapkgvai.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\guasch eric\Application Data\Mozilla\Firefox\Profiles\o1s3wa7g.default\
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 13:34:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\GUASCH~1\LOCALS~1\Temp\mc28.tmp"
.
Heure de fin: 2008-11-21 13:37:25
ComboFix-quarantined-files.txt 2008-11-21 12:36:48
ComboFix2.txt 2008-06-08 09:11:18

Avant-CF: 16 435 736 576 octets libres
Après-CF: 16,548,073,472 octets libres

177 --- E O F --- 2008-11-12 23:03:22

je pense que oui.mais ou? ca c'est une autre histoire!!! si j'enleve le programme mon ordi ne risque rient ? au sinon ou pourraige trouver ca. merci

merci pour tous lyonnais92 ya plus de problemes .. juste un petit dernier truc je garde tous ce que j'ai telecharger ou pas ya msnfix mbam malware dss.exe kaspersky combofix hijakthis apres ca je crois que ce sera tout
heureusement qu'il y a encore des gens comme vous

je te remerci.je ferais ca demain,la je vais me coucher demain je me lève a 6h30 bonne nuit a toi

hello merci pour ta reponse si rapide
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1414
Windows 5.1.2600 Service Pack 2

22/11/2008 03:51:19
mbam-log-2008-11-22 (03-51-19).txt

Type de recherche: Examen rapide
Eléments examinés: 54766
Temps écoulé: 4 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voila pour ca merci et bonne nuit ou bonne journée