Se connecter / S'enregistrer
Votre question

PC infecté par des spywares

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Septembre 2008 14:31:31

Bonjour
Mon PC est infecté par des spywares (des messages d'alerte s'affichent sans arret, en particulier de MS security center). J'ai beau lancer les antivirus que j'ai les uns apres les autres (avast, spybot search and destroy, ad-aware SE personal) je n'en viens pas à bout.
De plus, je peux me connecter à internet mais je ne peux acceder à aucun site.

J'avoue ne pas etre une pro de l'informatique... Pouvez vous m'aider?

Autres pages sur : infecte spywares

5 Septembre 2008 15:15:38

J'ai vu sur d'autres sujets que vous conseilliez de faire un rapport Hijackthis. Voici mon résultat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:58, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\efgzyzuz\gjotevwr.exe
C:\windows\system32\sstray.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSA\MSA.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\setup1050.exe
C:\windows\system32\mvgryjkf.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\DOCUME~1\Philippe\LOCALS~1\Temp\c.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: LogicFunctions module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Documents and Settings\All Users\Application Data\services\services.dll
O2 - BHO: msvbcr40 module - {2756BAD7-2F9F-47ef-AE6D-8D39CCEB396F} - C:\windows\system32\msvbcr40.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\windows\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85075989-D1BD-9A66-8CCB-973D5B522AB1} - C:\DOCUME~1\Philippe\APPLIC~1\TWOFIL~1\Data Active.exe (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [spam global mix soft] C:\Documents and Settings\All Users\Application Data\start bias spam global\cooluser.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{317e0368-a946-dae1-90d4-366e21fb0321}] C:\windows\System32\Rundll32.exe "C:\windows\system32\npbxwpgomwywjwpg.dll" DllStart
O4 - HKLM\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKLM\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKLM\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKLM\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKLM\..\Run: [\VIEA.exe] C:\Windows\System32\VIEA.exe
O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Onetick] C:\DOCUME~1\Philippe\APPLIC~1\GLUEJU~1\funk move store.exe
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\uwfx5.exe /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Philippe\LOCALS~1\Temp\setup1050.exe
O4 - HKCU\..\Run: [apiwinweb] C:\windows\system32\mvgryjkf.exe
O4 - HKCU\..\Run: [\VIE2.exe] C:\Windows\System32\VIE2.exe
O4 - HKCU\..\Run: [\VIE3.exe] C:\Windows\System32\VIE3.exe
O4 - HKCU\..\Run: [\VIE4.exe] C:\Windows\System32\VIE4.exe
O4 - HKCU\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKCU\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe
O4 - HKCU\..\Run: [\VIE1.exe] C:\Windows\System32\VIE1.exe
O4 - HKCU\..\Run: [\VIEA.exe] C:\Windows\System32\VIEA.exe
O4 - HKCU\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe
O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorun
O4 - HKLM\..\Policies\Explorer\Run: [pmsngr.exe] C:\Program Files\TrueCodec\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [4LEyV9W817] C:\Documents and Settings\All Users\Application Data\efgzyzuz\gjotevwr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e3991c002d3242459cc11119bdb473e2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e3991c002d3242459cc11119bdb473e2
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://9miss-zouavette9.spaces.live.com//PhotoUpload/Ms...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://9miss-zouavette9.spaces.live.com/PhotoUpload/Msn...
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_0...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{53890159-A7C0-49EE-BCF6-D3BCBC2D9251}: NameServer = 192.168.1.1
O22 - SharedTaskScheduler: Reload Browse - {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} - (no file)
O22 - SharedTaskScheduler: {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - cholecyst - (no file)
O22 - SharedTaskScheduler: clamoring - {0d9eb558-0666-479e-868a-21b1d1a53bd1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 16644 bytes
a b 8 Sécurité
5 Septembre 2008 18:21:36

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Contenus similaires
    5 Septembre 2008 21:03:37

    Ca y est s'est enfin fait!
    Mon pc a l'air d'aller mieux, en tout cas j'ai plus aucune alerte d'infection.

    Voila le rapport:

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1116
    Windows 5.1.2600 Service Pack 2

    05/09/2008 20:49:03
    mbam-log-2008-09-05 (20-49-03).txt

    Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
    Eléments examinés: 126665
    Temps écoulé: 1 hour(s), 56 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 25
    Valeur(s) du Registre infectée(s): 26
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 19
    Fichier(s) infecté(s): 70

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\logicfunctions.logicfunctions (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\logicfunctions.logicfunctions.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\msvbcr40.msvbcr40 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\msvbcr40.msvbcr40.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{_clsid_washellexecutecheck} (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mxlivemedia (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\LogicFunctions (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\usdr6v_is1 (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viea.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viea.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{317e0368-a946-dae1-90d4-366e21fb0321} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Application Data\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Application Data\SystemDoctor 2006 Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites\Liens (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites\Media (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites\Media\RealPlayer Live Stations (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites\Orange (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites\Services (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites\Sites Web Microsoft (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Favorites\Wanadoo (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\Groups (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\popup (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Delete on reboot.
    C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\jgxohsby.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\scan.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\_addon.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4884C877-3EBE-4FA5-A17C-0713257D5459}\RP1\A0000002.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4884C877-3EBE-4FA5-A17C-0713257D5459}\RP1\A0000005.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4884C877-3EBE-4FA5-A17C-0713257D5459}\RP1\A0000006.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rqldbbvgbpmziszix.exe (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Application Data\SystemDoctor 2006 Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080901175858843.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080901200815375.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080901201929546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080901213542140.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080904171957859.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080904173315218.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080904174242828.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080904174505171.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080904175658031.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080905140655343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080905183233921.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080905184029437.log (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
    C:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\phcplnj0e9fc.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\setup1050.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Bureau\GAY and LESBIAN.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Bureau\PORN DVDs.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Bureau\MS Antivirus.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Bureau\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Philippe\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    5 Septembre 2008 21:04:31

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    5 Septembre 2008 21:36:45

    ComboFix 08-09-04.09 - Philippe 2008-09-05 21:19:54.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.246 [GMT 2:00]
    Endroit: E:\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Philippe\Cookies\philippe@autoextra[1].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@date.ventivmedia[1].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@edt02[2].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@esearchvision[2].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@fnac[1].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@linternaute[2].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@metrics.adobe[1].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@polenord[1].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@spamblockerutility[2].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@stats.canalblog[2].txt
    C:\Documents and Settings\Philippe\Cookies\philippe@tracker.affistats[2].txt
    C:\Documents and Settings\Philippe\err.log
    C:\Documents and Settings\Philippe\new.txt
    C:\windows\bobsaver.exe
    C:\windows\bobsaver.scr

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-05 20:51 . 2008-09-05 20:51 94,208 --a------ C:\WINDOWS\system32\ctareped.exe
    2008-09-05 18:35 . 2008-09-05 18:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-05 18:35 . 2008-09-05 18:35 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Malwarebytes
    2008-09-05 18:35 . 2008-09-05 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-05 18:35 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-05 18:35 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-05 15:07 . 2008-09-05 15:07 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-04 17:24 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\2.ico
    2008-09-04 17:20 . 2008-09-04 18:03 <REP> d-------- C:\Program Files\MSA
    2008-09-04 17:20 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
    2008-09-01 17:58 . 2008-09-05 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
    2008-09-01 01:01 . 2008-09-01 01:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\efgzyzuz
    2008-09-01 01:01 . 2008-09-01 01:01 86,016 --a------ C:\WINDOWS\system32\mvgryjkf.exe
    2008-09-01 01:00 . 2008-09-05 20:49 <REP> d-------- C:\Program Files\SAV
    2008-08-24 14:23 . 2008-08-24 14:25 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Nikon
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Program Files\Nikon
    2008-08-24 14:21 . 2008-08-24 14:25 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Organic
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    2008-08-24 14:15 . 2008-08-24 14:24 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    2008-08-24 14:02 . 2008-08-24 14:02 <REP> d-------- C:\Program Files\ArcSoft
    2008-08-17 14:46 . 2008-08-17 14:46 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-08-08 22:15 . 2008-08-08 22:15 <REP> d-------- C:\Documents and Settings\Philippe\popup
    2008-08-08 22:15 . 2008-08-08 22:15 <REP> d-------- C:\Documents and Settings\Philippe\Groups

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-05 19:26 --------- d-----w C:\Program Files\Wanadoo
    2008-09-05 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-09-01 13:35 --------- d-----w C:\Program Files\Circle Developement
    2008-08-31 13:07 --------- d-----w C:\Program Files\OpenOffice.org1.1.1
    2008-08-31 12:55 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-28 14:46 --------- d-----w C:\Documents and Settings\Philippe\Application Data\ZoomBrowser EX
    2008-08-28 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2008-08-27 21:44 --------- d-----w C:\Program Files\eMule
    2008-08-24 12:14 --------- d-----w C:\Program Files\QuickTime
    2008-08-24 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-24 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-17 12:46 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-08-07 14:39 --------- d-----w C:\Program Files\Google
    1999-06-30 13:06 151,552 -c--a-r C:\windows\inf\Agfa\Message.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [1999-08-04 127040]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
    "apiwinweb"="C:\windows\system32\mvgryjkf.exe" [2008-09-01 86016]
    "CmdMsgApl"="C:\windows\system32\ctareped.exe" [2008-09-05 94208]
    "smartuiact"="C:\windows\system32\mxsrilmd.exe" [2008-09-05 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 4620288]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-03-11 81920]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-17 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 286720]
    "nForce Tray Options"="sstray.exe" [2003-12-17 C:\WINDOWS\system32\sstray.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "4LEyV9W817"="C:\Documents and Settings\All Users\Application Data\efgzyzuz\gjotevwr.exe" [2008-09-01 77824]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Philippe^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.1.lnk]
    path=C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.1.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 1.1.1.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2004-10-30 02:50 4620288 C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2004-10-30 02:50 86016 C:\WINDOWS\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2003-12-13 02:50 33792 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2004-10-30 02:50 921600 C:\WINDOWS\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\WinMX\\WinMX.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule: TCP entrant
    "4672:UDP"= 4672:UDP:emule: UDP entrant

    R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R3 usbscan;Pilote de scanneur USB;C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [ ]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{85075989-D1BD-9A66-8CCB-973D5B522AB1} - C:\DOCUME~1\Philippe\APPLIC~1\TWOFIL~1\Data Active.exe
    HKCU-Run-Onetick - C:\DOCUME~1\Philippe\APPLIC~1\GLUEJU~1\funk move store.exe
    HKCU-Run-WinFixer 2005 - C:\Program Files\WinFixer 2005\uwfx5.exe
    HKLM-Run-spam global mix soft - C:\Documents and Settings\All Users\Application Data\start bias spam global\cooluser.exe
    SharedTaskScheduler-{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} - (no file)
    SharedTaskScheduler-cholecyst - (no file)
    SharedTaskScheduler-{0d9eb558-0666-479e-868a-21b1d1a53bd1} - (no file)


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Ouvrir dans un nouvel onglet d'arrière-plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e3991c002d3242459cc11119bdb473e2
    O8 -: Ouvrir dans un nouvel onglet de premier plan - C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e3991c002d3242459cc11119bdb473e2
    O9 -: { - C:\Program Files\Messenger\msmsgs.exe
    O17 -: HKLM\CCS\Interface\{53890159-A7C0-49EE-BCF6-D3BCBC2D9251}: NameServer = 192.168.1.1
    O18 -: Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\itss51.dll

    O16 -: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmt.bouyguestelecom.fr/mmawap/jsp/composer/player/mmsPlayer.cab
    C:\WINDOWS\Downloaded Program Files\SMILViewer_DX6.inf
    C:\WINDOWS\system32\l3codecx.ax
    C:\WINDOWS\system32\qedit.dll
    C:\WINDOWS\scroll.bmp
    C:\WINDOWS\system32\Pal.dll
    C:\WINDOWS\system32\ErrorHandler.dll
    C:\WINDOWS\system32\MCS.dll
    C:\WINDOWS\Downloaded Program Files\xmltok.dll
    C:\WINDOWS\Downloaded Program Files\xmlparse.dll
    C:\WINDOWS\Downloaded Program Files\coltrans.ax
    C:\WINDOWS\Downloaded Program Files\WBMPSource.ax
    C:\WINDOWS\Downloaded Program Files\PNGSource.ax
    C:\WINDOWS\system32\Mpeg4DSF.dll
    C:\WINDOWS\system32\Mpeg4Tools.dll
    C:\WINDOWS\system32\Mpeg4System.dll
    C:\WINDOWS\Downloaded Program Files\MelodySourceParser.ax
    C:\WINDOWS\system32\AMRDSF.dll
    C:\WINDOWS\system32\AMR.dll
    C:\WINDOWS\Downloaded Program Files\scg.ax
    C:\WINDOWS\Downloaded Program Files\HtmlParser.dll
    C:\WINDOWS\Downloaded Program Files\HTMLSourceFilter.ax
    C:\WINDOWS\Downloaded Program Files\VideoCompositor.ax
    C:\WINDOWS\Downloaded Program Files\StreamControl.ax
    C:\WINDOWS\Downloaded Program Files\DownloadersWI.dll
    C:\WINDOWS\Downloaded Program Files\Parsers.dll
    C:\WINDOWS\Downloaded Program Files\PlayerServer.dll
    C:\WINDOWS\Downloaded Program Files\MPO.dll
    C:\WINDOWS\Downloaded Program Files\CoreExecutive.dll
    C:\WINDOWS\Downloaded Program Files\SMILInetCtrl.dll
    C:\WINDOWS\Downloaded Program Files\RegType_IE.dll

    O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://www.mesvacancesenphoto.com/Components/Upload/ImageUploa...
    C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
    C:\WINDOWS\unicows.dll
    C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-05 21:25:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-05 21:31:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-05 19:31:24

    Pre-Run: 85,912,473,600 octets libres
    Post-Run: 86,109,868,032 octets libres

    264 --- E O F --- 2008-09-04 15:47:21
    a b 8 Sécurité
    6 Septembre 2008 12:25:44

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\ctareped.exe
    C:\WINDOWS\system32\mvgryjkf.exe
    C:\WINDOWS\system32\mxsrilmd.exe

    Folder::
    C:\Documents and Settings\All Users\Application Data\services
    C:\Documents and Settings\All Users\Application Data\efgzyzuz

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "apiwinweb"=-
    "CmdMsgApl"=-
    "smartuiact"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "4LEyV9W817"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Septembre 2008 13:07:24

    Voila le rapport combofix:

    ComboFix 08-09-04.09 - Philippe 2008-09-06 12:50:59.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.162 [GMT 2:00]
    Endroit: E:\ComboFix.exe
    Command switches used :: E:\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\efgzyzuz
    C:\Documents and Settings\All Users\Application Data\efgzyzuz\gjotevwr.exe
    C:\Documents and Settings\All Users\Application Data\services
    C:\WINDOWS\system32\ctareped.exe
    C:\WINDOWS\system32\mvgryjkf.exe
    C:\WINDOWS\system32\mxsrilmd.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-06 12:49 . 2008-09-06 12:49 90,112 --a------ C:\WINDOWS\system32\jqnyhwzy.exe
    2008-09-05 18:35 . 2008-09-05 18:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-05 18:35 . 2008-09-05 18:35 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Malwarebytes
    2008-09-05 18:35 . 2008-09-05 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-05 18:35 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-05 18:35 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-05 15:07 . 2008-09-05 15:07 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-04 17:24 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\2.ico
    2008-09-04 17:20 . 2008-09-04 18:03 <REP> d-------- C:\Program Files\MSA
    2008-09-04 17:20 . 2008-08-28 15:57 3,262 --a------ C:\WINDOWS\system32\1.ico
    2008-09-01 01:00 . 2008-09-05 20:49 <REP> d-------- C:\Program Files\SAV
    2008-08-24 14:23 . 2008-08-24 14:25 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Nikon
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Program Files\Nikon
    2008-08-24 14:21 . 2008-08-24 14:25 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Organic
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    2008-08-24 14:15 . 2008-08-24 14:24 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    2008-08-24 14:02 . 2008-08-24 14:02 <REP> d-------- C:\Program Files\ArcSoft
    2008-08-17 14:46 . 2008-08-17 14:46 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-08-08 22:15 . 2008-08-08 22:15 <REP> d-------- C:\Documents and Settings\Philippe\popup
    2008-08-08 22:15 . 2008-08-08 22:15 <REP> d-------- C:\Documents and Settings\Philippe\Groups

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 10:49 --------- d-----w C:\Program Files\Wanadoo
    2008-09-05 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-09-01 13:35 --------- d-----w C:\Program Files\Circle Developement
    2008-08-31 13:07 --------- d-----w C:\Program Files\OpenOffice.org1.1.1
    2008-08-31 12:55 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-28 14:46 --------- d-----w C:\Documents and Settings\Philippe\Application Data\ZoomBrowser EX
    2008-08-28 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2008-08-27 21:44 --------- d-----w C:\Program Files\eMule
    2008-08-24 12:15 106,496 ----a-w C:\windows\system32\ATL71.DLL
    2008-08-24 12:14 --------- d-----w C:\Program Files\QuickTime
    2008-08-24 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-24 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-17 12:46 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-08-07 14:39 --------- d-----w C:\Program Files\Google
    2008-07-18 20:10 94,920 ----a-w C:\windows\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\windows\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\windows\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\windows\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\windows\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\windows\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\windows\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\windows\system32\muweb.dll
    2008-07-07 20:31 253,952 ----a-w C:\windows\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\windows\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\windows\system32\mswsock.dll
    1999-06-30 13:06 151,552 -c--a-r C:\windows\inf\Agfa\Message.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-05_21.31.04.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-06 10:48:21 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_638.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [1999-08-04 127040]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
    "MsgSmartInfo"="C:\windows\system32\jqnyhwzy.exe" [2008-09-06 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 4620288]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-03-11 81920]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-17 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 286720]
    "nForce Tray Options"="sstray.exe" [2003-12-17 C:\WINDOWS\system32\sstray.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-02-07 962661]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-04-05 169472]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
    Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-22 124400]
    Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 53317]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Philippe^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.1.lnk]
    path=C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.1.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 1.1.1.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2004-10-30 02:50 4620288 C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2004-10-30 02:50 86016 C:\WINDOWS\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2003-12-13 02:50 33792 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2004-10-30 02:50 921600 C:\WINDOWS\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\WinMX\\WinMX.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule: TCP entrant
    "4672:UDP"= 4672:UDP:emule: UDP entrant

    R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R3 usbscan;Pilote de scanneur USB;C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [ ]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 12:54:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-06 12:55:53
    ComboFix-quarantined-files.txt 2008-09-06 10:55:39
    ComboFix2.txt 2008-09-05 19:31:32

    Pre-Run: 86,094,598,144 octets libres
    Post-Run: 86,082,813,952 octets libres

    184 --- E O F --- 2008-09-04 15:47:21
    6 Septembre 2008 13:08:23

    Et le rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:00:44, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\windows\system32\sstray.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\windows\system32\jqnyhwzy.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [MsgSmartInfo] C:\windows\system32\jqnyhwzy.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e3991c002d3242459cc11119bdb473e2
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e3991c002d3242459cc11119bdb473e2
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://9miss-zouavette9.spaces.live.com//PhotoUpload/Ms...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://9miss-zouavette9.spaces.live.com/PhotoUpload/Msn...
    O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_0...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{53890159-A7C0-49EE-BCF6-D3BCBC2D9251}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

    --
    End of file - 12985 bytes
    a b 8 Sécurité
    6 Septembre 2008 13:35:02

    Refais un script :

    File::
    C:\WINDOWS\system32\jqnyhwzy.exe
    C:\WINDOWS\system32\2.ico
    C:\WINDOWS\system32\1.ico
    6 Septembre 2008 14:04:01

    Rapport combofix:

    ComboFix 08-09-04.09 - Philippe 2008-09-06 13:54:31.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.226 [GMT 2:00]
    Endroit: E:\ComboFix.exe
    Command switches used :: E:\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\1.ico
    C:\WINDOWS\system32\2.ico
    C:\WINDOWS\system32\jqnyhwzy.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-05 18:35 . 2008-09-05 18:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-05 18:35 . 2008-09-05 18:35 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Malwarebytes
    2008-09-05 18:35 . 2008-09-05 18:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-05 18:35 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-05 18:35 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-05 15:07 . 2008-09-05 15:07 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-04 17:20 . 2008-09-04 18:03 <REP> d-------- C:\Program Files\MSA
    2008-09-01 01:00 . 2008-09-05 20:49 <REP> d-------- C:\Program Files\SAV
    2008-08-24 14:23 . 2008-08-24 14:25 <REP> d-------- C:\Documents and Settings\Philippe\Application Data\Nikon
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Program Files\Nikon
    2008-08-24 14:21 . 2008-08-24 14:25 <REP> d-------- C:\Program Files\Fichiers communs\Nikon
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Program Files\Fichiers communs\muvee Technologies
    2008-08-24 14:21 . 2008-08-24 14:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nikon
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Organic
    2008-08-24 14:15 . 2008-08-24 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    2008-08-24 14:15 . 2008-08-24 14:24 20 ---h----- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    2008-08-24 14:02 . 2008-08-24 14:02 <REP> d-------- C:\Program Files\ArcSoft
    2008-08-17 14:46 . 2008-08-17 14:46 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2008-08-08 22:15 . 2008-08-08 22:15 <REP> d-------- C:\Documents and Settings\Philippe\popup
    2008-08-08 22:15 . 2008-08-08 22:15 <REP> d-------- C:\Documents and Settings\Philippe\Groups

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 11:00 --------- d-----w C:\Program Files\Wanadoo
    2008-09-05 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-09-01 13:35 --------- d-----w C:\Program Files\Circle Developement
    2008-08-31 13:07 --------- d-----w C:\Program Files\OpenOffice.org1.1.1
    2008-08-31 12:55 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-28 14:46 --------- d-----w C:\Documents and Settings\Philippe\Application Data\ZoomBrowser EX
    2008-08-28 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2008-08-27 21:44 --------- d-----w C:\Program Files\eMule
    2008-08-24 12:15 106,496 ----a-w C:\windows\system32\ATL71.DLL
    2008-08-24 12:14 --------- d-----w C:\Program Files\QuickTime
    2008-08-24 12:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-24 12:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-17 12:46 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-08-07 14:39 --------- d-----w C:\Program Files\Google
    2008-07-18 20:10 94,920 ----a-w C:\windows\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\windows\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\windows\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\windows\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\windows\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\windows\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\windows\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\windows\system32\muweb.dll
    2008-07-07 20:31 253,952 ----a-w C:\windows\system32\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\windows\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\windows\system32\wininet.dll
    2008-06-20 17:41 247,808 ----a-w C:\windows\system32\mswsock.dll
    1999-06-30 13:06 151,552 -c--a-r C:\windows\inf\Agfa\Message.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-05_21.31.04.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-06 10:59:15 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_638.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [1999-08-04 127040]
    "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-30 4620288]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-03-11 81920]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-17 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 286720]
    "nForce Tray Options"="sstray.exe" [2003-12-17 C:\WINDOWS\system32\sstray.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-02-07 962661]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-04-05 169472]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
    Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-22 124400]
    Rappels du Calendrier Microsoft Works.lnk - C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 53317]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKLM\~\startupfolder\C:^Documents and Settings^Philippe^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 1.1.1.lnk]
    path=C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 1.1.1.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 1.1.1.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    C:\windows\system32\dumprep 0 -u [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2004-10-30 02:50 4620288 C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2004-10-30 02:50 86016 C:\WINDOWS\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2003-12-13 02:50 33792 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2004-10-30 02:50 921600 C:\WINDOWS\system32\nwiz.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\WinMX\\WinMX.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:emule: TCP entrant
    "4672:UDP"= 4672:UDP:emule: UDP entrant

    R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R3 usbscan;Pilote de scanneur USB;C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [ ]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-MsgSmartInfo - C:\windows\system32\jqnyhwzy.exe



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 13:57:47
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-06 13:59:00
    ComboFix-quarantined-files.txt 2008-09-06 11:58:47
    ComboFix2.txt 2008-09-06 10:55:54
    ComboFix3.txt 2008-09-05 19:31:32

    Pre-Run: 86,067,728,384 octets libres
    Post-Run: 86,056,767,488 octets libres

    180 --- E O F --- 2008-09-04 15:47:21
    6 Septembre 2008 14:06:18

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:59:30, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\windows\system32\sstray.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\windows\system32\nvsvc32.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
    C:\windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e3991c002d3242459cc11119bdb473e2
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e3991c002d3242459cc11119bdb473e2
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://9miss-zouavette9.spaces.live.com//PhotoUpload/Ms...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://9miss-zouavette9.spaces.live.com/PhotoUpload/Msn...
    O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_0...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://www.mesvacancesenphoto.com/Components/Upload/Ima...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{53890159-A7C0-49EE-BCF6-D3BCBC2D9251}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

    --
    End of file - 12865 bytes
    6 Septembre 2008 18:50:06

    Le rapport d'antivir:



    Avira AntiVir Personal
    Report file date: samedi 6 septembre 2008 15:25

    Scanning for 1599979 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Philippe
    Computer name: REGADE-2F300AF3

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 13:19:40
    ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 05/09/2008 13:19:42
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 06/09/2008 13:19:55
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.1 397683 Bytes 06/09/2008 13:19:53
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 06/09/2008 13:19:51
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 06/09/2008 13:19:50
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 06/09/2008 13:19:45
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 06/09/2008 13:19:43
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 06/09/2008 13:19:42
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 6 septembre 2008 15:25

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    12 processes with 12 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '75' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Philippe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-617b99fd-514b9d16.zip
    [0] Archive type: ZIP
    --> BlackBox.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
    --> VerifierBug.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus
    --> Dummy.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus
    --> Beyond.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\Philippe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6ca8bca4-5f5363c3.zip
    [0] Archive type: ZIP
    --> BlackBox.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
    --> VerifierBug.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus
    --> Dummy.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus
    --> Beyond.class
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus
    [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\Philippe\Mes documents\setup_110152_3_.exe
    [DETECTION] Is the TR/FraudPack.95232 Trojan
    [NOTE] The file was deleted!
    C:\Documents and Settings\Philippe\Mes documents\ph.regade\install_5371_mhw1fdb8fhx8fhw_.exe
    [DETECTION] Is the TR/Dldr.FraudLoa.ZD Trojan
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\efgzyzuz\gjotevwr.exe.vir
    [DETECTION] Is the TR/Dldr.Obfuscated.dnw Trojan
    [NOTE] The file was deleted!


    End of the scan: samedi 6 septembre 2008 17:11
    Used time: 1:45:24 Hour(s)

    The scan has been done completely.

    8289 Scanning directories
    192128 Files were scanned
    13 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    5 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    192114 Files not concerned
    1487 Archives were scanned
    1 Warnings
    5 Notes

    a b 8 Sécurité
    6 Septembre 2008 18:51:05

    Encore des soucis ?
    6 Septembre 2008 19:20:31

    Bon ba tout à l'air d'aller!

    Merci beaucoup!!
    a b 8 Sécurité
    6 Septembre 2008 19:27:23

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS