Se connecter / S'enregistrer
Votre question

TROJAN ROOT KIT

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Juillet 2008 20:27:33

Salut
j'ai choppé un trojan rootkit
j'ai suivi le processus a2 puis hijack
voila ce que ça donne
est ce que quelqun pourrait m'aider ?
svp



Logfile of HijackThis v1.99.1
Scan saved at 19:52:32, on 19/07/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Users\mykey\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Hijackthis\HijackThis.exe
C:\Hiajckthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\mykey\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll,c
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HAFOOZJAY - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\HAFOOZJAY.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: M-Audio Fast Track Ultra Installer (MAudioFTUService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: OCOSFLO - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\OCOSFLO.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: REQQFL - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\REQQFL.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TJI - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\TJI.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Autres pages sur : trojan root kit

19 Juillet 2008 22:31:11

Bonsoir,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)
    19 Juillet 2008 23:40:29

    cool
    merci XmichouX
    Quand jel'ai fait ça a booté et voila le rapport
    Qu'en penses tu?


    -----------\\ ToolBar S&D 1.0.6 XP/Vista

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : mykey ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
    [ 19/07/2008 | 23:36:35,27 ] [ PC : PC-DE-MYKEY ]
    [ MAJ : 18-07-2008 | 20:45 ]
    [ UAC => 0 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar
    C:\Program Files\AskTBar\SrchAstt
    C:\Program Files\PCHealthCenter
    C:\Program Files\PCHealthCenter\0.exe
    C:\Program Files\PCHealthCenter\0.gif
    C:\Program Files\PCHealthCenter\1.gif
    C:\Program Files\PCHealthCenter\2.gif
    C:\Program Files\PCHealthCenter\3.gif
    C:\Program Files\PCHealthCenter\sc.html
    C:\Program Files\PCHealthCenter\sex1.ico
    C:\Program Files\PCHealthCenter\sex2.ico

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://fr.yahoo.com/"
    "Search Bar"="http://www.yahoo.com/search/ie.html"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    [ UAC => 1 ]

    -----------\\ Fin du rapport a 23:37:09,01
    Contenus similaires
    Pas de réponse à votre question ? Demandez !
    20 Juillet 2008 00:12:23

    JUSTE POUR INFO
    quand je fais un scan AVG, il y a entre autre une infection "hidden driver"
    qui est dans C/windows/System32/driver/apfciccq.SYS
    20 Juillet 2008 00:45:04

    apparemment ma version de hijackthis etait ancienne
    alors j'ai reinstallé et refait un scan egalement
    j'espere que ça va aider!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:40:56, on 20/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\system32\lxctcoms.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Users\mykey\Program Files\DNA\btdna.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\taskeng.exe
    C:\Hiajckthis\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O2 - BHO: (no name) - {F833D6C7-C906-4A1E-AC95-A90EC28A46DF} - C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\mykey\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll,c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HAFOOZJAY - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\HAFOOZJAY.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: M-Audio Fast Track Ultra Installer (MAudioFTUService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: OCOSFLO - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\OCOSFLO.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: REQQFL - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\REQQFL.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TJI - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\TJI.exe

    --
    End of file - 14804 bytes
    20 Juillet 2008 10:23:29

    SVP REPONDEZ MOI
    XmichouX J'AI VRAIMENT BESOIN DE SAVOIR QUOI FAIRE MAINTENANT!!
    20 Juillet 2008 10:38:31

    Salut,

    Merci de patienter un petit peu et ne de pas abuser des majuscules comme indiqué dans mon autre post.
    Comme tu dois certainement le savoir, nous sommes en juillet, et donc, en période vacances.

    Beaucoup de helpers sont en vacances, et donc, il est plus difficile pour les helpers restants de garder la maison. De plus, ils sont bénévoles et n'aident que sur leur temps libre, merci de patienter, ils te répondront (xmichoux te répondra bientôt)
    20 Juillet 2008 12:30:25

    Hello,

    Merci Omar ;) 

    Relance Toolbar-S&D en double-cliquant sur le raccourci.

  • Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.
    ! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
  • Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.

    [#008040]Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
    Tapes explorer et valide. Cela te fera apparaitre ton bureau
    20 Juillet 2008 13:55:15

    Merci XmichouX
    Désolé je ne connais pas bien le protocole du site
    voila le rapport toolbar apres suppression



    -----------\\ ToolBar S&D 1.0.6 XP/Vista

    [ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
    [ USER : mykey ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
    [ 20/07/2008 | 13:50:26,62 ] [ PC : PC-DE-MYKEY ]
    [ MAJ : 18-07-2008 | 20:45 ]
    [ UAC => 0 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskTBar\bar
    Supprime! - C:\Program Files\AskTBar\SrchAstt
    Supprime! - C:\Program Files\PCHealthCenter\0.exe
    Supprime! - C:\Program Files\PCHealthCenter\0.gif
    Supprime! - C:\Program Files\PCHealthCenter\1.gif
    Supprime! - C:\Program Files\PCHealthCenter\2.gif
    Supprime! - C:\Program Files\PCHealthCenter\3.gif
    Supprime! - C:\Program Files\PCHealthCenter\sc.html
    Supprime! - C:\Program Files\PCHealthCenter\sex1.ico
    Supprime! - C:\Program Files\PCHealthCenter\sex2.ico
    Supprime! - C:\Program Files\AskTBar
    Supprime! - C:\Program Files\PCHealthCenter

    -----------\\ Recherche de Fichiers / Dossiers ...


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://fr.yahoo.com/"
    "Search Bar"="http://www.yahoo.com/search/ie.html"
    "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


    [ UAC => 1 ]

    -----------\\ Fin du rapport a 13:52:38,48
    20 Juillet 2008 13:57:48

    et voilà la rapport hijackthis
    encore merci pour ton aide, vous êtes chanmés les gars!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:56:06, on 20/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\system32\lxctcoms.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\cmd.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hiajckthis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {69F2310F-2DD6-4F54-8637-AC443C3F5751} - C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll,c
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HAFOOZJAY - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\HAFOOZJAY.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: M-Audio Fast Track Ultra Installer (MAudioFTUService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: OCOSFLO - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\OCOSFLO.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: REQQFL - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\REQQFL.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TJI - Sysinternals - www.sysinternals.com - C:\Users\mykey\AppData\Local\Temp\TJI.exe

    --
    End of file - 14268 bytes
    20 Juillet 2008 14:42:34

    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    20 Juillet 2008 15:00:26

    Ok

    voila le rapport combofix(c'est normal qu'apres reboot il m'ai dit qu'il manquait un fichier windows?Je pense que ça fait partie du fix!)

    ComboFix 08-07-19.1 - mykey 2008-07-20 14:46:50.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1704 [GMT 2:00]
    Endroit: C:\Users\mykey\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
    C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
    C:\Program Files\VAV
    C:\Program Files\VAV\vav.ooo
    C:\Program Files\VAV\vav0.dat
    C:\Program Files\VAV\vav1.dat
    C:\Users\mykey\Desktop\Vista Antivirus 2008.lnk

    ----- BITS: Possible sites infect‚s -----

    hxxp://rad.msn.com
    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-20 to 2008-07-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-20 00:26 . 2008-07-20 00:26 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-19 23:14 . 2008-07-20 13:52 <REP> d-------- C:\Toolbar SD
    2008-07-19 19:26 . 2008-07-19 19:43 <REP> d-------- C:\Hijackthis
    2008-07-19 19:25 . 2008-07-20 13:56 <REP> d-------- C:\Hiajckthis
    2008-07-19 16:28 . 2008-07-20 14:20 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-07-19 14:57 . 2008-07-19 14:57 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-14 17:01 . 2008-06-26 02:33 11,722,752 --a------ C:\Windows\System32\NlsLexicons0001.dll
    2008-06-26 21:59 . 2008-06-26 21:59 <REP> d-------- C:\Users\mykey\AppData\Roaming\Applied Acoustics Systems
    2008-06-26 21:55 . 2004-02-25 18:19 69,632 --a------ C:\Windows\System32\NI_DFD_1_2_9.dll
    2008-06-26 21:34 . 2008-07-20 13:43 <REP> d--h----- C:\$AVG8.VAULT$
    2008-06-26 21:21 . 2008-07-19 19:34 <REP> d-------- C:\Windows\System32\drivers\Avg
    2008-06-26 21:21 . 2008-06-26 21:21 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
    2008-06-26 21:21 . 2008-06-26 21:21 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
    2008-06-26 21:21 . 2008-06-26 21:21 12,936 --a------ C:\Windows\System32\drivers\avgrkx86.sys
    2008-06-26 21:21 . 2008-07-08 11:26 10,520 --a------ C:\Windows\System32\avgrsstx.dll
    2008-06-26 21:08 . 2008-06-26 21:08 <REP> d-------- C:\Program Files\Common Files\Native Instruments
    2008-06-26 20:54 . 2008-06-26 20:54 <REP> d-------- C:\Program Files\Lounge Lizard
    2008-06-26 20:54 . 2003-08-27 12:39 198,656 --a------ C:\Windows\LOOP.exe
    2008-06-26 20:14 . 2008-06-26 21:21 <REP> d-------- C:\Users\All Users\avg8
    2008-06-26 20:14 . 2008-06-26 20:14 <REP> d-------- C:\Program Files\AVG
    2008-06-26 20:14 . 2008-06-26 21:21 <REP> d-------- C:\PROGRA~2\avg8
    2008-06-26 10:17 . 2008-06-26 10:17 <REP> d-------- C:\Program Files\Common Files\Digidesign
    2008-06-26 10:16 . 2008-06-26 10:16 <REP> d-------- C:\Program Files\Art Vista
    2008-06-25 23:46 . 2008-06-25 23:46 <REP> d-------- C:\Program Files\Spectrasonics
    2008-06-25 16:38 . 2008-06-25 16:38 368,640 --a------ C:\Windows\System32\ReWire.dll
    2008-06-25 16:38 . 2008-06-25 16:38 233,472 --a------ C:\Windows\System32\REX Shared Library.dll
    2008-06-25 16:31 . 2008-06-25 16:31 <REP> d-------- C:\Program Files\free-downloads.net
    2008-06-25 16:30 . 2008-06-25 16:30 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-06-23 12:28 . 2008-06-23 12:28 <REP> d-------- C:\Program Files\Propellerhead
    2008-06-22 17:31 . 1999-05-11 16:36 254,005 --a------ C:\Windows\System32\temp.008
    2008-06-22 17:31 . 1999-05-23 18:00 1,024 --a------ C:\Windows\ReCycle17.dat
    2008-06-22 17:13 . 2008-06-22 17:13 <REP> d-------- C:\Users\mykey\AppData\Roaming\DAEMON Tools
    2008-06-22 17:13 . 2008-06-22 17:13 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
    2008-06-22 17:01 . 2008-06-22 17:01 <REP> d-------- C:\Program Files\UltraISO
    2008-06-22 17:01 . 2008-06-22 17:01 <REP> d-------- C:\Program Files\Common Files\EZB Systems
    2008-06-22 16:49 . 2007-12-26 10:23 3,316,987 --a------ C:\uiso8_pe.exe
    2008-06-21 20:27 . 2008-06-21 20:28 <REP> d-------- C:\Program Files\Finale 2006

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-20 12:49 --------- d-----w C:\Users\mykey\AppData\Roaming\DNA
    2008-07-20 12:45 --------- d-----w C:\PROGRA~2\Roxio
    2008-07-20 12:07 --------- d-----w C:\Program Files\Lx_cats
    2008-07-19 12:58 --------- d-----w C:\Program Files\Lavasoft
    2008-07-19 11:49 --------- d-----w C:\PROGRA~2\Lavasoft
    2008-07-17 18:36 --------- d-----w C:\Users\mykey\AppData\Roaming\uTorrent
    2008-07-14 14:55 174 --sha-w C:\Program Files\desktop.ini
    2008-07-10 16:46 --------- d-----w C:\Program Files\Windows Mail
    2008-07-07 18:44 --------- d-----w C:\Users\mykey\AppData\Roaming\BitTorrent
    2008-06-26 19:08 --------- d-----w C:\Program Files\Native Instruments
    2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
    2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
    2008-06-22 16:57 --------- d-----w C:\Program Files\Steinberg
    2008-06-22 14:53 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-06-22 13:59 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-06-22 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-22 13:58 --------- d-----w C:\Program Files\CyberLink
    2008-06-22 13:56 --------- d-----w C:\Program Files\Packard Bell
    2008-06-22 11:34 --------- d-----w C:\Program Files\VSTPlugIns
    2008-06-19 09:54 --------- d-----w C:\Program Files\TELE2
    2008-06-01 13:12 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-06-01 13:11 --------- d-----w C:\PROGRA~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-29 21:45 --------- d-----w C:\Program Files\NeroInstall.bak
    2008-05-29 21:31 --------- d-----w C:\Users\mykey\AppData\Roaming\Nero
    2008-05-29 21:29 --------- d-----w C:\Program Files\Common Files\Nero
    2008-05-29 21:27 --------- d-----w C:\Program Files\Nero
    2008-05-29 21:27 --------- d-----w C:\PROGRA~2\Nero
    2008-05-21 10:46 27,335 ----a-w C:\Users\mykey\AppData\Roaming\nvModes.dat
    2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
    2008-04-29 20:25 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-04-29 20:25 32 ----a-w C:\PROGRA~2\ezsid.dat
    2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-04-23 05:12 292,352 ----a-w C:\Windows\System32\psisdecd.dll
    2008-04-23 05:11 428,032 ----a-w C:\Windows\System32\EncDec.dll
    2008-04-23 04:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
    2008-02-08 13:32 233,472 ----a-w C:\Users\mykey\AppData\Roaming\REX Shared Library.dll
    2008-02-08 13:32 225,280 ----a-w C:\Users\mykey\AppData\Roaming\Rewire.dll
    2008-01-31 22:19 0 ----a-w C:\Users\mykey\AppData\Roaming\wklnhst.dat
    2003-02-26 18:51 786,432 ----a-w C:\Users\Public\USB.PlugSound.All.Plugins.v1.82.KeyGen.exe
    2008-02-05 09:02 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-02-05 09:02 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-02-05 09:02 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-01-31 22:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008013120080201\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EC18304-FAF4-41A0-AAFF-FBEAB16A46B1}]
    2008-07-19 13:34 322816 --a------ C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2007-12-10 13:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-01 14:35 1232896]
    "BitTorrent DNA"="C:\Users\mykey\Program Files\DNA\btdna.exe" [2008-05-08 10:43 289088]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
    "b0422c37"="C:\Users\mykey\AppData\Local\Temp\lddgljcr.dll" [2008-07-20 14:53 92672]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 23:36 36864]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 00:40 857648]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 22:19 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 22:19 8478720]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 22:19 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-10 07:22 243200]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
    "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 12:28 45056]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-14 13:56 98304]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 10:11 291760]
    "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 10:12 304048]
    "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 10:11 82864]
    "LXCTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 13:27 106496]
    "M-Audio Taskbar Icon"="C:\Windows\System32\M-AudioTaskBarIcon.exe" [2008-01-08 10:55 210952]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 11:26 1232152]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-19 16:52 2686608]

    C:\Users\mykey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

    C:\Users\mykey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ValidateAdminCodeSignatures"= 1 (0x1)
    "FilterAdministratorToken"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\Users\mykey\AppData\Local\Temp\wvUoPffd

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{D77F655C-70EC-4003-A648-C6659AE685DA}"= Profile=Private|C:\Program Files\CyberLink\MagicSports\MagicSports.exe:_this_program_will_be_deleted
    "{7705B9AE-0422-4281-816F-04877B89166D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C32FF51D-E2B3-466E-A9E7-24F47F14D6CC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{9C276841-DEED-4D9D-9908-96BC4F0950C9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{93EDEC56-5FDD-427D-9157-E0AE1767FDAA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{55E94E0A-E2C6-4F42-A014-5BAB49CA5472}"= UDP:C:\Program Files\DNA\btdna.exe:D NA
    "{8F904B13-0DC8-4EFD-9C85-1444FC65732E}"= TCP:C:\Program Files\DNA\btdna.exe:D NA
    "{B1B43E9A-C5A5-4FCE-BBC7-9E594CB0141C}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{A2350CD5-904E-49C5-831E-257752B4BE12}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{46EF7893-DCFC-47C4-99D8-90DD3DDA4393}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{4DFDAC2C-9548-4FD6-A655-7CCD572AEA48}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{64D54478-10C0-4D12-A44A-6F49AADE08DF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{386F98AC-0FAB-4ACF-9D37-3CE926B5FDB7}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{80B17313-29FA-4D0E-BA27-02B8ADDCBB89}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{18BADD5D-B3BF-48F2-92E5-8A298BAC9BD8}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "TCP Query User{7D443798-3D7D-41C9-BC08-C689C79A3A8A}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{0D7A1AA9-82F4-4A68-BAB1-E23552EB445A}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "{B5D89548-75E6-4FC4-A89E-1FD14C4401B5}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "{95E2E7E8-05D5-467B-BF13-488948817175}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "{47C9D801-0A0C-4F2D-88A9-6813B94CDEF3}"= UDP:C:\Program Files\Lavasoft\Ad-Aware 2007\lsupdatemanager.exe:Ad-Aware Update Manager
    "{8040BA10-DAEE-473A-8AB5-7C4260F12FFA}"= TCP:C:\Program Files\Lavasoft\Ad-Aware 2007\lsupdatemanager.exe:Ad-Aware Update Manager
    "{F64B2ADB-599D-4342-9B59-7AAFDC32DA9D}"= UDP:C:\Program Files\Lexmark 5400 Series\lxctmon.exe:D evice Monitor
    "{D943CE1D-142D-4657-A57C-C518CFF577FF}"= TCP:C:\Program Files\Lexmark 5400 Series\lxctmon.exe:D evice Monitor
    "{4B3D6D22-0031-409D-827B-44C0B25E95DD}"= UDP:C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
    "{93C3D34B-A85D-48BF-B21C-D4F4752041BF}"= TCP:C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
    "{364918A9-AAB8-457C-8C2D-A6AEA655F104}"= UDP:C:\Windows\System32\lxctcoms.exe:Lexmark Communications System
    "{5A78F188-E5D7-42D1-B16A-CD5B45DB8C0A}"= TCP:C:\Windows\System32\lxctcoms.exe:Lexmark Communications System
    "{571B7D0B-578B-44E5-A5DE-3E0D30D0AA3F}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "{C03DB7B9-1804-45C7-A44E-A158C66CD11D}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "TCP Query User{3434B88F-9AD7-4A3D-BA89-4781081DE179}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{C6AF7BEA-B0FF-4AE9-9325-851D237BEE73}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{B5B4A5EA-405F-4FD0-87DB-C15BC5CFAECF}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{FE8A8D63-B37F-46B0-8D3F-1BD058FA5C79}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "TCP Query User{DE36F7EB-1256-485D-9782-DBA692AA944A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{E85745CB-41FB-48CB-9645-AAFE270A1114}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "{3E16262D-4E1D-49DA-93B1-91D88E07B9D0}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
    "{573D2CE4-A01A-4C2A-8EF2-F051CC6F9E9F}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{05411C22-3AE4-4897-9179-CCE50771F21A}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
    "{D8FD08F4-7F99-475A-956A-3870EC64B84B}"= UDP:C:\Program Files\DNA\btdna.exe:D NA
    "{817C9A1B-5A42-400C-AEA7-7F21064C5EDE}"= TCP:C:\Program Files\DNA\btdna.exe:D NA

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-06-26 21:21]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-26 21:21]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-08 11:26]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 11:26]
    R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-26 21:21]
    R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 14:38]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
    S2 MAudioFTUService;M-Audio Fast Track Ultra Installer;C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe []
    S3 HAFOOZJAY;HAFOOZJAY;C:\Users\mykey\AppData\Local\Temp\HAFOOZJAY.exe []
    S3 MAUSBRI;M-Audio Fast Track Ultra Service;C:\Windows\system32\DRIVERS\mausbftu.sys [2008-01-08 10:55]
    S3 OCOSFLO;OCOSFLO;C:\Users\mykey\AppData\Local\Temp\OCOSFLO.exe []
    S3 REQQFL;REQQFL;C:\Users\mykey\AppData\Local\Temp\REQQFL.exe []
    S3 TJI;TJI;C:\Users\mykey\AppData\Local\Temp\TJI.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4972a37d-d883-11dc-a576-001b24a3c163}]
    \shell\Auto\command - activexdebugger32.exe f
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e
    \shell\explore\Command - activexdebugger32.exe f
    \shell\open\Command - activexdebugger32.exe f

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5567b96a-da52-11dc-8138-001b24a3c163}]
    \shell\AutoRun\command - H:\LaunchU3.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-20 14:51:58
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\Windows\system32\lsass.exe
    -> C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Users\mykey\AppData\Local\Temp\lddgljcr.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Windows\System32\audiodg.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    C:\Windows\System32\lxctcoms.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\IoctlSvc.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\Windows\System32\conime.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-20 14:57:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-20 12:57:13

    Pre-Run: 10,443,386,880 octets libres
    Post-Run: 16,738,615,296 octets libres

    300 --- E O F --- 2008-07-18 10:57:06




    20 Juillet 2008 16:36:15

    Re XmichouX

    Comment je sais si tout est en clean?
    20 Juillet 2008 17:58:31

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\Users\mykey\AppData\Local\Temp\lddgljcr.dll
    C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll

    Driver::
    TJI
    REQQFL
    OCOSFLO
    HAFOOZJAY

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EC18304-FAF4-41A0-AAFF-FBEAB16A46B1}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "b0422c37"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    "Adobe Reader Speed Launcher"=-
    "NBKeyScan"=-


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    ****

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    20 Juillet 2008 19:04:44

    alors le souci c'est que quand je glisse le CFscript dans combofix, ça me dit
    "une reference a été renvoyée par le serveur" et ça ne demarre pas!
    20 Juillet 2008 19:07:41

    Est ce que je dois faire exit sur mon avg antivirus?
    20 Juillet 2008 19:22:14

    Et en fait, j'ai essayé de retelecharger une version de combo, parceque celle ci ne s'ouvrait plus, et ça ne veut même pas se lancer...Je ne comprends pas!
    pourtant les antivirus sont éteints
    20 Juillet 2008 22:16:18

    le souci c'est sur vista je ne sais pas comment on fait!
    ouais je sais, je suis une brêle mais bon, je fais ce que je peux!
    20 Juillet 2008 22:51:27

    Le principe est le même que sur le tuto que je t'ai mis en vert :) 
    20 Juillet 2008 23:32:25

    ok
    merci XmichouX
    c'est trippant de suivre le process comme ça!
    alors en mode sans echec le combo a eu quelques soucis apparemment mais il m'a sorti ce rapport

    ComboFix 08-07-20.2 - mykey 2008-07-20 23:11:10.1 - NTFSx86 MINIMAL
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2602 [GMT 2:00]
    Endroit: C:\Users\mykey\Desktop\ComboFix.exe
    Command switches used :: C:\Users\mykey\Desktop\CFScript.txt
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\mykey\AppData\Local\Temp\wvUoPffd.dll
    C:\Users\mykey\Desktop\Vista Antivirus 2008.lnk

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_HAFOOZJAY
    -------\Service_OCOSFLO
    -------\Service_REQQFL
    -------\Service_TJI


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-20 to 2008-07-20 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier cr‚‚ dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-20 21:04 --------- d-----w C:\Users\mykey\AppData\Roaming\DNA
    2008-07-20 13:21 --------- d-----w C:\PROGRA~2\Roxio
    2008-07-20 12:20 --------- d-----w C:\Program Files\a-squared Anti-Malware
    2008-07-20 12:07 --------- d-----w C:\Program Files\Lx_cats
    2008-07-19 22:26 --------- d-----w C:\Program Files\Trend Micro
    2008-07-19 12:58 --------- d-----w C:\Program Files\Lavasoft
    2008-07-19 12:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-19 11:49 --------- d-----w C:\PROGRA~2\Lavasoft
    2008-07-17 18:36 --------- d-----w C:\Users\mykey\AppData\Roaming\uTorrent
    2008-07-14 14:55 174 --sha-w C:\Program Files\desktop.ini
    2008-07-10 16:46 --------- d-----w C:\Program Files\Windows Mail
    2008-07-07 18:44 --------- d-----w C:\Users\mykey\AppData\Roaming\BitTorrent
    2008-06-26 19:59 --------- d-----w C:\Users\mykey\AppData\Roaming\Applied Acoustics Systems
    2008-06-26 19:21 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
    2008-06-26 19:21 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
    2008-06-26 19:21 12,936 ----a-w C:\Windows\system32\drivers\avgrkx86.sys
    2008-06-26 19:21 --------- d-----w C:\PROGRA~2\avg8
    2008-06-26 19:08 --------- d-----w C:\Program Files\Native Instruments
    2008-06-26 19:08 --------- d-----w C:\Program Files\Common Files\Native Instruments
    2008-06-26 18:54 --------- d-----w C:\Program Files\Lounge Lizard
    2008-06-26 18:14 --------- d-----w C:\Program Files\AVG
    2008-06-26 08:17 --------- d-----w C:\Program Files\Common Files\Digidesign
    2008-06-26 08:16 --------- d-----w C:\Program Files\Art Vista
    2008-06-25 21:46 --------- d-----w C:\Program Files\Spectrasonics
    2008-06-25 14:31 --------- d-----w C:\Program Files\free-downloads.net
    2008-06-25 14:30 --------- d-----w C:\Program Files\Alcohol Soft
    2008-06-23 10:28 --------- d-----w C:\Program Files\Propellerhead
    2008-06-22 16:57 --------- d-----w C:\Program Files\Steinberg
    2008-06-22 15:13 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
    2008-06-22 15:13 --------- d-----w C:\Users\mykey\AppData\Roaming\DAEMON Tools
    2008-06-22 15:01 --------- d-----w C:\Program Files\UltraISO
    2008-06-22 15:01 --------- d-----w C:\Program Files\Common Files\EZB Systems
    2008-06-22 14:53 --------- d-----w C:\Program Files\Elaborate Bytes
    2008-06-22 13:59 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-06-22 13:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-22 13:58 --------- d-----w C:\Program Files\CyberLink
    2008-06-22 13:56 --------- d-----w C:\Program Files\Packard Bell
    2008-06-22 11:34 --------- d-----w C:\Program Files\VSTPlugIns
    2008-06-21 18:28 --------- d-----w C:\Program Files\Finale 2006
    2008-06-19 09:54 --------- d-----w C:\Program Files\TELE2
    2008-06-01 13:12 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
    2008-06-01 13:11 --------- d-----w C:\PROGRA~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    2008-05-29 21:45 --------- d-----w C:\Program Files\NeroInstall.bak
    2008-05-29 21:31 --------- d-----w C:\Users\mykey\AppData\Roaming\Nero
    2008-05-29 21:29 --------- d-----w C:\Program Files\Common Files\Nero
    2008-05-29 21:27 --------- d-----w C:\Program Files\Nero
    2008-05-29 21:27 --------- d-----w C:\PROGRA~2\Nero
    2008-05-21 10:46 27,335 ----a-w C:\Users\mykey\AppData\Roaming\nvModes.dat
    2008-04-29 20:25 32 ----a-w C:\Users\All Users\ezsid.dat
    2008-04-29 20:25 32 ----a-w C:\PROGRA~2\ezsid.dat
    2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-08 13:32 233,472 ----a-w C:\Users\mykey\AppData\Roaming\REX Shared Library.dll
    2008-02-08 13:32 225,280 ----a-w C:\Users\mykey\AppData\Roaming\Rewire.dll
    2008-01-31 22:19 0 ----a-w C:\Users\mykey\AppData\Roaming\wklnhst.dat
    2003-02-26 18:51 786,432 ----a-w C:\Users\Public\USB.PlugSound.All.Plugins.v1.82.KeyGen.exe
    2008-02-05 09:02 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-02-05 09:02 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-02-05 09:02 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2008-01-31 22:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008013120080201\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
    2007-12-10 13:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424]

    [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-01 14:35 1232896]
    "BitTorrent DNA"="C:\Users\mykey\Program Files\DNA\btdna.exe" [2008-05-08 10:43 289088]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
    "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 09:20 222080]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
    "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 23:36 36864]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 00:40 857648]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 22:19 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 22:19 8478720]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 22:19 81920]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-03-10 07:22 243200]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
    "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 01:00 385024]
    "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 12:28 45056]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
    "lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 10:11 291760]
    "Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 10:12 304048]
    "EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 10:11 82864]
    "LXCTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 13:27 106496]
    "M-Audio Taskbar Icon"="C:\Windows\System32\M-AudioTaskBarIcon.exe" [2008-01-08 10:55 210952]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 11:26 1232152]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-19 16:52 2686608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]

    C:\Users\mykey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ValidateAdminCodeSignatures"= 1 (0x1)
    "FilterAdministratorToken"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\Users\mykey\AppData\Local\Temp\wvUoPffd

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{D77F655C-70EC-4003-A648-C6659AE685DA}"= Profile=Private|C:\Program Files\CyberLink\MagicSports\MagicSports.exe:_this_program_will_be_deleted
    "{7705B9AE-0422-4281-816F-04877B89166D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C32FF51D-E2B3-466E-A9E7-24F47F14D6CC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "TCP Query User{9C276841-DEED-4D9D-9908-96BC4F0950C9}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{93EDEC56-5FDD-427D-9157-E0AE1767FDAA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{55E94E0A-E2C6-4F42-A014-5BAB49CA5472}"= UDP:C:\Program Files\DNA\btdna.exe:D NA
    "{8F904B13-0DC8-4EFD-9C85-1444FC65732E}"= TCP:C:\Program Files\DNA\btdna.exe:D NA
    "{B1B43E9A-C5A5-4FCE-BBC7-9E594CB0141C}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{A2350CD5-904E-49C5-831E-257752B4BE12}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{46EF7893-DCFC-47C4-99D8-90DD3DDA4393}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{4DFDAC2C-9548-4FD6-A655-7CCD572AEA48}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{64D54478-10C0-4D12-A44A-6F49AADE08DF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{386F98AC-0FAB-4ACF-9D37-3CE926B5FDB7}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{80B17313-29FA-4D0E-BA27-02B8ADDCBB89}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{18BADD5D-B3BF-48F2-92E5-8A298BAC9BD8}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "TCP Query User{7D443798-3D7D-41C9-BC08-C689C79A3A8A}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{0D7A1AA9-82F4-4A68-BAB1-E23552EB445A}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "{B5D89548-75E6-4FC4-A89E-1FD14C4401B5}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "{95E2E7E8-05D5-467B-BF13-488948817175}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "{47C9D801-0A0C-4F2D-88A9-6813B94CDEF3}"= UDP:C:\Program Files\Lavasoft\Ad-Aware 2007\lsupdatemanager.exe:Ad-Aware Update Manager
    "{8040BA10-DAEE-473A-8AB5-7C4260F12FFA}"= TCP:C:\Program Files\Lavasoft\Ad-Aware 2007\lsupdatemanager.exe:Ad-Aware Update Manager
    "{F64B2ADB-599D-4342-9B59-7AAFDC32DA9D}"= UDP:C:\Program Files\Lexmark 5400 Series\lxctmon.exe:D evice Monitor
    "{D943CE1D-142D-4657-A57C-C518CFF577FF}"= TCP:C:\Program Files\Lexmark 5400 Series\lxctmon.exe:D evice Monitor
    "{4B3D6D22-0031-409D-827B-44C0B25E95DD}"= UDP:C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
    "{93C3D34B-A85D-48BF-B21C-D4F4752041BF}"= TCP:C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
    "{364918A9-AAB8-457C-8C2D-A6AEA655F104}"= UDP:C:\Windows\System32\lxctcoms.exe:Lexmark Communications System
    "{5A78F188-E5D7-42D1-B16A-CD5B45DB8C0A}"= TCP:C:\Windows\System32\lxctcoms.exe:Lexmark Communications System
    "{571B7D0B-578B-44E5-A5DE-3E0D30D0AA3F}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "{C03DB7B9-1804-45C7-A44E-A158C66CD11D}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Internet - Firefox
    "TCP Query User{3434B88F-9AD7-4A3D-BA89-4781081DE179}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{C6AF7BEA-B0FF-4AE9-9325-851D237BEE73}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{B5B4A5EA-405F-4FD0-87DB-C15BC5CFAECF}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{FE8A8D63-B37F-46B0-8D3F-1BD058FA5C79}C:\\users\\mykey\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\mykey\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "TCP Query User{DE36F7EB-1256-485D-9782-DBA692AA944A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{E85745CB-41FB-48CB-9645-AAFE270A1114}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "{3E16262D-4E1D-49DA-93B1-91D88E07B9D0}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
    "{573D2CE4-A01A-4C2A-8EF2-F051CC6F9E9F}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
    "{05411C22-3AE4-4897-9179-CCE50771F21A}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
    "{D8FD08F4-7F99-475A-956A-3870EC64B84B}"= UDP:C:\Program Files\DNA\btdna.exe:D NA
    "{817C9A1B-5A42-400C-AEA7-7F21064C5EDE}"= TCP:C:\Program Files\DNA\btdna.exe:D NA

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-06-26 21:21]
    R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 14:38]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
    S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    S1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-06-26 21:21]
    S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-08 11:26]
    S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 11:26]
    S2 MAudioFTUService;M-Audio Fast Track Ultra Installer;C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe []
    S3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-06-26 21:21]
    S3 MAUSBRI;M-Audio Fast Track Ultra Service;C:\Windows\system32\DRIVERS\mausbftu.sys [2008-01-08 10:55]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \shell\AutoRun\command - D:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4972a37d-d883-11dc-a576-001b24a3c163}]
    \shell\Auto\command - activexdebugger32.exe f
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e
    \shell\explore\Command - activexdebugger32.exe f
    \shell\open\Command - activexdebugger32.exe f

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5567b96a-da52-11dc-8138-001b24a3c163}]
    \shell\AutoRun\command - H:\LaunchU3.exe
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-20 23:18:20
    Windows 6.0.6000 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Windows\HelpPane.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-20 23:21:48 - machine was rebooted [mykey]
    ComboFix-quarantined-files.txt 2008-07-20 21:21:37
    ComboFix2.txt 2008-07-20 12:57:37

    Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 22,677,127,168 octets libres

    241 --- E O F --- 2008-07-18 10:57:06
    20 Juillet 2008 23:33:12

    je suis le processus que tu m'avais indiqué plus haut
    avec anti malware
    21 Juillet 2008 00:29:42

    rapport anti malware

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 971
    Windows 6.0.6000

    00:22:32 21/07/2008
    mbam-log-7-21-2008 (00-22-32).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|J:\|)
    Eléments examinés: 162354
    Temps écoulé: 31 minute(s), 44 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    21 Juillet 2008 11:55:15

    Je sais que c'est le mois de juillet, et que t'es bénévole et tout ça, mais ça fait 2 jours que j'essaie de résoudre mes problèmes d'ordi et j'ai un taf de ouf!
    stp XmichouX, qu'est ce que je dois faire maintenant?
    merci!!
    21 Juillet 2008 12:05:32

    J'ai sorti un rapport hijack pour gagner un peu de temps!




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:56:33, on 21/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\mykey\Program Files\DNA\btdna.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hiajckthis\HijackThis.exe
    C:\PROGRA~1\MICROS~2\WksWP.exe
    C:\PROGRA~1\MICROS~2\WkDStore.exe
    C:\PROGRA~1\MICROS~2\wkgdcach.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\mykey\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: M-Audio Fast Track Ultra Installer (MAudioFTUService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 10666 bytes
    21 Juillet 2008 12:34:54

    Re,

    Je te conseille de supprimer C:\Users\Public\USB.PlugSound.All.Plugins.v1.82.KeyGen.exe

    Télécharge et exécute : http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur download the latest version.
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau.
    - Contrôler automatiquement les mises à jour de CCleaner.
  • Lance le Nettoyage.
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    21 Juillet 2008 16:25:03

    Yes
    C'est cool je crois que ça touche à sa fin
    avant de poster le rapport, j'ai juste une question: tu me conseilles de garder avg ou antivir?

    Voila le rapport antivir fait sous mode sans echec



    Avira AntiVir Personal
    Report file date: lundi 21 juillet 2008 14:24

    Scanning for 1485342 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Boot mode: Save mode
    Username: mykey
    Computer name: PC-DE-MYKEY

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 11:32:45
    ANTIVIR2.VDF : 7.0.5.119 1264128 Bytes 15/07/2008 11:32:47
    ANTIVIR3.VDF : 7.0.5.143 451584 Bytes 21/07/2008 11:32:48
    Engineversion : 8.1.1.11
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 21/07/2008 11:32:59
    AESCN.DLL : 8.1.0.23 119156 Bytes 21/07/2008 11:32:58
    AERDL.DLL : 8.1.0.20 418165 Bytes 21/07/2008 11:32:58
    AEPACK.DLL : 8.1.2.1 364917 Bytes 21/07/2008 11:32:57
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 21/07/2008 11:32:57
    AEHEUR.DLL : 8.1.0.43 1339767 Bytes 21/07/2008 11:32:56
    AEHELP.DLL : 8.1.0.15 115063 Bytes 21/07/2008 11:32:55
    AEGEN.DLL : 8.1.0.29 307573 Bytes 21/07/2008 11:32:54
    AEEMU.DLL : 8.1.0.6 430451 Bytes 21/07/2008 11:32:52
    AECORE.DLL : 8.1.1.6 172405 Bytes 21/07/2008 11:32:49
    AEBB.DLL : 8.1.0.1 53617 Bytes 21/07/2008 11:32:49
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, F:, J:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 21 juillet 2008 14:24

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    18 processes with 18 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '26' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\C\Users\mykey\AppData\Local\Temp\wvUoPffd.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was deleted!
    C:\Toolbar SD\Backup-TB\Program Files\PCHealthCenter\0.exe
    [DETECTION] Is the Trojan horse TR/Spy.Agent.KCD
    [NOTE] The file was deleted!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'J:\'
    Search path J:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: lundi 21 juillet 2008 15:40
    Used time: 1:15:52 min

    The scan has been done completely.

    13829 Scanning directories
    288271 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    2 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    288269 Files not concerned
    4701 Archives were scanned
    2 Warnings
    2 Notes

    21 Juillet 2008 17:40:16

    AVG Me dit qu'il y a encore deux rootkit dans le hidden drive...
    Comment m'en debarrasser?
    21 Juillet 2008 18:31:31

    AVG anti-rootkit ?

    Télécharge Gmer.

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche tout.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    22 Juillet 2008 12:54:50

    je n'ai pas eu de notif mail pour ta reponse, d'ou mon retard!j'ai tvoila le rapport gmer fit sous mode sans echec sinon il ne s'ouvrait pas!

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-07-22 12:29:20
    Windows 6.0.6000


    ---- System - GMER 1.0.14 ----

    INT 0x52 ? 865BBBF8
    INT 0x62 ? 84B52BF8
    INT 0x72 ? 84B52BF8
    INT 0x82 ? 84B57BF8
    INT 0x92 ? 84B51BF8
    INT 0x92 ? 865BBBF8
    INT 0x92 ? 865BBBF8
    INT 0x92 ? 84B51BF8
    INT 0xA3 ? 865BBBF8
    INT 0xB2 ? 865BBBF8

    ---- Kernel code sections - GMER 1.0.14 ----

    ? System32\Drivers\spai.sys Le fichier spécifié est introuvable. !
    .text USBPORT.SYS!DllUnload 8CE6BFEB 5 Bytes JMP 865BB1D8
    .text al2kqq0t.SYS 8E653000 22 Bytes [ 1A, 72, 7A, 82, 04, 71, 7A, ... ]
    .text al2kqq0t.SYS 8E653017 41 Bytes [ 00, 99, 07, 48, 80, A4, 05, ... ]
    .text al2kqq0t.SYS 8E653041 53 Bytes [ BE, 48, 82, D0, BD, 48, 82, ... ]
    .text al2kqq0t.SYS 8E653077 85 Bytes [ 82, A6, 2E, 48, 82, CC, 85, ... ]
    .text al2kqq0t.SYS 8E6530CE 73 Bytes [ 00, 00, 00, 00, 01, C2, 03, ... ]
    .text ...

    ---- User code sections - GMER 1.0.14 ----

    .text C:\Users\mykey\Desktop\gmer.exe[1800] ntdll.dll!NtCreateFile + 3 778AF417 2 Bytes [ 7A, FA ]

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [807026D2] \SystemRoot\System32\Drivers\spai.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80702040] \SystemRoot\System32\Drivers\spai.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [807027FC] \SystemRoot\System32\Drivers\spai.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [807020BE] \SystemRoot\System32\Drivers\spai.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8070213C] \SystemRoot\System32\Drivers\spai.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80712048] \SystemRoot\System32\Drivers\spai.sys
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortNotification] 000000DC
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000190
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000182
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortMoveMemory] 00000363
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortReadPortUshort] 00000258
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000030E
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 0000017E
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortInitialize] 00000254
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
    IAT \SystemRoot\System32\Drivers\al2kqq0t.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 84B5B1F8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF dynamique/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF dynamique/Microsoft Corporation)

    Device \Driver\volmgr \Device\VolMgrControl 84B541F8
    Device \Driver\PCI_PNP5503 \Device\00000051 spai.sys
    Device \Driver\usbuhci \Device\USBPDO-0 866054B0
    Device \Driver\usbuhci \Device\USBPDO-1 866054B0
    Device \Driver\usbehci \Device\USBPDO-2 866061F8
    Device \Driver\usbuhci \Device\USBPDO-3 866054B0
    Device \Driver\sptd \Device\513637530 spai.sys
    Device \Driver\usbuhci \Device\USBPDO-4 866054B0
    Device \Driver\usbuhci \Device\USBPDO-5 866054B0
    Device \Driver\usbehci \Device\USBPDO-6 866061F8
    Device \Driver\volmgr \Device\HarddiskVolume1 84B541F8
    Device \Driver\volmgr \Device\HarddiskVolume2 84B541F8
    Device \Driver\cdrom \Device\CdRom0 866D21F8
    Device \Driver\cdrom \Device\CdRom1 866D21F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84B581F8
    Device \Driver\atapi \Device\Ide\IdePort0 84B581F8
    Device \Driver\atapi \Device\Ide\IdePort1 84B581F8
    Device \Driver\cdrom \Device\CdRom2 866D21F8
    Device \Driver\iScsiPrt \Device\RaidPort0 867441F8
    Device \Driver\usbuhci \Device\USBFDO-0 866054B0
    Device \Driver\usbuhci \Device\USBFDO-1 866054B0
    Device \Driver\usbehci \Device\USBFDO-2 866061F8
    Device \Driver\usbuhci \Device\USBFDO-3 866054B0
    Device \Driver\usbuhci \Device\USBFDO-4 866054B0
    Device \Driver\usbuhci \Device\USBFDO-5 866054B0
    Device \Driver\usbehci \Device\USBFDO-6 866061F8
    Device \Driver\VClone \Device\Scsi\VClone1 84B561F8
    Device \Driver\VClone \Device\Scsi\VClone1Port0Path0Target0Lun0 84B561F8
    Device \Driver\al2kqq0t \Device\Scsi\al2kqq0t1 867101F8
    Device \Driver\JRAID \Device\Scsi\JRAID1 84B5A1F8
    Device \Driver\al2kqq0t \Device\Scsi\al2kqq0t1Port6Path0Target0Lun0 867101F8
    Device \FileSystem\cdfs \Cdfs 865CE1F8

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x80 0xDA 0xDB 0x6D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1D 0xA4 0xB8 0xE3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xB5 0xB4 0x91 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0xE2 0x6D 0xA0 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x80 0xDA 0xDB 0x6D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x1D 0xA4 0xB8 0xE3 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xDB 0xB5 0xB4 0x91 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0xE2 0x6D 0xA0 ...

    ---- EOF - GMER 1.0.14 ----
    22 Juillet 2008 14:19:05

    Peux-tu me poster celui de Avg ?
    22 Juillet 2008 14:49:22

    Re XmichouX
    est ce que dans l'état de mon ordi, j'envoie des trojan quand j'e mail?
    22 Juillet 2008 17:17:56

    je n'avais pas vu que tu m'avais laissé un message...je ne peux pas sortir de rapport avg, mais par contre J'ai fait un antivir



    Avira AntiVir Personal
    Report file date: 2008-07-21 22:39

    Scanning for 1485342 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PC-DE-MYKEY

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 11:32:45
    ANTIVIR2.VDF : 7.0.5.119 1264128 Bytes 2008-07-15 11:32:47
    ANTIVIR3.VDF : 7.0.5.143 451584 Bytes 2008-07-21 11:32:48
    Engineversion : 8.1.1.11
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 2008-07-21 11:32:59
    AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-21 11:32:58
    AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-21 11:32:58
    AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-21 11:32:57
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 2008-07-21 11:32:57
    AEHEUR.DLL : 8.1.0.43 1339767 Bytes 2008-07-21 11:32:56
    AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-21 11:32:55
    AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-07-21 11:32:54
    AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-21 11:32:52
    AECORE.DLL : 8.1.1.6 172405 Bytes 2008-07-21 11:32:49
    AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-21 11:32:49
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-07-21 22:39

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleDesktopCrawl.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ieuser.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleDesktopIndex.exe' - '1' Module(s) have been scanned
    Scan process 'a2scan.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'btdna.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'a2guard.exe' - '1' Module(s) have been scanned
    Scan process 'M-AudioTaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'ezprint.exe' - '1' Module(s) have been scanned
    Scan process 'lxctmon.exe' - '1' Module(s) have been scanned
    Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
    Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'avgemc.exe' - '1' Module(s) have been scanned
    Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
    Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
    Scan process 'avgam.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
    Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
    Scan process 'NBService.exe' - '1' Module(s) have been scanned
    Scan process 'lxctcoms.exe' - '1' Module(s) have been scanned
    Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    71 processes with 71 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '17' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: 2008-07-22 00:43
    Used time: 2:03:46 min

    The scan has been done completely.

    14441 Scanning directories
    345098 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    345098 Files not concerned
    5631 Archives were scanned
    3 Warnings
    0 Notes

    22 Juillet 2008 18:24:23

    ok .
    voila le scan avg



    Avira AntiVir Personal
    Report file date: 2008-07-21 22:39

    Scanning for 1485342 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PC-DE-MYKEY

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 11:32:45
    ANTIVIR2.VDF : 7.0.5.119 1264128 Bytes 2008-07-15 11:32:47
    ANTIVIR3.VDF : 7.0.5.143 451584 Bytes 2008-07-21 11:32:48
    Engineversion : 8.1.1.11
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 2008-07-21 11:32:59
    AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-21 11:32:58
    AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-21 11:32:58
    AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-21 11:32:57
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 2008-07-21 11:32:57
    AEHEUR.DLL : 8.1.0.43 1339767 Bytes 2008-07-21 11:32:56
    AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-21 11:32:55
    AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-07-21 11:32:54
    AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-21 11:32:52
    AECORE.DLL : 8.1.1.6 172405 Bytes 2008-07-21 11:32:49
    AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-21 11:32:49
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-07-21 22:39

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleDesktopCrawl.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ieuser.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleDesktopIndex.exe' - '1' Module(s) have been scanned
    Scan process 'a2scan.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'CPSHelpRunner.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'btdna.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'a2guard.exe' - '1' Module(s) have been scanned
    Scan process 'M-AudioTaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'ezprint.exe' - '1' Module(s) have been scanned
    Scan process 'lxctmon.exe' - '1' Module(s) have been scanned
    Scan process 'VCDDaemon.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
    Scan process 'RoxWatchTray9.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'RoxMediaDB9.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'avgemc.exe' - '1' Module(s) have been scanned
    Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
    Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
    Scan process 'avgam.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
    Scan process 'RoxWatch9.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
    Scan process 'NBService.exe' - '1' Module(s) have been scanned
    Scan process 'lxctcoms.exe' - '1' Module(s) have been scanned
    Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    71 processes with 71 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '17' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: 2008-07-22 00:43
    Used time: 2:03:46 min

    The scan has been done completely.

    14441 Scanning directories
    345098 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    345098 Files not concerned
    5631 Archives were scanned
    3 Warnings
    0 Notes

    22 Juillet 2008 18:45:09

    Re,

    C'est ça qui ait trouvé par AVG ? -> al2kqq0t.SYS
    Tu peux faire une capture d'écran ?
    Tuto Screenshot
    22 Juillet 2008 21:25:01

    ok
    voila l'ecran roottkit

    22 Juillet 2008 23:55:39

    Re,

    Le deuxième n'est pas nocif.

    Essaie d'arrêter/supprimer le premier avec les options (via clique droit je suppose).
    23 Juillet 2008 01:13:04

    non, ça me dit access denied
    peut etre en mode sans echec?
    23 Juillet 2008 02:12:58

    Ouais essaie :) 
    24 Juillet 2008 12:46:33

    Bon, c'est de pire en pire!!
    1.Mes pages internet mettent 5 bonnes minutes à s'ouvrir(mails, forum, tout)
    2.aVG me dit qu'il y a toujours un rootkit(pas removable) :
    a6K1gs5g.SYS
    3.certains de mes dossiers compressés ne veulent pas s'ouvrir, ainsi que certains programmes en mode normal, et aussi par exemple, mon cubase sx ne veut plus s'ouvrir en "administrateur" ce qui est utile pour entrer le code d'enregistrement de cerains logiciels de son! ça me dit"une reponse a ete renvoyee par le serveur"
    EST ce que c'est vista qui bloque certains programmes crackés?
    J'ai vraiment besoin de ton aide, c'est la cata...
    24 Juillet 2008 14:51:50

    Poste un nouveau rapport HijackThis ...

    Télécharge Blacklight (de F-Secure) sur ton Bureau.

  • Double-clique sur fsbl.exe et accepte la licence.
  • Clique sur Scan puis sur Next.
  • Ne choisis pas l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe.
  • Poste ici le rapport nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres) qui se trouve sur ton Bureau.
    26 Juillet 2008 17:14:59

    voila le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:14:24, on 26/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Lexmark 5400 Series\ezprint.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Hiajckthis\HijackThis.exe
    C:\PROGRA~1\MICROS~2\WksWP.exe
    C:\PROGRA~1\MICROS~2\WkDStore.exe
    C:\PROGRA~1\MICROS~2\wkgdcach.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT109864...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\mykey\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Unknown owner - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe (file missing)
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: M-Audio Fast Track Ultra Installer (MAudioFTUService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 10635 bytes
    26 Juillet 2008 22:01:16

    J'attends le rapport blacklight :) 
    27 Juillet 2008 00:31:35

    j'ai fait le scan black light 2 fois, mais a chaque fois le rapport ne veut pas s ouvrir sur word il dit qu'il est endommagé!
    je ne peux que te coller le rapport sur bloc note, je doute que tu puisses t'en servir, propose moi un autre programme que blacklight stp

    07/26/08 21:06:37 [Info]: BlackLight Engine 1.0.70 initialized
    07/26/08 21:06:37 [Info]: OS: 6.0 build 6000 ()
    07/26/08 21:06:37 [Note]: 7019 4
    07/26/08 21:06:37 [Note]: 7005 0
    07/26/08 21:06:40 [Note]: 7006 0
    07/26/08 21:06:40 [Note]: 7027 0
    07/26/08 21:06:40 [Note]: 7035 0
    07/26/08 21:06:40 [Note]: 7026 0
    07/26/08 21:06:40 [Note]: 7026 0
    07/26/08 21:06:43 [Note]: FSRAW library version 1.7.1024
    07/27/08 00:23:30 [Note]: 7007 0
    27 Juillet 2008 00:51:13

    Re,

    Je pense que tu n'es plus infecté.
    Tu as toujours des problèmes ?
    1 Août 2008 12:01:39

    Re,

    cool merci
    oui toujours des problemes:
    qhand je tente d'ouvrir des programmes de son, genre cubase ou meme des install qui fonctionnaient parfaitement jusqu'à maintenant, ça me dit "une reponse a ete renvoyee du serveur"
    est ce qu'il y a un moyen de restorer une config anterieure du genre il y a deux semaines?
    Je crois que ça vient des spies de vista,suite a toutes les manip qu 'on a faites, et scan et compagnie... t du fait que la plupart de mes mes prog sont downloades sur le net...Donc si tu sais comment m'aider c'est chanmé vu que meme les install ne fonctionnent plus!!
    de plus J'ai toujours un rootkit d'après AVG:

    C\windows\system32\drivers\a1ehccj4.SYS (hidden driver)
    1 Août 2008 20:39:37

    Re,

    Clique sur démarrer --> exécuter, tape regedit puis valide par ok.
    (Si tu es sous Vista, clique seulement sur démarrer, tape regedit et valide par entrée)

    Navigue jusqu'à cette clef :

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, puis regarde à droite la valeur et double clique sur: ValidateAdminCodeSignatures.
    Si la valeur par défaut est: (1) donc activé, tape 0 pour desactiver puis OK.

    ****************

    Pour le rootkit, je vais me renseigner !
    2 Août 2008 10:27:08

    Re,

    Refais une analyse Gmer, poste son rapport.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS