Se connecter / S'enregistrer
Votre question

spyshredder

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Juillet 2008 12:35:23

bonjour

il y a quelques jours, le logiciel espion spyshredder c'est installé sur mon ordi. Je n'ai pas réussi a le supprimer completement, et maintenant quand je demarre le pc, arriver sur la page de bienvenue de windows xp, le pc redemarre tout seul, rien a faire, j'ai essayé en mode sans echec, pareil.

je ne pourrais donc pas vous donner les details exact de l'ordinateur, mais e ngros:
768 MO de ram
windows xp, SP2
AMD athlon 1800+(1.53 GHz)



J'ai donc la un sérieux probleme. Merci pour votre aide .

Autres pages sur : spyshredder

21 Juillet 2008 12:39:29

Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    21 Juillet 2008 12:59:17

    J'ai debranché l'ordi pdt 5 minutes, et maitenant cest bon, je peux accéder au bureau.

    Je vais pouvoir faire ce que tu mdemandes

    EDIT: voici le rapport
    merci pour ton aide, j'espere que tu vas pouvoir m'aider jusqu'au bout ^^

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:55:59, on 21/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WIN\System32\smss.exe
    C:\WIN\system32\winlogon.exe
    C:\WIN\system32\services.exe
    C:\WIN\system32\lsass.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\System32\svchost.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\Explorer.EXE
    C:\WIN\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WIN\system32\RUNDLL32.EXE
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\WIN\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WIN\system32\nvsvc32.exe
    C:\WIN\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WIN\System32\svchost.exe
    C:\WIN\system32\wuauclt.exe
    C:\WIN\system32\wscntfy.exe
    C:\WIN\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WIN\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WIN\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur ANTOINE] C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur ANTOINE" /O21 "\\ANTOINE\Imprimante2" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\win\system32\nwprovau.dll
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O21 - SSODL: UpdateCheck - {D66FEC0F-2123-4657-95DE-A07303584DA9} - (no file)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN\system32\nvsvc32.exe

    --
    End of file - 7703 bytes
    21 Juillet 2008 18:11:06

    Re,

    Télécharge SmitfraudFix (de S!ri).

  • Enregistre le sur ton Bureau.
  • Lance-le en double cliquant sur SmitfraudFix.exe
  • Appuie sur une touche comme demandé.
  • Exécute l’option 1, un rapport va apparaître, poste le.

    Le rapport se trouve ici : C:\rapport.txt
    22 Juillet 2008 16:38:59

    mon antivirus a detecté 3 virus lorsque j'ai double cliqué sur SmitfraudFix.exe


    et celui est revenu plusieurs fois



    Alors j'ai fait "ignore" et j'ai continué
    22 Juillet 2008 16:48:12

    voila le rapport de smitfraudfix:
    encore merci ^^

    SmitFraudFix v2.331

    Rapport fait à 16:44:53,57, 22/07/2008
    Executé à partir de C:\Documents and Settings\PC\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WIN\System32\smss.exe
    C:\WIN\system32\winlogon.exe
    C:\WIN\system32\services.exe
    C:\WIN\system32\lsass.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\System32\svchost.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\system32\spoolsv.exe
    C:\WIN\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WIN\system32\RUNDLL32.EXE
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\WIN\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WIN\system32\nvsvc32.exe
    C:\WIN\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WIN\system32\wscntfy.exe
    C:\WIN\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\WIN\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WIN


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WIN\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WIN\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WIN\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WIN\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PC


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PC\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PC\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WIN\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{FC704792-8CB9-4D40-AFA9-B9187643C0E9}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{FC704792-8CB9-4D40-AFA9-B9187643C0E9}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{FC704792-8CB9-4D40-AFA9-B9187643C0E9}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin



    22 Juillet 2008 18:40:28

    Re,

    Télécharge SDFix (d’Andy Manchesta).

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<
    22 Juillet 2008 19:45:16

    le rapport SDFix:


    SDFix: Version 1.207
    Run by PC on 2008-07-22 at 19:27

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-22 19:38:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:b5,f5,aa,a8,75,d3,2c,27,fa,f6,c4,2b,12,a3,bf,da,99,ac,94,a8,14,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:07,63,1d,59,c3,7c,9f,d3,9e,19,1d,6d,74,cb,6a,e4,32,01,5d,45,b2,..
    "a0"=hex:20,01,00,00,38,2f,46,db,b8,60,e9,44,78,89,d8,a1,7c,5a,da,13,1e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:fd,2c,23,9d,e1,cf,b7,32,d5,a1,4d,ff,ea,86,ce,a7,20,0c,70,c0,9b,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:b5,f5,aa,a8,75,d3,2c,27,fa,f6,c4,2b,12,a3,bf,da,99,ac,94,a8,14,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "khjeh"=hex:07,63,1d,59,c3,7c,9f,d3,9e,19,1d,6d,74,cb,6a,e4,32,01,5d,45,b2,..
    "a0"=hex:20,01,00,00,38,2f,46,db,b8,60,e9,44,78,89,d8,a1,7c,5a,da,13,1e,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:fd,2c,23,9d,e1,cf,b7,32,d5,a1,4d,ff,ea,86,ce,a7,20,0c,70,c0,9b,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:D isabled:eMule"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:p MSRegisterFile"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:p MSRegisterFile"
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
    "C:\\Westwood\\AR2\\Game.exe"="C:\\Westwood\\AR2\\Game.exe:*:Enabled:Main executable for Red Alert 2"
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files :



    Files with Hidden Attributes :

    Thu 5 Aug 2004 94,864 ..SH. --- "C:\WIN\twain.dll"
    Thu 5 Aug 2004 50,688 ..SH. --- "C:\WIN\twain_32.dll"
    Thu 5 Aug 2004 1,028,096 ..SH. --- "C:\WIN\system32\mfc42.dll"
    Thu 5 Aug 2004 54,784 ..SH. --- "C:\WIN\system32\msvcirt.dll"
    Thu 5 Aug 2004 413,696 ..SH. --- "C:\WIN\system32\msvcp60.dll"
    Thu 5 Aug 2004 343,040 ..SH. --- "C:\WIN\system32\msvcrt.dll"
    Tue 4 Dec 2007 550,912 ..SH. --- "C:\WIN\system32\oleaut32.dll"
    Thu 5 Aug 2004 83,456 ..SH. --- "C:\WIN\system32\olepro32.dll"
    Thu 5 Aug 2004 12,288 ..SH. --- "C:\WIN\system32\regsvr32.exe"
    Thu 29 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 31 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WIN\DRM\DRMv1.bak"
    Sat 3 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 31 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WIN\DRM\Cache\Indiv01.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT5.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT8.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITC.tmp"
    Thu 8 May 2008 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BITE.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT3.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT9.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT6.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITB.tmp"
    Thu 10 Jul 2008 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\b5ceb6274f4d7fd206d6adab3df8e834\BIT7.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT7.tmp"
    Thu 13 Dec 2007 0 A..H. --- "C:\WIN\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITA.tmp"
    Thu 29 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\Didier\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Mon 28 Aug 2006 20 A..H. --- "C:\Documents and Settings\Didier\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Sun 1 Jan 2006 312 A.SH. --- "C:\Documents and Settings\Didier\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
    Thu 29 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\PC\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Mon 28 Aug 2006 20 A..H. --- "C:\Documents and Settings\PC\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Sun 1 Jan 2006 312 A.SH. --- "C:\Documents and Settings\PC\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

    Finished!

    22 Juillet 2008 23:45:44

    OK..

    Poste un nouveau rapport HIjackThis.
    23 Juillet 2008 13:11:29

    rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:11, on 2008-07-23
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WIN\System32\smss.exe
    C:\WIN\system32\winlogon.exe
    C:\WIN\system32\services.exe
    C:\WIN\system32\lsass.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\System32\svchost.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\Explorer.EXE
    C:\WIN\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WIN\system32\nvsvc32.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WIN\system32\RUNDLL32.EXE
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WIN\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WIN\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WIN\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur ANTOINE] C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur ANTOINE" /O21 "\\ANTOINE\Imprimante2" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\win\system32\nwprovau.dll
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O21 - SSODL: UpdateCheck - {D66FEC0F-2123-4657-95DE-A07303584DA9} - (no file)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN\system32\nvsvc32.exe

    --
    End of file - 7485 bytes
    23 Juillet 2008 16:19:39

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    23 Juillet 2008 20:16:21

    Malwarebytes' Anti-Malware 1.22
    Version de la base de données: 982
    Windows 5.1.2600 Service Pack 2

    20:13:30 23/07/2008
    mbam-log-7-23-2008 (20-13-30).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 174679
    Temps écoulé: 2 hour(s), 14 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 39

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Program Files\SpyShredder\SpyShredder2.dll.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\SpyShredder\SpyShredder3.dll.vir (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP499\A0042526.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP499\A0042527.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP499\A0042559.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP499\A0042560.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP501\A0042588.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP501\A0042589.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP501\A0042842.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP501\A0042845.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP501\A0043876.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP501\A0043877.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP503\A0043941.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP503\A0043942.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP511\A0101420.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{CC384C1E-96A6-413D-8F64-1594DFB55C76}\RP511\A0101421.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095630.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095632.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095633.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095634.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095635.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095636.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095637.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095638.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095639.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095640.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095641.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095642.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095643.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095647.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095648.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095649.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095650.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095652.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095653.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095654.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F07AF366-446F-468F-9C82-E0DB4D6DBFCD}\RP619\A0095758.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\WIN\lnk_dados_1.dll (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Didier\Bureau\Repair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    24 Juillet 2008 14:42:07

    J'aimerais vérifier s'il y a des restes :

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    24 Juillet 2008 16:20:56

    ComboFix 08-07-23.5 - PC 2008-07-24 16:01:29.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.457 [GMT 2:00]
    Endroit: C:\Documents and Settings\PC\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-23 16:56 . 2008-07-23 16:56 <REP> d-------- C:\Documents and Settings\PC\Application Data\Malwarebytes
    2008-07-23 16:56 . 2008-07-23 16:56 <REP> d-------- C:\Documents and Settings\All Users.WIN\Application Data\Malwarebytes
    2008-07-23 16:56 . 2008-07-20 20:25 17,144 --a------ C:\WIN\system32\drivers\mbam.sys
    2008-07-23 16:55 . 2008-07-23 16:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-23 16:55 . 2008-07-20 20:25 38,472 --a------ C:\WIN\system32\drivers\mbamswissarmy.sys
    2008-07-22 19:21 . 2008-07-22 19:21 <REP> d-------- C:\WIN\ERUNT
    2008-07-22 19:10 . 2008-07-22 19:41 <REP> d-------- C:\SDFix
    2008-07-22 16:44 . 2008-07-22 16:45 4,752 --a------ C:\WIN\system32\tmp.reg
    2008-07-22 16:33 . 2007-09-06 00:22 289,144 --a------ C:\WIN\system32\VCCLSID.exe
    2008-07-22 16:33 . 2006-04-27 17:49 288,417 --a------ C:\WIN\system32\SrchSTS.exe
    2008-07-22 16:33 . 2008-05-29 09:35 86,528 --a------ C:\WIN\system32\VACFix.exe
    2008-07-22 16:33 . 2008-05-18 21:40 82,944 --a------ C:\WIN\system32\IEDFix.exe
    2008-07-22 16:33 . 2008-07-02 13:33 82,432 --a------ C:\WIN\system32\IEDFix.C.exe
    2008-07-22 16:33 . 2008-05-23 18:21 81,920 --a------ C:\WIN\system32\404Fix.exe
    2008-07-22 16:33 . 2003-06-05 21:13 53,248 --a------ C:\WIN\system32\Process.exe
    2008-07-22 16:33 . 2004-07-31 18:50 51,200 --a------ C:\WIN\system32\dumphive.exe
    2008-07-22 16:33 . 2007-10-04 00:36 25,600 --a------ C:\WIN\system32\WS2Fix.exe
    2008-07-22 13:11 . 2007-02-10 20:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-07-22 13:11 . 2007-02-10 20:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-07-22 13:11 . 2007-02-13 13:06 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-07-22 13:11 . 2007-02-10 20:15 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-07-22 13:11 . 2007-02-10 20:15 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-07-22 13:11 . 2007-02-10 20:15 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-07-22 13:11 . 2007-02-10 20:15 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-07-22 13:11 . 2008-07-22 13:11 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-07-21 12:55 . 2008-07-21 12:55 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-14 18:48 . 2008-07-14 18:48 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Mes documents
    2008-07-13 14:50 . 2008-07-13 16:32 <REP> d-------- C:\Program Files\Enigma Software Group
    2008-07-12 08:59 . 2008-07-12 08:59 371 --a------ C:\6D73776D706461742E746C62FA.tmp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-24 01:01 --------- d-----w C:\Documents and Settings\All Users.WIN\Application Data\Microsoft Help
    2008-07-21 10:54 --------- d-----w C:\Program Files\Cleaner 5 EZ
    2008-07-21 10:53 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-06-20 17:41 247,808 ----a-w C:\WIN\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WIN\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WIN\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WIN\system32\drivers\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WIN\system32\drivers\bthport.sys
    2008-05-30 16:15 --------- d-----w C:\Program Files\Orange
    2008-05-30 16:14 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
    2008-05-30 16:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-30 16:09 --------- d-----w C:\Program Files\Securitoo
    2008-05-30 16:09 --------- d-----w C:\Program Files\SAGEM
    2008-05-07 05:15 1,293,824 ----a-w C:\WIN\system32\quartz.dll
    2007-02-01 11:18 27,728 -c--a-w C:\Documents and Settings\Didier\Application Data\GDIPFONTCACHEV1.DAT
    2006-04-01 14:09 10,704,584 -c--a-w C:\Program Files\setupfre.exe
    2002-07-26 16:02 153,088 -c--a-w C:\Program Files\UNWISE.EXE
    2004-08-05 12:00 94,864 -csh--w C:\WIN\twain.dll
    2004-08-05 12:00 50,688 --sh--w C:\WIN\twain_32.dll
    2004-08-05 12:00 1,028,096 --sh--w C:\WIN\system32\mfc42.dll
    2004-08-05 12:00 54,784 -csh--w C:\WIN\system32\msvcirt.dll
    2004-08-05 12:00 413,696 --sh--w C:\WIN\system32\msvcp60.dll
    2004-08-05 12:00 343,040 --sh--w C:\WIN\system32\msvcrt.dll
    2007-12-04 18:41 550,912 --sh--w C:\WIN\system32\oleaut32.dll
    2004-08-05 12:00 83,456 --sh--w C:\WIN\system32\olepro32.dll
    2004-08-05 12:00 12,288 --sh--w C:\WIN\system32\regsvr32.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-23_13.49.56.78 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-26 19:55:38 138,024 ----a-r C:\WIN\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
    + 2006-10-27 14:16:36 46,864 ----a-r C:\WIN\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
    - 2008-07-09 21:02:43 1,165,584 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-07-24 01:01:09 1,165,584 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2008-07-09 21:02:45 20,240 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-07-24 01:01:10 20,240 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-07-09 21:02:44 159,504 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-07-24 01:01:09 159,504 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2008-07-09 21:02:44 217,864 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2008-07-24 01:01:10 217,864 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2008-07-09 21:02:45 18,704 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-07-24 01:01:10 18,704 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-07-09 21:02:45 35,088 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-07-24 01:01:10 35,088 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-07-09 21:02:44 845,584 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-07-24 01:01:09 845,584 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2008-07-09 21:02:44 922,384 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-07-24 01:01:10 922,384 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-07-09 21:02:45 272,648 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-07-24 01:01:10 272,648 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2008-07-09 21:02:45 888,080 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-07-24 01:01:10 888,080 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-07-09 21:02:44 1,172,240 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-07-24 01:01:09 1,172,240 ----a-r C:\WIN\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2008-07-22 17:43:11 52,764 ----a-w C:\WIN\system32\perfc009.dat
    + 2008-07-23 20:47:09 52,764 ----a-w C:\WIN\system32\perfc009.dat
    - 2008-07-22 17:43:11 63,614 ----a-w C:\WIN\system32\perfc00C.dat
    + 2008-07-23 20:47:09 63,614 ----a-w C:\WIN\system32\perfc00C.dat
    - 2008-07-22 17:43:11 380,350 ----a-w C:\WIN\system32\perfh009.dat
    + 2008-07-23 20:47:09 380,350 ----a-w C:\WIN\system32\perfh009.dat
    - 2008-07-22 17:43:11 445,016 ----a-w C:\WIN\system32\perfh00C.dat
    + 2008-07-23 20:47:09 445,016 ----a-w C:\WIN\system32\perfh00C.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WIN\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus DX3800 Series"="C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 06:00 98304]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 21:33 57344]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "NvCplDaemon"="C:\WIN\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
    "NvMediaCenter"="C:\WIN\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
    "USB2Check"="C:\WIN\system32\PCLECoInst.dll" [2006-11-06 14:31 81920]
    "PinnacleDriverCheck"="C:\WIN\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
    "PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-01-23 16:42 196608]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "Auto EPSON Stylus DX3800 Series sur ANTOINE"="C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 06:00 98304]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 16:19 266497]
    "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
    "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
    "MSConfig"="C:\WIN\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-05 14:00 160768]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WIN\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WIN\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= Pvmjpg30.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WIN^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
    path=C:\Documents and Settings\All Users.WIN\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
    backup=C:\WIN\pss\Picture Package Menu.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
    "C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
    "C:\\Westwood\\AR2\\Game.exe"=
    "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=

    R0 sonypvl3;sonypvl3;C:\WIN\system32\drivers\sonypvl3.sys [2004-09-22 12:55]
    R1 sonypvf3;sonypvf3;C:\WIN\system32\drivers\sonypvf3.sys [2004-11-15 14:55]
    R1 sonypvt3;sonypvt3;C:\WIN\system32\drivers\sonypvt3.sys [2004-12-06 15:26]
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = www.google.com
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O16 -: Microsoft XML Parser for Java - file://C:\WIN\Java\classes\xmldso.cab
    C:\WIN\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    C:\WIN\Downloaded Program Files\MDM.inf


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-24 16:04:05
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-24 16:06:12
    ComboFix-quarantined-files.txt 2008-07-24 14:06:09
    ComboFix2.txt 2008-07-23 11:50:24

    Pre-Run: 75,894,591,488 octets libres
    Post-Run: 75,885,608,960 octets libres

    183 --- E O F --- 2008-07-24 01:01:15
    24 Juillet 2008 18:27:55

    Re,

    Désinstalle Enigma Software Group ou SpyHunter et supprime le dossier dans C:\Program Files.

    Puis poste un nouveau rapport HijackThis.
    24 Juillet 2008 18:36:52

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:36:39, on 24/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WIN\System32\smss.exe
    C:\WIN\system32\winlogon.exe
    C:\WIN\system32\services.exe
    C:\WIN\system32\lsass.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\System32\svchost.exe
    C:\WIN\system32\svchost.exe
    C:\WIN\Explorer.EXE
    C:\WIN\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WIN\system32\RUNDLL32.EXE
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\WIN\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WIN\system32\nvsvc32.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WIN\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WIN\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WIN\system32\cmd.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WIN\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WIN\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WIN\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WIN\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur ANTOINE] C:\WIN\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur ANTOINE" /O21 "\\ANTOINE\Imprimante2" /M "Stylus DX3800"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WIN\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\win\system32\nwprovau.dll
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WIN\system32\nvsvc32.exe

    --
    End of file - 7542 bytes
    24 Juillet 2008 18:45:19

    Re,

    Plus de soucis ?

    J'aimerais quand même vérifier quelque chose:

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    24 Juillet 2008 19:41:58

    sinon j'ai fait un scan avec mon antivirus :
    je pars jusqu'a lundi prochain, si il y a vraiment besoin, je ferais le scan en ligne en rentrant.



    Avira AntiVir Personal
    Report file date: jeudi 24 juillet 2008 16:37

    Scanning for 1502134 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode with network
    Username: PC
    Computer name: DIDIER

    Version information:
    BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 17/07/2008 14:19:14
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 14:19:14
    LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 14:19:14
    LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 14:19:14
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 16:48:52
    ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 14:17:16
    ANTIVIR3.VDF : 7.0.5.164 243200 Bytes 24/07/2008 14:25:27
    Engineversion : 8.1.1.12
    AEVDF.DLL : 8.1.0.5 102772 Bytes 17/05/2008 14:55:52
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 18/07/2008 14:18:05
    AESCN.DLL : 8.1.0.23 119156 Bytes 16/07/2008 14:25:18
    AERDL.DLL : 8.1.0.20 418165 Bytes 17/05/2008 14:55:52
    AEPACK.DLL : 8.1.2.1 364917 Bytes 16/07/2008 14:25:17
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 14:18:00
    AEHEUR.DLL : 8.1.0.44 1343863 Bytes 24/07/2008 14:25:35
    AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 16:49:12
    AEGEN.DLL : 8.1.0.31 311669 Bytes 24/07/2008 14:25:30
    AEEMU.DLL : 8.1.0.6 430451 Bytes 17/05/2008 14:55:52
    AECORE.DLL : 8.1.1.7 172406 Bytes 24/07/2008 14:25:29
    AEBB.DLL : 8.1.0.1 53617 Bytes 17/07/2008 14:19:15
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 14:19:14
    AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 14:19:14
    AVREP.DLL : 8.0.0.1 98561 Bytes 23/07/2008 18:17:33
    AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 14:19:14
    AVARKT.DLL : 1.0.0.23 307457 Bytes 17/05/2008 14:55:51
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 14:19:14
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/05/2008 14:55:51
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 14:19:14
    NETNT.DLL : 8.0.0.1 7937 Bytes 17/05/2008 14:55:51
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 14:19:11
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 14:19:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 24 juillet 2008 16:37

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '58' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WIN\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: jeudi 24 juillet 2008 17:46
    Used time: 1:10:01 Hour(s)

    The scan has been done completely.

    10524 Scanning directories
    453239 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    453237 Files not concerned
    3479 Archives were scanned
    2 Warnings
    0 Notes

    25 Juillet 2008 13:28:02

    Ok, on verra :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS