Se connecter / S'enregistrer
Votre question

Fenètres intempestives qui apparaissent au démarrage de windows

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Octobre 2008 17:32:48

Bonjour je ne sais pas comment faire, j'ai des fenètres qui apparaissent sous internet explorer toutes seules, alors que j'utilise firefox.

Parfois on me demande d'analyser mon pc car on me dit qu'il est infecté, que faire ?

Merci de votre aide.

Autres pages sur : fenetres intempestives apparaissent demarrage windows

5 Octobre 2008 17:36:40

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:11, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\windows\system32\rrwnw64l.exe
C:\WINDOWS\system32\qcntmtdm.exe
C:\PROGRA~1\BITTOR~1\BitP.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mysidesearch search enhancer - {10234366-85e3-5b90-4600-63bc717165bb} - C:\WINDOWS\system32\farvliqpocjygxkrr.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A945A07E-7BCF-4F8F-9EED-6623A8111E46} - C:\WINDOWS\system32\amstrea.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: gooochi browser enhancer - {b1ccdafc-e976-a4b0-032e-636c91242f87} - C:\WINDOWS\system32\cskvpltafnyjltj.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: BitDownload BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll (file missing)
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{2C-C6-60-07-DW}] C:\windows\system32\rrwnw64l.exe DWbrk01FF
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntmtdm.exe DWbrk01FF
O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\BITTOR~1\BitP.exe
O4 - HKLM\..\Run: [skqmhldrisumfkksy] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cskvpltafnyjltj.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntmtdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rrwnw64l.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b3c5ab84fe844318935bb0909b8005ad
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b3c5ab84fe844318935bb0909b8005ad
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5961B7F-DD32-4ADA-8B7B-988D163D366D}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL sockspy.dll sockspy.dll sockspy.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 12634 bytes
Contenus similaires
a b 8 Sécurité
5 Octobre 2008 17:54:38

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    5 Octobre 2008 18:09:18

    je vais sur internet sans être protégé ???
    a b 8 Sécurité
    5 Octobre 2008 18:10:55

    Tu cliques juste sur mon lien oui.
    5 Octobre 2008 18:37:32

    voici le rapport :

    ComboFix 08-10-04.07 - HP_Propriétaire 2008-10-05 18:14:33.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.169 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ad.yieldmanager[2].txt
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
    C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\Program Files\Fichiers communs\WinSoftware
    C:\Program Files\SideFind
    C:\Program Files\SideFind\sfexd001
    C:\WINDOWS\dialerexe.ini
    C:\WINDOWS\system32\gside.exe
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    C:\WINDOWS\system32\qcntmtdm.exe
    C:\WINDOWS\system32\rrwnw64l.exe
    C:\WINDOWS\system32\rwwnw64d.exe
    C:\WINDOWS\system32\winpfz33.sys
    C:\WINDOWS\system32\zxdnt3d.cfg
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-05 16:22 . 2008-10-05 16:22 <REP> d-------- C:\Documents and Settings\All Users\Nouveau dossier
    2008-10-03 13:33 . 2008-10-03 13:33 156,672 --a------ C:\WINDOWS\system32\cskvpltafnyjltj.dll
    2008-10-02 18:47 . 2008-10-02 22:18 5,628 --a------ C:\WINDOWS\system32\Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostartoffice.exe
    2008-09-19 19:58 . 2008-10-03 08:42 116,992 --a------ C:\WINDOWS\system32\amstrea.dll
    2008-09-19 14:42 . 2008-09-19 14:42 351,232 --a------ C:\WINDOWS\system32\farvliqpocjygxkrr.dll
    2008-09-13 11:35 . 2008-09-13 11:35 <REP> d-------- C:\Program Files\MSECache
    2008-09-06 11:10 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-06 11:10 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-06 11:10 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-06 11:07 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-06 11:00 . 2008-09-06 11:00 <REP> d-------- C:\WINDOWS\EHome
    2008-09-06 10:35 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-05 11:41 --------- d-----w C:\Program Files\CDex_150
    2008-10-04 20:23 --------- d-----w C:\Program Files\eMule
    2008-10-04 20:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
    2008-10-04 20:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
    2008-10-04 20:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
    2008-10-04 15:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
    2008-10-04 15:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
    2008-10-04 15:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
    2008-09-12 20:46 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-08 12:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
    2008-08-08 12:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
    2008-08-08 12:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-06-03 08:08 31 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2007-06-03 08:08 31 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2007-03-14 11:49 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-02-20 16:05 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe
    2007-02-20 16:05 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe
    2007-02-20 16:05 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe
    2007-02-20 16:05 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys
    2007-02-20 16:05 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys
    2007-02-20 16:05 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys
    2004-10-29 18:49 12,832,340 ----a-w C:\Program Files\setup.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10234366-85e3-5b90-4600-63bc717165bb}]
    2008-09-19 14:42 351232 --a------ C:\WINDOWS\system32\farvliqpocjygxkrr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{658EA807-71EA-4E09-AF9C-AF4E37B7B296}]
    2008-10-03 08:42 116992 --a------ C:\WINDOWS\system32\amstrea.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A945A07E-7BCF-4F8F-9EED-6623A8111E46}]
    2008-10-03 08:42 116992 --a------ C:\WINDOWS\system32\amstrea.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1ccdafc-e976-a4b0-032e-636c91242f87}]
    2008-10-03 13:33 156672 --a------ C:\WINDOWS\system32\cskvpltafnyjltj.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-07 361832]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 497376]
    "LVCOMS"="C:\WINDOWS\system32\LVCOMS.EXE" [2003-06-27 135214]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-14 185896]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 243240]
    "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 283888]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "mobiswing"="C:\PROGRA~1\BITTOR~1\BitP.exe" [2007-11-10 40960]
    "skqmhldrisumfkksy"="C:\WINDOWS\system32\cskvpltafnyjltj.dll" [2008-10-03 156672]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.DVSD"= miroDV2avi.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
    --a------ 2006-05-12 09:24 454656 C:\Program Files\eoRezo\EoEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
    S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS [ ]
    S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2006-04-19 17280]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);C:\WINDOWS\system32\DRIVERS\O4501U.sys [2005-06-01 408064]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a75734a-bf65-11dc-81e6-00173ffc51ad}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e604027-2b2f-11dd-8291-0013d3b02c46}]
    \Shell\AutoRun\command - L:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{571503b8-d16e-11dc-8205-00173ffc51ad}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a63db99f-da58-11dc-8215-00173ffc51ad}]
    \Shell\AutoRun\command - L:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7258f11-33db-11dc-8125-0060b3ce3118}]
    \Shell\AutoRun\command - L:\LaunchU3.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-07-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-{2C-C6-60-07-DW} - C:\windows\system32\rrwnw64l.exe
    MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla\Firefox\Profiles\hgb8wo4b.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
    FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npMdm.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npvirtools.dll
    FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-05 18:21:22
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\snmp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-05 18:31:13 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-05 16:31:04

    Avant-CF: 97 032 253 440 octets libres
    Après-CF: 97,037,119,488 octets libres

    219 --- E O F --- 2008-09-14 20:46:45
    a b 8 Sécurité
    5 Octobre 2008 18:45:20

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\cskvpltafnyjltj.dll
    C:\WINDOWS\system32\Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostartoffice.exe
    C:\WINDOWS\system32\amstrea.dll
    C:\WINDOWS\system32\farvliqpocjygxkrr.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10234366-85e3-5b90-4600-63bc717165bb}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{658EA807-71EA-4E09-AF9C-AF4E37B7B296}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A945A07E-7BCF-4F8F-9EED-6623A8111E46}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1ccdafc-e976-a4b0-032e-636c91242f87}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "skqmhldrisumfkksy"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    5 Octobre 2008 19:20:29

    voici le rapport :
    ComboFix 08-10-04.07 - HP_Propriétaire 2008-10-05 19:11:25.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.165 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    C:\WINDOWS\system32\amstrea.dll
    C:\WINDOWS\system32\cskvpltafnyjltj.dll
    C:\WINDOWS\system32\Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostartoffice.exe
    C:\WINDOWS\system32\farvliqpocjygxkrr.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\amstrea.dll
    C:\WINDOWS\system32\cskvpltafnyjltj.dll
    C:\WINDOWS\system32\Dokumente und EinstellungenAll UsersStartmenuProgrammeAutostartoffice.exe
    C:\WINDOWS\system32\farvliqpocjygxkrr.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-05 16:22 . 2008-10-05 16:22 <REP> d-------- C:\Documents and Settings\All Users\Nouveau dossier
    2008-09-13 11:35 . 2008-09-13 11:35 <REP> d-------- C:\Program Files\MSECache
    2008-09-06 11:10 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\system32\fr
    2008-09-06 11:10 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\system32\bits
    2008-09-06 11:10 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\l2schemas
    2008-09-06 11:07 . 2008-09-06 11:10 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-09-06 11:00 . 2008-09-06 11:00 <REP> d-------- C:\WINDOWS\EHome
    2008-09-06 10:35 . 2004-08-04 00:38 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-05 11:41 --------- d-----w C:\Program Files\CDex_150
    2008-10-04 20:23 --------- d-----w C:\Program Files\eMule
    2008-10-04 20:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
    2008-10-04 20:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
    2008-10-04 20:20 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
    2008-10-04 15:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
    2008-10-04 15:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
    2008-10-04 15:28 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Canon
    2008-10-03 11:47 79,077 ----a-w C:\WINDOWS\system32\pjbetbnsejuhh.exe
    2008-09-19 17:58 90,948 ----a-w C:\WINDOWS\system32\farvliqpocjygxkrr.dll-uninst.exe
    2008-09-12 20:46 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-08 12:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
    2008-08-08 12:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
    2008-08-08 12:09 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\U3
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-15 08:49 152,098 ----a-w C:\WINDOWS\system32\g73.exe
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2007-06-03 08:08 31 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2007-06-03 08:08 31 ----a-w C:\Documents and Settings\HP_Propriétaire\getfile.dat
    2007-03-14 11:49 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2007-02-20 16:05 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe
    2007-02-20 16:05 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe
    2007-02-20 16:05 87,608 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe
    2007-02-20 16:05 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys
    2007-02-20 16:05 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys
    2007-02-20 16:05 47,360 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\pcouffin.sys
    2004-10-29 18:49 12,832,340 ----a-w C:\Program Files\setup.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-05_18.30.34.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-10-05 16:21:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-07 361832]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 497376]
    "LVCOMS"="C:\WINDOWS\system32\LVCOMS.EXE" [2003-06-27 135214]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-14 185896]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 243240]
    "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 283888]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
    "mobiswing"="C:\PROGRA~1\BITTOR~1\BitP.exe" [2007-11-10 40960]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.DVSD"= miroDV2avi.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
    --a------ 2006-05-12 09:24 454656 C:\Program Files\eoRezo\EoEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R2 fsssvc;Windows Live OneCare Contrôle parental;C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
    R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 77072]
    S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCMPR5.SYS [ ]
    S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PLCNDIS5.SYS [2006-04-19 17280]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 WN4501HLFZZ(Technology Corporation);802.11g Wireless USB Adapter(Technology Corporation);C:\WINDOWS\system32\DRIVERS\O4501U.sys [2005-06-01 408064]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a75734a-bf65-11dc-81e6-00173ffc51ad}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e604027-2b2f-11dd-8291-0013d3b02c46}]
    \Shell\AutoRun\command - L:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{571503b8-d16e-11dc-8205-00173ffc51ad}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a63db99f-da58-11dc-8215-00173ffc51ad}]
    \Shell\AutoRun\command - L:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7258f11-33db-11dc-8125-0060b3ce3118}]
    \Shell\AutoRun\command - L:\LaunchU3.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-07-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-05 19:14:01
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-05 19:18:48
    ComboFix-quarantined-files.txt 2008-10-05 17:18:24
    ComboFix2.txt 2008-10-05 16:31:14

    Avant-CF: 97 238 016 000 octets libres
    Après-CF: 97,223,372,800 octets libres

    191 --- E O F --- 2008-09-14 20:46:45
    a b 8 Sécurité
    5 Octobre 2008 19:36:43

    Le Hijackthis ?
    5 Octobre 2008 19:46:30

    non combo fix j'ai oublié de faire le hijackthis, je le fais de suite
    5 Octobre 2008 19:47:30

    le voici :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:47:09, on 05/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\BITTOR~1\BitP.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\BITTOR~1\BitP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b3c5ab84fe844318935bb0909b8005ad
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b3c5ab84fe844318935bb0909b8005ad
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B5961B7F-DD32-4ADA-8B7B-988D163D366D}: NameServer = 192.168.1.1
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 10463 bytes
    a b 8 Sécurité
    5 Octobre 2008 20:28:54

    Citation :
    non combo fix j'ai oublié de faire le hijackthis, je le fais de suite

    C'était ce que signifiait ma question : il manquait le rapport Hijackthis :) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    6 Octobre 2008 08:02:53

    Bonjour voici le rapport, par contre une fois quitté le mode sans échec et repassé en mode normal, lors de l'allumage de windows une nouvelle fenètre est apparue !!!



    Malwarebytes' Anti-Malware 1.28
    Database version: 1230
    Windows 5.1.2600 Service Pack 3

    06/10/2008 07:14:07
    mbam-log-2008-10-06 (07-14-07).txt

    Scan type: Full Scan (C:\|D:\|G:\|)
    Objects scanned: 158991
    Time elapsed: 9 hour(s), 3 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\YourSiteBar (Adware.ISTBar) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\BitTorrent Fastest Tool\DWbrk01.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rrwnw64l.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\rwwnw64d.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000006.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000007.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000014.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\YourSiteBar\imagemap_over.bmp (Adware.ISTBar) -> Quarantined and deleted successfully.
    C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    6 Octobre 2008 17:13:09

    Reposte un rapport Hijackthis.
    6 Octobre 2008 17:48:16

    le voilà :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:47:44, on 06/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\BITTOR~1\BitP.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\BITTOR~1\BitP.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b3c5ab84fe844318935bb0909b8005ad
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b3c5ab84fe844318935bb0909b8005ad
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B5961B7F-DD32-4ADA-8B7B-988D163D366D}: NameServer = 192.168.1.1
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 10755 bytes
    a b 8 Sécurité
    6 Octobre 2008 17:57:59

    Désinstalle torrent_search.
    6 Octobre 2008 18:12:09

    comment je fais ?
    a b 8 Sécurité
    6 Octobre 2008 18:18:46

    Via Ajout/Suppression de programmes.
    6 Octobre 2008 18:39:28

    ok c'est fait
    a b 8 Sécurité
    6 Octobre 2008 20:03:43

    Reposte un rapport Hijackthis.
    6 Octobre 2008 20:20:39

    Voilà :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:19:18, on 06/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT641614
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b3c5ab84fe844318935bb0909b8005ad
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b3c5ab84fe844318935bb0909b8005ad
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B5961B7F-DD32-4ADA-8B7B-988D163D366D}: NameServer = 192.168.1.1
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 10397 bytes
    6 Octobre 2008 21:31:10

    voila :

    Avira AntiVir Personal- Free AntiVirus
    *************************************

    Copyright © 2008 Avira GmbH.
    All rights reserved.


    Inhalt
    ******

    0 Important information
    1 System requirements
    2 Important requirements for an installation
    3 Support service
    4 Contact address


    0 Important information
    ***********************

    Users who have up to now installed an ANSI version of the Avira
    AntiVir Personal software pack on a Microsoft
    Windows 2000 or Microsoft Windows XP operating system, receive
    update information when attempting to update.

    When updating, please proceed as follows:

    1. Deinstall the installed version of the Avira AntiVir
    Personal.
    2. Download a current software pack from the downoad section of the
    Avira AntiVir Personal website
    http://www.free-av.com.
    3. Install this software pack on your computer.

    1 System requirements
    *********************

    In order for Avira AntiVir Personal to run properly, the computer
    system must fulfill the following requirements:

    - Computer: Pentium or higher, at least 266 MHz

    - Operating system
    - Microsoft Windows Vista (32 or 64 bit) or
    - Microsoft Windows XP Home or Professional (32 or 64 bit), SP 2
    recommended or
    - Microsoft Windows 2000, SP 4 recommended

    The display of the program interfaces can differ, depending on the
    operating system used.

    - 30 MB free memory on the hard disk (more if quarantine is used)

    - Min. 100 MB temporary memory on the hard disk

    - Min. 192 MB RAM (Windows XP or Professional)

    - Min. 512 MB RAM (Windows Vista)

    - For the installation of Avira AntiVir Personal:
    administrator rights



    2 Important requirements for an installation
    ********************************************

    Ensure that the following requirements are fulfilled so that Avira
    AntiVir Personal works properly on your computer:

    - System requirements fulfilled
    - No other on-access scanner (also called Guard) installed
    - Installer has administrator rights
    - Internet/Intranet connection available
    - All running programs on the computer exited


    3 Support service
    *****************

    All relevant information concerning our comprehensive support service
    can be found on our website http://www.avira.com/classic-support.



    4 Contact
    *********

    If you have any questions or requests concerning the Avira AntiVir
    Personal product range, we will be pleased to help you. You find our
    contact addresses on the internet at http://www.free-av.com/contact.


    7 Octobre 2008 07:12:41

    bonjour, voila le rapport :

    Avira AntiVir Personal
    Report file date: lundi 6 octobre 2008 21:35

    Scanning for 1664700 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NOM-EB85C523610

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:32:39
    ANTIVIR3.VDF : 7.0.7.1 279552 Bytes 06/10/2008 19:32:42
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 06/10/2008 19:33:02
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 06/10/2008 19:33:01
    AEPACK.DLL : 8.1.2.3 364918 Bytes 06/10/2008 19:32:58
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 06/10/2008 19:32:56
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 06/10/2008 19:32:54
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 06/10/2008 19:32:47
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 06/10/2008 19:32:44
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 06/10/2008 19:32:43
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, G:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 6 octobre 2008 21:35

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'ntvdm.exe' - '1' Module(s) have been scanned
    Scan process 'jucheck.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'fsssvc.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process '9wifi.exe' - '1' Module(s) have been scanned
    Scan process 'fssui.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    42 processes with 42 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD5
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'G:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '58' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\HP_Propriétaire\Bureau\Navilog1.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.99 dropper
    [NOTE] The file was moved to '496069e9.qua'!
    C:\Program Files\Navilog1\Backupnavi\iyaiui.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '494b761d.qua'!
    C:\Program Files\Navilog1\Backupnavi\wsoxghy.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '49597618.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\amstrea.dll.vir
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE] The file was moved to '495d7705.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\qcntmtdm.exe.vir
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE] The file was moved to '495876fb.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP2\A0000013.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE] The file was moved to '491a76cf.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP3\A0000080.dll
    [DETECTION] Is the TR/BHO.Gen Trojan
    [NOTE] The file was moved to '491a76d2.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP3\A0000127.exe
    [DETECTION] Is the TR/Downloader.Gen Trojan
    [NOTE] The file was moved to '491a76d4.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0000303.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.99 dropper
    [NOTE] The file was moved to '491a76db.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0000304.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '491a76dc.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP5\A0000305.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to '48944ba5.qua'!
    Begin scan in 'D:\' <HP_RECOVERY>
    Begin scan in 'G:\'


    End of the scan: lundi 6 octobre 2008 22:58
    Used time: 1:23:01 Hour(s)

    The scan has been done completely.

    10532 Scanning directories
    518711 Files were scanned
    11 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    11 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    518698 Files not concerned
    15780 Archives were scanned
    6 Warnings
    11 Notes

    a b 8 Sécurité
    7 Octobre 2008 12:42:40

    Reposte un rapport Hijackthis.
    7 Octobre 2008 17:01:18

    le voilà :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:01:01, on 07/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\LVCOMS.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT641614
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVCOMS.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b3c5ab84fe844318935bb0909b8005ad
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b3c5ab84fe844318935bb0909b8005ad
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B5961B7F-DD32-4ADA-8B7B-988D163D366D}: NameServer = 192.168.1.1
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 10192 bytes
    a b 8 Sécurité
    7 Octobre 2008 17:51:54

    Re,

    Encore des soucis ?

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    10 Octobre 2008 22:35:30

    voilà c'est fait, il semblerait que je n'ai plus de fenètres !!Merci
    a b 8 Sécurité
    11 Octobre 2008 12:56:59

    Bon surf.
    12 Octobre 2008 11:28:25

    un grand merci à bientôt !!!
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS