Votre question

[RESOLU] SOS multi virus

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Août 2008 12:22:08

Bonjour, je sais vraiment pas terrible...

j'ai recuperer donc antivirus 2008 pro, vista antivirus 2008 et antivirus 2008 xp,
je ne sais pas si je peux faire un hijackthis car j'ai du mal à me connecter à internet,
s'il y a autre chose à faire que de formater ce serait cool de m'aider ;) 
Merci

Autres pages sur : resolu sos multi virus

26 Août 2008 12:39:47

Bonjour,

On va quand même essayer.

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    26 Août 2008 13:35:51

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:35: VIRUS ALERT!, on 26/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\tppaldr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\system32\PL15Co2K.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: fdkowvbp - {65952D7F-B04B-4D60-99FF-77662FE2D2EF} - C:\WINDOWS\fdkowvbp.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [FX] C:\WINDOWS\Downloaded Program Files\ieloader.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
    O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\jeu\LOCALS~1\Temp\scksexde.exe/r
    O4 - HKLM\..\Run: [Sys2.exe] C:\Windows\Sys2.exe
    O4 - HKLM\..\Run: [000062bf] rundll32.exe "C:\WINDOWS\system32\nsuwxmca.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
    O4 - HKCU\..\Run: [Sys2.exe] C:\Windows\Sys2.exe
    O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: 67.19.178.84 (HKLM)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0....
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.ca...
    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers....
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.c...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/BUM_WIN_IE_2/a...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.ca...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_1...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab566...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/h...
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.c...
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0....
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://sympatico.zone.msn.com/bingame/popcaploader_v10....
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt....
    O21 - SSODL: wnslvxtf - {41CFB977-A353-48EF-9A90-B2438B72191F} - C:\WINDOWS\wnslvxtf.dll
    O21 - SSODL: eqvwamkl - {7D38421E-C9FC-4E28-B543-BAC1858B4D52} - C:\WINDOWS\eqvwamkl.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 11521 bytes
    Contenus similaires
    26 Août 2008 14:41:33

    Re,

    Télécharge SmitfraudFix (de S!ri).

  • Enregistre le sur ton Bureau.
  • Lance-le en double cliquant sur SmitfraudFix.exe
  • Appuie sur une touche comme demandé.
  • Exécute l’option 1, un rapport va apparaître, poste le.

    Le rapport se trouve ici : C:\rapport.txt
    26 Août 2008 15:33:57

    SmitFraudFix v2.339

    Rapport fait à 15:27:49.56, 26/08/2008
    Executé à partir de C:\Documents and Settings\jeu\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\tppaldr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\system32\PL15Co2K.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\jeu\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeu\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jeu\Favoris

    C:\DOCUME~1\jeu\Favoris\Error Cleaner.url PRESENT !
    C:\DOCUME~1\jeu\Favoris\Privacy Protector.url PRESENT !
    C:\DOCUME~1\jeu\Favoris\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\jeu\Bureau\Error Cleaner.url PRESENT !
    C:\DOCUME~1\jeu\Bureau\Privacy Protector.url PRESENT !
    C:\DOCUME~1\jeu\Bureau\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\PCHealthCenter\ PRESENT !
    C:\Program Files\VAV\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.40.241
    DNS Server Search Order: 212.27.40.240

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8BC3D7B9-5EB8-4D16-AAEF-E7A1359F4269}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8BC3D7B9-5EB8-4D16-AAEF-E7A1359F4269}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    26 Août 2008 19:32:37

    Re,

    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

    Relance SmitfraudFix.

  • Choisis l’option 2. (Oui à toutes les questions)
  • Si tu dois faire redémarrer ton ordi, fais-le. Quoi qu'il en soit, fais redémarrer ton ordinateur à la fin du Fix.
  • Poste le rapport qui se situe dans C:\rapport.txt ainsi qu’un nouveau rapport HijackThis.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.
    27 Août 2008 09:38:03

    bonjour,
    il faut que je me mette dans quel utilisateur? Administrateur ou celle dont je me sers?
    27 Août 2008 11:41:21

    re,
    c'est parti!!:

    SmitFraudFix v2.339

    Rapport fait à 11:18:06.38, 27/08/2008
    Executé à partir de C:\Documents and Settings\jeu\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix



    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\DOCUME~1\jeu\Bureau\Error Cleaner.url supprimé
    C:\DOCUME~1\jeu\Bureau\Privacy Protector.url supprimé
    C:\DOCUME~1\jeu\Bureau\Spyware?Malware Protection.url supprimé
    C:\DOCUME~1\jeu\Favoris\Error Cleaner.url supprimé
    C:\DOCUME~1\jeu\Favoris\Privacy Protector.url supprimé
    C:\DOCUME~1\jeu\Favoris\Spyware?Malware Protection.url supprimé
    C:\Program Files\PCHealthCenter\ supprimé
    C:\Program Files\VAV\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:38: VIRUS ALERT!, on 27/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\tppaldr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\system32\PL15Co2K.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: fdkowvbp - {65952D7F-B04B-4D60-99FF-77662FE2D2EF} - C:\WINDOWS\fdkowvbp.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [FX] C:\WINDOWS\Downloaded Program Files\ieloader.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\jeu\LOCALS~1\Temp\scksexde.exe/r
    O4 - HKLM\..\Run: [Sys2.exe] C:\Windows\Sys2.exe
    O4 - HKLM\..\Run: [000062bf] rundll32.exe "C:\WINDOWS\system32\xsyeifds.dll",b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    O4 - HKCU\..\Run: [Sys2.exe] C:\Windows\Sys2.exe
    O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: 67.19.178.84 (HKLM)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0....
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.ca...
    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers....
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.c...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/BUM_WIN_IE_2/a...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.ca...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_1...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab566...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/h...
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.c...
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0....
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://sympatico.zone.msn.com/bingame/popcaploader_v10....
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt....
    O20 - AppInit_DLLs: jbmpcg.dll
    O21 - SSODL: wnslvxtf - {41CFB977-A353-48EF-9A90-B2438B72191F} - C:\WINDOWS\wnslvxtf.dll
    O21 - SSODL: eqvwamkl - {7D38421E-C9FC-4E28-B543-BAC1858B4D52} - C:\WINDOWS\eqvwamkl.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 10974 bytes
    27 Août 2008 12:45:00

    Re,

    Télécharge SDFix (d’Andy Manchesta)

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<

    Note : Si SDFix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter
    * Copie/colle ceci:
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.
    * Redémarre et essaye de nouveau de lancer SDFix.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.
    27 Août 2008 15:20:22

    Re,
    probleme, je ne trouve pas mon C:\
    27 Août 2008 16:33:51

    ne trouvant pas C j'ai reinstallé sdfix (sous mode sans echec) sur le bureau et je l'ai lancé...
    betises ou pas?
    27 Août 2008 17:25:45

    re,


    SDFix: Version 1.219
    Run by jeu on 27/08/2008 at 16:40

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\Documents and Settings\jeu\Bureau\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File
    Restoring Default HomePage Value
    Restoring Default Desktop Components Value
    Restoring Windows Product ID To Remove Fake Virus Alert
    Restoring Time Format To Remove Fake Virus Alert

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\vtUnnkih.dll - Deleted
    C:\WINDOWS\ENDQ.EXE - Deleted
    C:\Documents and Settings\jeu\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728230739940.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728230819336.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728230842500.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728230925652.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080728232325462.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080729185146611.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080731200005150.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080731204630252.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080731213226150.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080825173248147.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080825190123223.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080826131440533.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080827113316516.log - Deleted
    C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080827150000788.log - Deleted
    C:\Documents and Settings\jeu\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk - Deleted
    C:\Documents and Settings\jeu\Bureau\Error Cleaner.url - Deleted
    C:\Documents and Settings\jeu\Favoris\Error Cleaner.url - Deleted
    C:\Documents and Settings\jeu\Bureau\Privacy Protector.url - Deleted
    C:\Documents and Settings\jeu\Favoris\Privacy Protector.url - Deleted
    C:\Documents and Settings\jeu\Bureau\Spyware&Malware Protection.url - Deleted
    C:\Documents and Settings\jeu\Favoris\Spyware&Malware Protection.url - Deleted
    C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe - Deleted
    C:\Program Files\Antivirus 2008 PRO\vscan.tsi - Deleted
    C:\Program Files\Antivirus 2008 PRO\zlib.dll - Deleted
    C:\WINDOWS\system32\sex1.ico - Deleted
    C:\WINDOWS\system32\sex2.ico - Deleted
    C:\Documents and Settings\jeu\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk - Deleted
    C:\Documents and Settings\jeu\Bureau\antivirus-2008pro.lnk - Deleted
    C:\smp.bat - Deleted
    C:\WINDOWS\eqvwamkl.dll - Deleted
    C:\WINDOWS\fdkowvbp.dll - Deleted
    C:\WINDOWS\grswptdl.exe - Deleted
    C:\WINDOWS\hosts - Deleted
    C:\WINDOWS\system32\vav.cpl - Deleted
    C:\WINDOWS\wnslvxtf.dll - Deleted



    Folder C:\Documents and Settings\jeu\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed
    Folder C:\Documents and Settings\All Users\Application Data\SoftLand Ltd - Removed
    Folder C:\Program Files\Antivirus 2008 PRO - Removed


    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-27 17:12:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:0000008b
    "TracesSuccessful"=dword:00000003

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:D isabled:Age of Empires II"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :


    File Backups: - C:\DOCUME~1\jeu\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sun 8 Jul 2007 5,388,088 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Fri 2 Apr 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 2 Apr 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
    Wed 7 Feb 2007 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
    Wed 7 Feb 2007 48 A.SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
    Thu 23 Jan 2003 65,952 ..SHR --- "C:\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"

    Finished!


    trop bien!! ;-)
    par contre je n'ai pas retrouvé mon fond d'écran et encore des pages internet qui s'ouvrent toutes seules!
    28 Août 2008 15:08:25

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    28 Août 2008 19:07:14

    re,
    ComboFix 08-08-27.06 - jeu 2008-08-28 18:49:10.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
    Endroit: C:\Documents and Settings\jeu\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\jeu\Bureau\antivirus-2008pro.lnk
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\jeu\Menu Démarrer\Programmes\Antivirus 2008 PRO
    C:\Documents and Settings\jeu\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk
    C:\Documents and Settings\jeu\Menu Démarrer\Programmes\MessengerSkinner
    C:\Documents and Settings\jeu\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
    C:\Documents and Settings\jeu\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\acmxwusn.ini
    C:\WINDOWS\system32\aghjeink.ini
    C:\WINDOWS\system32\awtttsrR.dll
    C:\WINDOWS\system32\ckbdfdjy.ini
    C:\WINDOWS\system32\eLmlTvut.ini
    C:\WINDOWS\system32\eLmlTvut.ini2
    C:\WINDOWS\system32\eqxdtxra.dll
    C:\WINDOWS\system32\fphanf.dll
    C:\WINDOWS\system32\jbmpcg.dll
    C:\WINDOWS\system32\jnjbnoho.dll
    C:\WINDOWS\system32\jysawlxp.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nijlxuux.dll
    C:\WINDOWS\system32\ojskkpnw.dll
    C:\WINDOWS\system32\pxlwasyj.ini
    C:\WINDOWS\system32\qnizps.dll
    C:\WINDOWS\system32\qoMeBrpq.dll
    C:\WINDOWS\system32\sdfieysx.ini
    C:\WINDOWS\system32\tuvTlmLe.dll
    C:\WINDOWS\system32\vffqov.dll
    C:\WINDOWS\system32\wetfvfex.ini
    C:\WINDOWS\system32\wpuutmwt.dll
    C:\WINDOWS\system32\xglzya.dll
    C:\WINDOWS\system32\xstgnwnx.dll
    C:\WINDOWS\system32\xsyeifds.dll
    C:\WINDOWS\system32\xudewx.dll
    C:\WINDOWS\system32\xxyabyaX.dll
    C:\WINDOWS\system32\yjdfdbkc.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-28 18:32 . 2008-08-28 18:32 0 --a------ C:\WINDOWS\system32\pxlwasyj.tmp
    2008-08-27 16:31 . 2008-08-27 16:32 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-27 15:06 . 2008-08-24 05:08 <REP> d-------- C:\SDFix
    2008-08-26 15:27 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-26 15:27 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-26 15:27 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-26 15:27 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-26 15:27 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-26 15:27 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-26 15:27 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-26 15:27 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-25 18:54 . 2008-08-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-27 09:18 3,696 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-08-25 16:34 --------- d-----w C:\Program Files\Soulseek
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-04-24 18:24 61,080 -c--a-w C:\Documents and Settings\jeu\Application Data\GDIPFONTCACHEV1.DAT
    2003-10-11 19:05 20,259 -c--a-w C:\Program Files\uninstal.log
    1999-06-30 13:06 151,552 ----a-w C:\WINDOWS\inf\Agfa\message.exe
    2006-12-07 17:47 13,339 --sha-r C:\WINDOWS\stsheets.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
    "TPP Auto Loader"="C:\WINDOWS\tppaldr.exe" [2001-10-05 14:54 118784]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-09-10 00:42 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-09-10 00:41 557056]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34 36864]
    "QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 19:57 98304]
    "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 07:05 36864]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 20:51 200704]
    "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 06:26 45056]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 13:19 176197]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29 290816]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 20:46 249896]
    "CARPService"="carpserv.exe" [2003-05-21 16:35 4608 C:\WINDOWS\system32\carpserv.exe]
    "HI-SPEED USB DEVICE Coinstaller"="PL15Co2K.exe" [2003-04-16 11:24 86016 C:\WINDOWS\system32\PL15Co2K.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-10-29 12:37:57 954475]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Supervision de Photo Loader.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2007-05-06 17:36:25 217088]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=jbmpcg.dll xudewx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^jeu^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
    path=C:\Documents and Settings\jeu\Menu Démarrer\Programmes\Démarrage\CD-MENU.LNK
    backup=C:\WINDOWS\pss\CD-MENU.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    --a--c--- 2003-03-26 11:15 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    --a------ 2006-03-01 12:58 712704 C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
    --a------ 2003-04-04 17:47 32768 C:\PROGRA~1\MESSAG~1\StartMessager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    --a------ 2005-10-17 17:24 81920 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-06-16 01:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Watch]
    --a--c--- 1999-10-18 16:44 24576 C:\PROGRA~1\Minitel\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SBService"=2 (0x2)
    "navapsvc"=3 (0x3)
    "ccPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

    R1 kmwnt;kmwnt;C:\WINDOWS\system32\drivers\kmwnt.sys [2000-07-17 15:59]
    R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 13:54]
    R3 CALIAUD;Conexant AMC 3D Environmental Audio;C:\WINDOWS\system32\drivers\caliaud.sys [2004-02-17 17:58]
    R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2004-02-17 17:59]
    R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-29 02:00]
    S2 acpid;acpid;C:\WINDOWS\System32\drivers\acpid.sys []
    S2 kmwsafe;kmwsafe;C:\WINDOWS\system32\drivers\kmwsafe.sys [2000-04-21 10:29]
    S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys []
    S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2003-05-27 15:58]
    S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\system32\DRIVERS\Express.sys [2002-10-17 03:00]
    S3 TPP200;USB Storage Adapter V2 (TPP);C:\WINDOWS\system32\DRIVERS\TPP200.SYS [2001-10-05 14:54]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    HKCU-Run-Sys2.exe - C:\Windows\Sys2.exe
    HKLM-Run-FX - C:\WINDOWS\Downloaded Program Files\ieloader.exe
    HKLM-Run-Sys2.exe - C:\Windows\Sys2.exe
    HKLM-Run-000062bf - C:\WINDOWS\system32\jysawlxp.dll
    MSConfigStartUp-ccApp - C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    MSConfigStartUp-ccRegVfy - C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
    MSConfigStartUp-SpySheriff - C:\Program Files\SpySheriff\SpySheriff.exe
    MSConfigStartUp-ZoneAlarm Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe


    .
    ------- Supplementary Scan -------
    .

    O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
    C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-28 18:53:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ?X#B?????????????l|B? ??????

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-28 18:58:30
    ComboFix-quarantined-files.txt 2008-08-28 16:57:25

    Pre-Run: 20,709,593,088 octets libres
    Post-Run: 20,695,224,320 octets libres

    186 --- E O F --- 2008-07-24 17:57:37
    28 Août 2008 21:59:53

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\WINDOWS\system32\pxlwasyj.tmp

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    -----------------

    Télécharge Navilog (de Il-Mafioso)

  • Enregistre-le sur ton Bureau.
  • Installe-le en double cliquant sur navilog.exe.
  • Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]
  • Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2, 3 et 4 sans notre accord !
  • Patiente jusqu'à l'apparition de ce message :
    *** Analyse Termine le ..... ***
  • Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
  • Poste le rapport généré.

    Le rapport se trouve ici : C:\fixnavi.txt
    1 Septembre 2008 15:24:05

    hello,
    un autre probleme, les fichiers n'ont pas été installé et la fenetre ne s'est pas ouverte.... je poste quand meme le rapport!???
    2 Septembre 2008 21:51:58

    bonsoir :) 
    oui, tu postes les deux rapports:
    ComboFix.txt et fixnavi.txt
    3 Septembre 2008 11:53:30

    bonjour,

    ComboFix 08-08-31.01 - jeu 2008-09-01 14:54:21.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.114 [GMT 2:00]
    Endroit: C:\Documents and Settings\jeu\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\jeu\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-01 to 2008-09-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-27 16:31 . 2008-08-27 16:32 <REP> d-------- C:\WINDOWS\ERUNT
    2008-08-27 15:06 . 2008-08-24 05:08 <REP> d-------- C:\SDFix
    2008-08-26 15:27 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-08-26 15:27 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-08-26 15:27 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-08-26 15:27 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-26 15:27 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-08-26 15:27 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-08-26 15:27 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-08-26 15:27 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-08-25 18:54 . 2008-08-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-28 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-27 09:18 3,696 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-08-25 16:34 --------- d-----w C:\Program Files\Soulseek
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-04-24 18:24 61,080 -c--a-w C:\Documents and Settings\jeu\Application Data\GDIPFONTCACHEV1.DAT
    2003-10-11 19:05 20,259 -c--a-w C:\Program Files\uninstal.log
    1999-06-30 13:06 151,552 ----a-w C:\WINDOWS\inf\Agfa\message.exe
    2006-12-07 17:47 13,339 --sha-r C:\WINDOWS\stsheets.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-28_18.56.37.49 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-09-06 10:09:49 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
    + 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
    + 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
    + 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    + 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
    + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    + 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    - 2007-09-06 10:03:02 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    + 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    + 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
    + 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    - 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-09-01 12:12:58 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_71c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23 75520]
    "TPP Auto Loader"="C:\WINDOWS\tppaldr.exe" [2001-10-05 14:54 118784]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-09-10 00:42 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-09-10 00:41 557056]
    "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34 36864]
    "QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 19:57 98304]
    "PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 07:05 36864]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-23 20:51 200704]
    "Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 06:26 45056]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 13:19 176197]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29 290816]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
    "CARPService"="carpserv.exe" [2003-05-21 16:35 4608 C:\WINDOWS\system32\carpserv.exe]
    "HI-SPEED USB DEVICE Coinstaller"="PL15Co2K.exe" [2003-04-16 11:24 86016 C:\WINDOWS\system32\PL15Co2K.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-10-29 12:37:57 954475]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Supervision de Photo Loader.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2007-05-06 17:36:25 217088]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^jeu^Menu Démarrer^Programmes^Démarrage^CD-MENU.LNK]
    path=C:\Documents and Settings\jeu\Menu Démarrer\Programmes\Démarrage\CD-MENU.LNK
    backup=C:\WINDOWS\pss\CD-MENU.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    --a--c--- 2003-03-26 11:15 684032 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
    --a------ 2006-03-01 12:58 712704 C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
    --a------ 2003-04-04 17:47 32768 C:\PROGRA~1\MESSAG~1\StartMessager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    --a------ 2005-10-17 17:24 81920 C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-06-16 01:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Watch]
    --a--c--- 1999-10-18 16:44 24576 C:\PROGRA~1\Minitel\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SBService"=2 (0x2)
    "navapsvc"=3 (0x3)
    "ccPwdSvc"=3 (0x3)
    "ccEvtMgr"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

    R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 13:54]
    S2 acpid;acpid;C:\WINDOWS\System32\drivers\acpid.sys []
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-01 14:57:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????|????|?p???? ?X#B?????????????l|B? ??????

    Balayage des fichiers cachés ...


    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-01 15:02:24
    ComboFix-quarantined-files.txt 2008-09-01 13:01:19
    ComboFix2.txt 2008-09-01 12:43:42
    ComboFix3.txt 2008-08-28 16:58:31

    Pre-Run: 20,836,581,376 octets libres
    Post-Run: 20,825,006,080 octets libres

    136 --- E O F --- 2008-08-28 18:25:24



    Search Navipromo version 3.6.5 commencé le 03/09/2008 à 11:42:17.93

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "jeu"

    Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "C:\WINDOWS" ***


    *** Recherche dossiers dans "C:\Program Files" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\jeu\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\jeu\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


    *** Recherche dossiers dans "C:\Documents and Settings\jeu\menudm~1\progra~1" ***


    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\jeu\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :


    * Dans "C:\Documents and Settings\jeu\locals~1\applic~1" :


    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 03/09/2008 à 11:52:05.97 ***
    3 Septembre 2008 18:39:55

    bonjour
    reposte un log hijackthis stp
    4 Septembre 2008 20:28:24

    bonsoir,


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:23:19, on 04/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\tppaldr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\WINDOWS\system32\PL15Co2K.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: 67.19.178.84 (HKLM)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0....
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.ca...
    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers....
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.c...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/BUM_WIN_IE_2/a...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.ca...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_1...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab566...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/h...
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.c...
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0....
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt....
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 9873 bytes
    4 Septembre 2008 21:41:01

    bonsoir

    Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits


    4 Septembre 2008 22:02:59

    en fait j'avais installé antivir il y a quelques temps et j'ai réinstallé avast il y a quelques jours....
    5 Septembre 2008 21:07:42

    bonsoir
    antivir est beaucoup plus performant.

    pourquoi as-tu remis avast?
    7 Septembre 2008 20:25:33

    je ne sais pas trop parce que je l'utilise sur mon autre pc
    il faut que je change sur les 2?
    7 Septembre 2008 22:23:32

    bonsoir,
    j'ai reinstallé antivir, cela m'a tout l'air d'être un festival de sales betes....!!!



    Avira AntiVir Personal
    Report file date: dimanche 7 septembre 2008 20:52

    Scanning for 1602105 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: CPQ28923106282

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 18:50:45
    ANTIVIR3.VDF : 7.0.6.125 226816 Bytes 07/09/2008 18:50:46
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 07/09/2008 18:50:53
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.1 397683 Bytes 07/09/2008 18:50:52
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 07/09/2008 18:50:51
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 07/09/2008 18:50:50
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 07/09/2008 18:50:48
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 07/09/2008 18:50:47
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 07/09/2008 18:50:46
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 7 septembre 2008 20:52

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'Plauto.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'PL15Co2K.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb03.exe' - '1' Module(s) have been scanned
    Scan process 'ONETOUCH.EXE' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'TPPALDR.EXE' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'carpserv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SyncServices.exe' - '1' Module(s) have been scanned
    Scan process 'MaxBackServiceInt.exe' - '1' Module(s) have been scanned
    Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned
    Scan process 'HPConfig.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    38 processes with 38 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '65' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\jeu\Bureau\SmitfraudFix.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.132 dropper
    [NOTE] The file was moved to '492d2443.qua'!
    C:\Documents and Settings\jeu\Bureau\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/antivirus-2008pro.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.VirusIsolator.S phishing file/email
    --> backups/av2008xp.exe
    [DETECTION] Is the TR/Dldr.FraudLoad.vatp Trojan
    --> backups/vav.cpl
    [DETECTION] Is the TR/Fakealert.VA Trojan
    --> backups/vtUnnkih.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49272445.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtttsrR.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49382d44.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\eqxdtxra.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '493c2d42.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\fphanf.dll.vir
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '492c2d43.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\jysawlxp.dll.vir
    [DETECTION] Is the TR/Monder.jck Trojan
    [NOTE] The file was moved to '49372d4e.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\qoMeBrpq.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '49112d47.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tuvTlmLe.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '493a2d4f.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xsyeifds.dll.vir
    [DETECTION] Is the TR/Monder.ifk Trojan
    [NOTE] The file was moved to '493d2d50.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyabyaX.dll.vir
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '493d2d57.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\yjdfdbkc.dll.vir
    [DETECTION] Is the TR/Monder.jck Trojan
    [NOTE] The file was moved to '49282d4b.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095385.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.WinAntiVirus.AG phishing file/email
    [NOTE] The file was moved to '48f42fe3.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095386.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AG phishing file/email
    [NOTE] The file was moved to '48f42fe6.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095387.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AC phishing file/email
    [NOTE] The file was moved to '48f42fe9.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095388.exe
    [DETECTION] Is the TR/PcHealth.1 Trojan
    [NOTE] The file was moved to '48f42feb.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095389.exe
    [DETECTION] Is the TR/Agent.wam Trojan
    [NOTE] The file was moved to '48f42fec.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095390.exe
    [0] Archive type: RAR SFX (self extracting)
    --> vav.exe
    [DETECTION] Is the TR/FakeAV.AD.3 Trojan
    [DETECTION] Contains recognition pattern of the DR/Fraud.VistAntivi dropper
    [NOTE] The file was moved to '48f42ff0.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095391.exe
    [DETECTION] Is the TR/Dldr.Agent.122 Trojan
    [NOTE] The file was moved to '48f42ff3.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095394.cpl
    [DETECTION] Is the TR/Fakealert.VA Trojan
    [NOTE] The file was moved to '48f42ff5.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095395.exe
    [0] Archive type: RAR SFX (self extracting)
    --> 0.exe
    [DETECTION] Is the TR/FakeAV.X.1 Trojan
    --> 1.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AG phishing file/email
    --> 2.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AC phishing file/email
    --> 3.exe
    [DETECTION] Is the TR/PcHealth.1 Trojan
    --> 4.exe
    [DETECTION] Is the TR/Agent.wam Trojan
    --> 5.exe
    [DETECTION] Contains recognition pattern of the DR/Fraud.VistAntivi dropper
    --> 5.exe
    [1] Archive type: RAR SFX (self extracting)
    --> vav.exe
    [DETECTION] Is the TR/FakeAV.AD.3 Trojan
    [DETECTION] Contains recognition pattern of the DR/FraudTool.WinAntiVirus.AG.1 dropper
    --> 7.exe
    [DETECTION] Is the TR/Dldr.Agent.122 Trojan
    [NOTE] The file was moved to '48f42ff9.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095399.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AG phishing file/email
    [NOTE] The file was moved to '48f42ffc.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095400.exe
    [DETECTION] Is the TR/Agent.wam Trojan
    [NOTE] The file was moved to '48f42fff.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095401.exe
    [DETECTION] Is the TR/Dldr.Agent.122 Trojan
    [NOTE] The file was moved to '48f43001.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095402.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AC phishing file/email
    [NOTE] The file was moved to '48f43003.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095403.exe
    [DETECTION] Is the TR/PcHealth.1 Trojan
    [NOTE] The file was moved to '48f43005.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095404.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AG phishing file/email
    [NOTE] The file was moved to '48f43007.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095405.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AC phishing file/email
    [NOTE] The file was moved to '48f43009.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095406.exe
    [DETECTION] Is the TR/PcHealth.1 Trojan
    [NOTE] The file was moved to '48f4300b.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095407.exe
    [DETECTION] Is the TR/Agent.wam Trojan
    [NOTE] The file was moved to '48f4300d.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0095408.exe
    [DETECTION] Is the TR/Dldr.Agent.122 Trojan
    [NOTE] The file was moved to '48f4300f.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0096399.exe
    [DETECTION] Is the TR/Agent.wam Trojan
    [NOTE] The file was moved to '48f43011.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0096400.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AC phishing file/email
    [NOTE] The file was moved to '48f43013.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0096401.exe
    [DETECTION] Is the TR/PcHealth.1 Trojan
    [NOTE] The file was moved to '48f43015.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0096402.exe
    [DETECTION] Is the TR/Dldr.Agent.122 Trojan
    [NOTE] The file was moved to '48f43019.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0096403.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48f4301b.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0096414.exe
    [DETECTION] Is the TR/PcHealth.1 Trojan
    [NOTE] The file was moved to '48f4301d.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0097414.exe
    [DETECTION] Is the TR/PcHealth.1 Trojan
    [NOTE] The file was moved to '48f4301f.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0098414.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48f43021.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099518.dll
    [DETECTION] Is the TR/Monder.box Trojan
    [NOTE] The file was moved to '48f43027.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099524.exe
    [DETECTION] Is the TR/FakeAV.X.1 Trojan
    [NOTE] The file was moved to '48f4302a.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099525.exe
    [0] Archive type: RAR SFX (self extracting)
    --> vav.exe
    [DETECTION] Is the TR/FakeAV.AD.3 Trojan
    [DETECTION] Contains recognition pattern of the DR/Fraud.VistAntivi dropper
    [NOTE] The file was moved to '48f4302c.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099529.exe
    [DETECTION] Is the TR/Fakealert.UU Trojan
    [NOTE] The file was moved to '48f4302f.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099558.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48f43032.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099561.exe
    [DETECTION] Is the TR/Dldr.FraudLoad.vatp Trojan
    [NOTE] The file was moved to '48f43034.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099563.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.VirusIsolator.S phishing file/email
    [NOTE] The file was moved to '48f43036.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099572.cpl
    [DETECTION] Is the TR/Fakealert.VA Trojan
    [NOTE] The file was moved to '48f43038.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099578.exe
    [DETECTION] Contains recognition pattern of the PHISH/FraudTool.VirusIsolator.S phishing file/email
    [NOTE] The file was moved to '48f4303b.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099580.exe
    [DETECTION] Is the TR/Dldr.FraudLoad.vatp Trojan
    [NOTE] The file was moved to '48f4303d.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099594.cpl
    [DETECTION] Is the TR/Fakealert.VA Trojan
    [NOTE] The file was moved to '48f43040.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP361\A0099596.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48f43042.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099659.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48f4304a.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099660.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48f4304d.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099661.dll
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to '48f4304f.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099664.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48f43050.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099665.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48f43052.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099668.dll
    [DETECTION] Is the TR/Vundo.Gen Trojan
    [NOTE] The file was moved to '48f43054.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099671.dll
    [DETECTION] Is the TR/Monder.jck Trojan
    [NOTE] The file was moved to '48f43056.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099675.dll
    [DETECTION] Is the TR/Monder.ifk Trojan
    [NOTE] The file was moved to '48f43058.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP363\A0099677.dll
    [DETECTION] Is the TR/Monder.jck Trojan
    [NOTE] The file was moved to '48f4305a.qua'!
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP370\A0102307.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.132 dropper
    [NOTE] The file was moved to '48f5309b.qua'!


    End of the scan: dimanche 7 septembre 2008 22:10
    Used time: 1:18:02 Hour(s)

    The scan has been done completely.

    6309 Scanning directories
    295423 Files were scanned
    73 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    60 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    295348 Files not concerned
    6997 Archives were scanned
    2 Warnings
    60 Notes

    8 Septembre 2008 20:42:31

    bonsoir
    non, c'est bon, il réagit sur les outils de désinfection et leur sauvegardes. :) 

    comment se comporte ton pc?

    reposte un log hijackthis stp
    9 Septembre 2008 10:44:18

    bonjour,
    ca va il a l'air de se comporter correctement, il n'y a plus de fenetres intempestives et au niveau de la vitesse ca va (c'est un vieux pc ;-), il réfléchit un peu!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:39:41, on 09/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\tppaldr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\WINDOWS\system32\PL15Co2K.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\CASIO\Photo Loader\Plauto.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: 67.19.178.84 (HKLM)
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0....
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.ca...
    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://zone.msn.com/bingame/pppp/default/PiratePoppers....
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.c...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/BUM_WIN_IE_2/a...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.ca...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_1...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab67031....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab566...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C7E002D6-324B-4500-883D-84B620FD8640} (Bridge Installer) - http://cdn2.zone.msn.com/Bingame/BRDG/dataFiles_64916/h...
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.c...
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0....
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt....
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 9850 bytes

    9 Septembre 2008 21:14:47

    bonsoir

    ~Télécharge CCleaner:

    http://www.filehippo.com/download_ccleaner/

    ~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
    Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
    Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
    Tuto de CCleaner: (merci à Malekal) .
    http://www.malekal.com/tutorial_CCleaner.html


    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    10 Septembre 2008 10:57:50

    Merci beaucoup, j'espere que cela aller mieux... je vais faire lire le dossier à mon ami!
    10 Septembre 2008 18:49:12

    de rien
    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS