Se connecter / S'enregistrer
Votre question

VIRUS google

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Septembre 2008 18:49:07

Bonjour ,
Voila mon probleme :

J'ai un virus qui me redirige vers une page publicitaire a chaque fois que je clique sur un lien de google quand j'ai fais une recherche. c'est assez voir
très embêtant. et je voudrais savoir si vous aviez une solution s'il vous plait .

j'ai fais un scan hijackthis et un fixwareout

Voici les rapports

HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:28, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\HPZipm12.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\wscntfy.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\windows\vVX3000.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A944F455-E460-479C-85C2-FB165E5931AB} - C:\windows\system32\pmnno.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C9284271-BBEB-4D42-933D-D95E9F47D0A3} - C:\windows\system32\pmnonnOi.dll (file missing)
O2 - BHO: (no name) - {F9C44C0B-D269-4746-894B-912E3CE1CEE6} - (no file)
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Dart trust] C:\DOCUME~1\JULIEN~1\APPLIC~1\MP3GRE~1\ball inter bows.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKCU\..\Policies\Explorer\Run: [{3C52FB74-07DA-1036-1110-051026040021}] "C:\Program Files\Fichiers communs\{3C52FB74-07DA-1036-1110-051026040021}\Update.exe" mc-110-12-0000272
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\CarbonPoker\CarbonPoker.lnk (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - Z:\Program Files\NFS p\PB\PnkBstrA.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\windows\SYSTEM32\VundoFixSVC.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JULIEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

et FIXWAREOUT ;

Username "Juliený" - 15/09/2008 18:34:43 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


PC crashed or was not allowed to reboot.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\windows\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"Wspn"=""
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"VX3000"="C:\\windows\\vVX3000.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime Alternative\\qttask.exe\" -atboottime"
"ppmate"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe -autoplay"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe -expressboot"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\windows\\system32\\NvMcTray.dll,NvTaskbarInit"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Dart trust"="C:\\DOCUME~1\\JULIEN~1\\APPLIC~1\\MP3GRE~1\\ball inter bows.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Autres pages sur : virus google

a b 8 Sécurité
15 Septembre 2008 19:02:07

Bonjour,

  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
    15 Septembre 2008 20:43:32

    Voila le rapport :D 

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\Documents and Settings\Julien¦\Local Settings\Temp\TDSSf66b.tmp 688128 bytes
    C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
    C:\WINDOWS\system32\tdssadw.dll 32768 bytes
    C:\WINDOWS\system32\tdssinit.dll 61440 bytes
    C:\WINDOWS\system32\tdssl.dll 20480 bytes
    C:\WINDOWS\system32\tdsslog.dll 12288 bytes
    C:\WINDOWS\system32\tdssmain.dll 12288 bytes
    C:\WINDOWS\system32\tdssserf.dll 12288 bytes
    C:\WINDOWS\system32\tdssservers.dat 176 bytes
    C:\WINDOWS\Temp\TDSS968e.tmp 384 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 1
    hidden files: 10
    Contenus similaires
    15 Septembre 2008 22:20:50

    j'ai fait cela mais il ne c'est rien passé , il ya eu une fenetre cmd disant qu'il y avait de fichier i,trouvable et elle a disparue apres
    a b 8 Sécurité
    16 Septembre 2008 12:25:04

    Refais un scan Catchme.
    16 Septembre 2008 19:21:02

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\Documents and Settings\Julien²\Local Settings\Temp\TDSSf66b.tmp 688128 bytes
    C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
    C:\WINDOWS\system32\tdssadw.dll 32768 bytes
    C:\WINDOWS\system32\tdssinit.dll 61440 bytes
    C:\WINDOWS\system32\tdssl.dll 20480 bytes
    C:\WINDOWS\system32\tdsslog.dll 12288 bytes
    C:\WINDOWS\system32\tdssmain.dll 12288 bytes
    C:\WINDOWS\system32\tdssserf.dll 12288 bytes
    C:\WINDOWS\system32\tdssservers.dat 176 bytes
    C:\WINDOWS\Temp\TDSS968e.tmp 384 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 1
    hidden files: 10
    16 Septembre 2008 19:26:11

    desolé je me suis trompé :

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\Documents and Settings\Julien▓\Local Settings\Temp\TDSSf66b.tmp 688128 bytes
    a b 8 Sécurité
    16 Septembre 2008 20:08:31

    Reposte un rapport Hijackthis.
    16 Septembre 2008 23:11:00

    et voici le rapport hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:10:50, on 16/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ICQLite\ICQLite.exe
    c:\program files\a-squared free\a2service.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\vVX3000.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\windows\system32\msiexec.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\system32\HPZipm12.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\RTHDCPL.EXE
    C:\windows\system32\wscntfy.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\windows\system32\NOTEPAD.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A944F455-E460-479C-85C2-FB165E5931AB} - C:\windows\system32\pmnno.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C9284271-BBEB-4D42-933D-D95E9F47D0A3} - C:\windows\system32\pmnonnOi.dll (file missing)
    O2 - BHO: (no name) - {F9C44C0B-D269-4746-894B-912E3CE1CEE6} - (no file)
    O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Dart trust] C:\DOCUME~1\JULIEN~1\APPLIC~1\MP3GRE~1\ball inter bows.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - HKCU\..\Policies\Explorer\Run: [{3C52FB74-07DA-1036-1110-051026040021}] "C:\Program Files\Fichiers communs\{3C52FB74-07DA-1036-1110-051026040021}\Update.exe" mc-110-12-0000272
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\CarbonPoker\CarbonPoker.lnk (HKCU)
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
    O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - Z:\Program Files\NFS p\PB\PnkBstrA.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\windows\SYSTEM32\VundoFixSVC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JULIEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

    --
    End of file - 11655 bytes
    a b 8 Sécurité
    17 Septembre 2008 12:37:36

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    17 Septembre 2008 16:20:55

    voila j'ai fait tous ca , le problème semble être résolu.je dis semble car avant hier il n'y avait plus le probleme et il est revenu aujourd'hui

    voila le rapport
    ComboFix 08-09-16.05 - Julien² 2008-09-17 14:25:41.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.546 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Julien²\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
    C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
    C:\Program Files\Fichiers communs\{3C52F~1
    C:\windows\BM3f61c847.txt
    C:\windows\BM3f61c847.xml
    C:\windows\pack.epk
    C:\windows\system32\actskn43.ocx
    C:\windows\system32\csyopomc.ini
    C:\windows\system32\dlutnlrj.ini
    C:\WINDOWS\system32\iOnnonmp.ini
    C:\WINDOWS\system32\iOnnonmp.ini2
    C:\windows\system32\kvhsuhrm.ini
    C:\windows\system32\lrtsrwyf.ini
    C:\windows\system32\mcrh.tmp
    C:\windows\system32\odvjxotq.ini
    C:\windows\system32\pxunfwrq.ini
    C:\windows\system32\rpdwuesw.ini
    C:\windows\system32\tdssinit.dll
    C:\windows\system32\tdssl.dll
    C:\windows\system32\tdsslog.dll
    C:\windows\system32\tdssmain.dll
    C:\windows\system32\tdssserf.dll
    C:\windows\system32\tdssservers.dat
    C:\windows\system32\ugrtzuw.dat
    C:\windows\system32\ugrtzuw_nav.dat
    C:\windows\system32\ugrtzuw_navps.dat
    C:\windows\system32\uninstall.exe
    C:\windows\system32\uwyeswrt.ini
    C:\windows\system32\vajyvsyi.ini
    C:\windows\system32\vlregmsk.ini
    C:\windows\system32\vnemkvlj.ini
    C:\windows\system32\vrmyrdlv.ini
    C:\windows\system32\wguppkqd.ini
    C:\windows\system32\xheixsyu.ini
    C:\Documents and Settings\Julien²\Application Data\inst.exe . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DOMAINSERVICE


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-17 au 2008-09-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-15 21:38 . 2008-09-16 23:15 <REP> d-------- C:\Program Files\Navilog1
    2008-09-15 17:45 . 2008-09-15 18:41 <REP> d-------- C:\fixwareout
    2008-09-14 21:36 . 2008-09-14 21:36 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-09-14 21:36 . 2008-09-14 21:36 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-09-14 01:50 . 2005-05-03 20:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
    2008-09-14 01:25 . 2008-09-14 01:25 <REP> d-------- C:\Program Files\Realtek AC97
    2008-09-13 20:44 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
    2008-09-13 10:53 . 2008-09-13 10:53 <REP> d-------- C:\Program Files\ma-config.com
    2008-09-13 10:53 . 2008-09-13 10:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-09-13 04:21 . 2008-09-13 04:21 <REP> d-------- C:\WINDOWS\system32\Attansic
    2008-09-13 04:21 . 2008-09-13 04:21 <REP> d-------- C:\Program Files\Attansic
    2008-09-13 04:21 . 2007-03-15 16:12 38,656 -ra------ C:\WINDOWS\system32\drivers\atl01_xp.sys
    2008-09-13 04:20 . 2007-03-23 21:04 4,423,680 -ra------ C:\WINDOWS\RtHDVCpl.exe
    2008-09-13 04:20 . 2007-03-21 20:58 1,844,224 -ra------ C:\WINDOWS\system32\RtkAPO.dll
    2008-09-13 04:20 . 2007-03-26 21:18 1,761,696 -ra------ C:\WINDOWS\system32\drivers\RTKVHDA.sys
    2008-09-13 04:20 . 2007-03-14 19:10 495,104 -ra------ C:\WINDOWS\system32\RtkPgExt.dll
    2008-09-13 04:20 . 2006-12-13 12:30 339,968 -ra------ C:\WINDOWS\system32\SRSTSXT.dll
    2008-09-13 04:20 . 2007-03-23 17:34 266,240 -ra------ C:\WINDOWS\system32\RtkApoApi.dll
    2008-09-13 04:20 . 2006-11-29 20:47 135,168 -ra------ C:\WINDOWS\system32\SRSWOW.dll
    2008-09-13 04:20 . 2007-03-22 16:30 18,432 -ra------ C:\WINDOWS\system32\RtkCoInst.dll
    2008-09-13 04:16 . 2008-09-13 04:16 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-09-13 04:08 . 2008-09-14 02:01 <REP> d-------- C:\WINDOWS\system32\RTCOM
    2008-09-13 04:08 . 2007-03-21 16:49 16,126,464 -r------- C:\WINDOWS\RTHDCPL.exe
    2008-09-13 04:08 . 2007-03-23 21:19 9,715,200 -r------- C:\WINDOWS\RTLCPL.exe
    2008-09-13 04:08 . 2007-03-26 21:21 4,395,008 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-09-13 04:08 . 2006-05-04 18:26 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
    2008-09-13 04:08 . 2006-10-11 19:42 2,157,568 -r------- C:\WINDOWS\MicCal.exe
    2008-09-13 04:08 . 2007-03-16 17:06 1,822,720 -r------- C:\WINDOWS\SkyTel.exe
    2008-09-13 04:08 . 2007-01-16 12:39 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe
    2008-09-13 04:08 . 2006-08-18 08:58 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl
    2008-09-13 04:06 . 2008-09-14 02:00 <REP> d-------- C:\Program Files\Realtek
    2008-09-13 04:06 . 2008-07-29 15:42 528,384 --a------ C:\WINDOWS\RtlExUpd.dll
    2008-09-13 04:06 . 2008-09-12 23:15 319,488 --a------ C:\WINDOWS\HideWin.exe
    2008-09-13 03:57 . 2008-09-13 03:57 <REP> d-------- C:\WINDOWS\ASUSInstAll
    2008-09-13 03:52 . 2008-09-13 03:52 <REP> d-------- C:\WINDOWS\system32\drivers\system32
    2008-09-13 03:52 . 2008-09-13 03:52 <REP> d-------- C:\WINDOWS\system32\drivers\INF
    2008-09-13 03:51 . 2008-09-13 03:51 <REP> d-------- C:\Program Files\Intel
    2008-09-13 03:51 . 2008-09-13 03:51 <REP> d-------- C:\Intel
    2008-09-13 03:50 . 2008-09-13 04:09 14,923 --a------ C:\WINDOWS\Ascd_log.ini
    2008-09-13 03:49 . 2008-09-13 03:49 <REP> dr------- C:\WINDOWS\AsDmiHtm
    2008-09-13 03:32 . 2008-09-14 01:57 14,690 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-09-13 03:32 . 2006-10-11 13:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2008-09-13 03:32 . 2004-08-13 20:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
    2008-09-13 03:22 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
    2008-09-13 03:22 . 2004-08-03 23:08 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys
    2008-09-13 03:20 . 2004-08-19 15:59 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
    2008-09-13 03:20 . 2004-08-19 15:59 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys
    2008-09-13 03:12 . 2007-10-04 18:14 136,260 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-09-13 03:06 . 2004-08-03 23:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
    2008-09-13 03:06 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
    2008-09-13 03:06 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
    2008-09-13 03:06 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
    2008-09-13 03:06 . 2001-08-17 21:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2008-09-13 03:06 . 2001-08-17 21:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
    2008-09-01 13:23 . 2008-09-01 18:41 <REP> d-------- C:\Program Files\Mastermax
    2008-08-18 21:02 . 2008-09-01 14:53 <REP> d-------- C:\Program Files\LimeWire Acceleration Patch

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-17 12:38 26,729,504 --sha-w C:\windows\system32\drivers\fidbox.dat
    2008-09-17 12:33 362,120 --sha-w C:\windows\system32\drivers\fidbox.idx
    2008-09-17 12:24 --------- d-----w C:\Program Files\Steam
    2008-09-15 15:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-09-14 22:25 --------- d-----w C:\Program Files\a-squared Free
    2008-09-13 02:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-07 14:22 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-09-05 20:25 --------- d-----w C:\Program Files\HyperLobbyPro3
    2008-09-03 15:04 --------- d-----w C:\Program Files\Condor
    2008-09-01 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-01 20:37 --------- d-----w C:\Program Files\SystemRequirementsLab
    2008-09-01 12:54 --------- d-----w C:\Program Files\Anti Trojan Elite
    2008-09-01 12:52 --------- d-----w C:\Program Files\DivX
    2008-09-01 10:05 --------- d-----w C:\Program Files\LimeWire
    2008-08-23 07:59 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-14 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-23 16:50 43,528 ------w C:\windows\system32\drivers\PxHelp20.sys
    2008-03-24 18:04 0 -c--a-w C:\Program Files\temp01
    2008-02-22 11:09 680 ----a-w C:\Program Files\mpc2.reg
    2008-02-22 11:09 596 ----a-w C:\Program Files\mpc1.reg
    2008-02-22 11:09 388 ----a-w C:\Program Files\mpc4.reg
    2008-02-22 11:09 3,476 ----a-w C:\Program Files\mpc7.reg
    2008-02-22 11:09 3,026 ----a-w C:\Program Files\mpc3.reg
    2008-02-22 11:09 18,156 ----a-w C:\Program Files\mpc6.reg
    2008-02-22 11:09 16,252 ----a-w C:\Program Files\mpc5.reg
    2008-02-22 11:09 1,658 ----a-w C:\Program Files\ffdssetts.reg
    2008-02-22 11:09 1,292 ----a-w C:\Program Files\ffdsasetts.reg
    2007-06-10 13:16 1,532 ----a-w C:\Program Files\FRAPSLOG.TXT
    2006-11-01 11:30 1,728,066 ----a-w C:\Program Files\fs9 2006-11-01 12-30-59-51.bmp
    2006-11-01 11:30 1,728,066 ----a-w C:\Program Files\fs9 2006-11-01 12-30-54-71.bmp
    2006-03-10 09:47 62,976 ----a-w C:\Documents and Settings\DirectX\DSETUP.dll
    2006-03-10 09:47 472,576 ----a-w C:\Documents and Settings\DirectX\dxsetup.exe
    2006-03-10 09:47 2,242,560 ----a-w C:\Documents and Settings\DirectX\dsetup32.dll
    2006-06-28 15:45 61 --sh--w C:\windows\cnerolf.dat
    2004-08-19 14:09 93,184 --sha-w C:\windows\BricoPacks\SysFiles\79_iexplore.exe
    2004-08-19 14:10 60,416 --sha-w C:\windows\BricoPacks\SysFiles\80_msimn.exe
    2007-02-24 13:58 56 --sh--r C:\windows\system32\25BAC6DCE0.sys
    2007-02-24 13:58 3,558 --sha-w C:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-28 1271032]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 20058152]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 165784]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-19 15360]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2004-07-22 2333776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 35328]
    "ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2004-07-22 2333776]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
    "VX3000"="C:\windows\vVX3000.exe" [2006-10-13 707376]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
    "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2006-10-25 282624]
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-11-23 1495123]
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
    "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 316728]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-20 262401]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
    "NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
    "nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3acm"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\ICQLite\\ICQLite.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "C:\\WINDOWS\\system32\\mcoinstall.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\ambrionx44\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\ambrionx44\\day of defeat source\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\ambrionx44\\counter-strike\\hl.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\IBServ.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\IBMegaServ.exe"=
    "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "Z:\\Program Files\\GameCenter\\GameCenter.exe"=
    "Z:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
    "Z:\\Program Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "Z:\\Program Files\\Battlefield 2142\\Battlefield 2142 files\\BF2142.exe"=
    "Z:\\Program Files\\Call of Duty 4\\COD4\\iw3mp.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "16079:TCP"= 16079:TCP:teechargements
    "16079:UDP"= 16079:UDP:telechargements
    "16078:TCP"= 16078:TCP:16078
    "16078:UDP"= 16078:UDP:16078
    "2003:TCP"= 2003:TCP:fs2004
    "2003:UDP"= 2003:UDP:ibnet
    "21000:TCP"= 21000:TCP:hamashi 21000
    "21000:UDP"= 21000:UDP:hamashi

    R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
    S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [ ]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\system32\DRIVERS\ggflt.sys [2008-06-16 13352]
    S3 imhidusb;Immersion's HID USB Driver;C:\windows\system32\DRIVERS\imhidusb.sys [2004-04-19 30984]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
    S3 maxidemo;Maxi_Vista_Demo_Driver;C:\windows\system32\DRIVERS\maxidemo.sys [ ]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\windows\system32\drivers\ScreamingBAudio.sys [ ]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d97f448-d149-11da-a006-0016171c2bdf}]
    \Shell\AutoRun\command - E:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3f2e34e-ce28-11da-9ffa-806d6172696f}]
    \Shell\AutoRun\command - D:\Setup.exe -check
    .
    Contenu du dossier 'Tƒches planifi‚es'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{A944F455-E460-479C-85C2-FB165E5931AB} - C:\windows\system32\pmnno.dll
    BHO-{F9C44C0B-D269-4746-894B-912E3CE1CEE6} - (no file)
    HKCU-Run-Dart trust - C:\DOCUME~1\JULIEN~1\APPLIC~1\MP3GRE~1\ball inter bows.exe
    HKLM-Run-Wspn - (no file)
    HKCU-Explorer_Run-{3C52FB74-07DA-1036-1110-051026040021} - C:\Program Files\Fichiers communs\{3C52FB74-07DA-1036-1110-051026040021}\Update.exe
    Notify-WgaLogon - (no file)


    .
    ------- Examen suppl‚mentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Julien²\Application Data\Mozilla\Firefox\Profiles\nivnxuv6.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-17 14:37:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    Z:\Program Files\NFS p\PB\PnkBstrA.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\ComboFix\pv.cfexe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-17 14:50:05 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-17 12:50:00

    Avant-CF: 12,139,433,984 octets libres
    AprŠs-CF: 12,008,796,160 octets libres

    293 --- E O F --- 2008-08-23 07:59:57


    Faut il faire encore quelquechose pour être sur que le virus est supprimé?
    a b 8 Sécurité
    17 Septembre 2008 17:05:32

    Reposte un rapport Hijackthis :) 
    17 Septembre 2008 17:25:55

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:25:22, on 17/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\a-squared free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\system32\HPZipm12.exe
    Z:\Program Files\NFS p\PB\PnkBstrA.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\wscntfy.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\windows\vVX3000.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\RTHDCPL.EXE
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: XBTP05231 Class - {031F120A-BBAF-45d8-B306-375F2A6B9398} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [VX3000] C:\windows\vVX3000.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Julien²\Menu Démarrer\Programmes\CarbonPoker\CarbonPoker.lnk (HKCU)
    O15 - Trusted Zone: http://locator.cdn.imageservr.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
    O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - Z:\Program Files\NFS p\PB\PnkBstrA.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\windows\SYSTEM32\VundoFixSVC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JULIEN~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

    --
    End of file - 11150 bytes


    Mais comment fait tu pour interpreter un truc comme ca ?? lol ca me parait enorme
    a b 8 Sécurité
    17 Septembre 2008 18:01:45

    Citation :
    Mais comment fait tu pour interpreter un truc comme ca ?? lol ca me parait enorme

    Nan ça va :D 

    Tu as d'autres soucis ?
    17 Septembre 2008 18:35:57

    bah le probleme est resolu d'apres toi?
    a b 8 Sécurité
    17 Septembre 2008 18:53:37

    Je pense.
    17 Septembre 2008 19:43:45

    bah merci beaucoup de ton aide heureusement que y a des gens comme vous pour nous aider parce que sinon qu'est ce qu'on ferai ?
    a b 8 Sécurité
    17 Septembre 2008 20:06:38

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS