Se connecter / S'enregistrer
Votre question

impossible d'aller sur des sites favoris ,ect....

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Juillet 2008 19:05:29

bonjour a tous je viens faire appel a vos connaissances car voila je viens de m'acheter une tour toute neuve elle a tout juste 3 jours et deja plein d'ennuie...donc voila j'ai pas mal de fenetre de pub qui n'arrete pas de s'ouvrir, mon entre de securité window(MaJ), qui se desactive, avec souvent une impossibilité de le reactiver, et le plus embettant je pense, j'ai des sites favoris a moi, dont je squate tous les jours, et ben que se soit avec IE firefox ou autres ben je n'rrive plus a y acceder, meme en faisant des recherche google desfois je ne trouve rien la barre de chargement ne bouge pas, et cela pendant ds heures, je vous en pris aidez moi s'il vous plait... :( 
j'ai fait un rapport hijackthis,je vous le colle ici:

----------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:41, on 03/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Jérome\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {9f61720e-6f3c-362a-f664-87c360f2f780} - {087f2f06-3c78-466f-a263-c3f6e02716f9} - C:\WINDOWS\system32\ulqqxh.dll
O2 - BHO: (no name) - {1D871473-FA91-4DC1-B801-9CFE6CB63244} - C:\WINDOWS\system32\geBRJYOE.dll (file missing)
O2 - BHO: (no name) - {3DA9916C-393F-430D-A27F-97F6EBA6F7CF} - C:\WINDOWS\system32\ssqQkLCU.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D7F9DF29-7A42-4910-9481-B8838CFDD266} - C:\WINDOWS\system32\xxyaaWMF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [0ca30e24] rundll32.exe "C:\WINDOWS\system32\ewnnybdd.dll",b
O4 - HKLM\..\Run: [BM0f903db8] Rundll32.exe "C:\WINDOWS\system32\pjxgsudt.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9654] command /c del "C:\WINDOWS\system32\ssqQkLCU.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3966] cmd /c del "C:\WINDOWS\system32\ssqQkLCU.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3638] command /c del "C:\WINDOWS\system32\pjxgsudt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6184] cmd /c del "C:\WINDOWS\system32\pjxgsudt.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9750] command /c del "C:\WINDOWS\system32\ssqQkLCU.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1445] cmd /c del "C:\WINDOWS\system32\ssqQkLCU.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7002] command /c del "C:\WINDOWS\system32\pjxgsudt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3790] cmd /c del "C:\WINDOWS\system32\pjxgsudt.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: xxyaaWMF - C:\WINDOWS\SYSTEM32\xxyaaWMF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7393 bytes
----------------------------------------------------
merci a ceux ou celui qui s'y penchera, je resterais a votre ecoute le plus posible, ayant 2 enfants je ne suis pas en permanence sur le pc.mais ne vous en faites pas je regarderais ttes les 10 min. et ferais ce que vous me direz! ;) 

Autres pages sur : impossible aller sites favoris ect

a b 8 Sécurité
3 Juillet 2008 19:07:49

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    3 Juillet 2008 19:43:11

    voila l'ami c'est fait, merci de m'aider, voici le rapport:
    ------------------------
    Malwarebytes' Anti-Malware 1.19
    Version de la base de données: 918
    Windows 5.1.2600 Service Pack 3

    19:36:48 03/07/2008
    mbam-log-7-3-2008 (19-36-48).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 68683
    Temps écoulé: 8 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 8
    Valeur(s) du Registre infectée(s): 3
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\xxyaaWMF.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{d7f9df29-7a42-4910-9481-b8838cfdd266} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d7f9df29-7a42-4910-9481-b8838cfdd266} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyaawmf (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0ca30e24 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d7f9df29-7a42-4910-9481-b8838cfdd266} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0f903db8 (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ewnnybdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddbynnwe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyaaWMF.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Program Files\Alwil Software\Avast4\DATA\moved\geBRJYOE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP27\A0005661.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXNhEUN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcAQihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcAtuVo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geBtTMeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rqRKBUml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    --------------------------
    Contenus similaires
    a b 8 Sécurité
    3 Juillet 2008 20:40:27

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    3 Juillet 2008 21:10:57

    voila mon ami:
    ------------------------------------------
    ComboFix 08-07-02.5 - Jérome 2008-07-03 21:06:40.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1557 [GMT 2:00]
    Endroit: C:\Documents and Settings\Jérome\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\bgcgwn.dll
    C:\WINDOWS\system32\dwcaivhw.dll
    C:\WINDOWS\system32\EOYJRBeg.ini
    C:\WINDOWS\system32\EOYJRBeg.ini2
    C:\WINDOWS\system32\goqyoesh.dll
    C:\WINDOWS\system32\hseoyqog.ini
    C:\WINDOWS\system32\icjygylh.dll
    C:\WINDOWS\system32\lsbjkdmm.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nvhlmp.dll
    C:\WINDOWS\system32\omecwswp.dll
    C:\WINDOWS\system32\opnnNHyV.dll
    C:\WINDOWS\system32\qeqxjjeq.ini
    C:\WINDOWS\system32\qpplac.dll
    C:\WINDOWS\system32\qvcqcoed.ini
    C:\WINDOWS\system32\tymhaftf.dll
    C:\WINDOWS\system32\UCLkQqss.ini
    C:\WINDOWS\system32\UCLkQqss.ini2
    C:\WINDOWS\system32\ulqqxh.dll
    C:\WINDOWS\system32\VyHNnnpo.ini
    C:\WINDOWS\system32\VyHNnnpo.ini2
    C:\WINDOWS\system32\xxyaaWMF.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-03 to 2008-07-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-03 19:14 . 2008-07-03 19:14 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-03 19:14 . 2008-07-03 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-03 19:14 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-03 19:14 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-03 18:23 . 2008-07-03 18:23 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-07-03 18:23 . 2008-07-03 18:23 2,556 --a------ C:\WINDOWS\unins000.dat
    2008-07-03 18:17 . 2008-07-03 18:24 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-07-03 18:17 . 2008-07-03 18:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-03 12:04 . 2008-07-03 12:04 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-07-03 12:04 . 2008-07-03 12:04 <REP> d-------- C:\Program Files\InstallShield Installation Information
    2008-07-03 12:04 . 2008-07-03 12:29 136,888 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-07-03 12:04 . 2008-07-03 12:29 111,928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-07-03 12:04 . 2008-07-03 12:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-07-03 11:53 . 2008-07-03 11:53 <REP> d-------- C:\Program Files\Activision
    2008-07-02 17:38 . 2008-07-02 17:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-07-02 17:33 . 2008-07-02 17:33 0 --a------ C:\WINDOWS\nsreg.dat
    2008-07-02 12:39 . 2008-07-02 12:39 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-02 12:02 . 2008-07-02 12:02 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-07-02 12:00 . 2008-07-03 18:21 110,446 --a------ C:\WINDOWS\BM0f903db8.xml
    2008-07-02 07:09 . 2008-07-02 07:09 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-07-02 06:54 . 2008-07-02 06:54 <REP> d-------- C:\Program Files\ImgBurn
    2008-07-02 06:44 . 2008-07-02 06:44 <REP> d-------- C:\Program Files\Nero
    2008-07-02 06:44 . 2008-07-02 06:45 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-07-02 06:44 . 2008-07-02 06:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-07-02 06:42 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-07-02 06:42 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-07-02 06:42 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-07-02 06:36 . 2008-07-02 06:36 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
    2008-07-02 06:36 . 2008-07-03 18:40 175 --a------ C:\WINDOWS\Wininit.ini
    2008-07-02 06:31 . 2008-07-02 06:31 65,536 --a------ C:\WINDOWS\system32\VDPersns.dat
    2008-07-02 06:31 . 2004-09-22 11:46 37,409 --a------ C:\WINDOWS\system32\drivers\fsRamDsk.sys
    2008-07-02 06:30 . 2008-07-02 06:30 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
    2008-07-02 06:30 . 2004-09-22 11:46 77,824 --------- C:\WINDOWS\system32\RDrv2KInterface.dll
    2008-07-02 06:30 . 2004-01-13 04:51 53,248 --------- C:\WINDOWS\system32\RDrvNTInterface.dll
    2008-07-02 06:30 . 2004-03-12 07:44 36,864 --------- C:\WINDOWS\system32\unVHDDrvExe.exe
    2008-07-02 06:30 . 2004-03-12 07:44 36,864 --------- C:\WINDOWS\system32\inVHDDrvExe.exe
    2008-07-02 06:30 . 2004-07-17 08:33 32,768 --------- C:\WINDOWS\system32\RDrv9xInterface.dll
    2008-07-02 06:30 . 2004-06-29 09:03 28,672 --------- C:\WINDOWS\system32\RDrvInterface.dll
    2008-07-02 06:23 . 2008-07-02 06:23 <REP> d-------- C:\CloneDVDTemp
    2008-07-02 06:12 . 2008-07-02 06:12 <REP> d-------- C:\Program Files\Google
    2008-07-02 06:12 . 2008-07-03 08:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-07-02 06:10 . 2008-07-02 06:20 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2008-07-01 21:10 . 2008-07-01 21:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
    2008-07-01 21:02 . 2008-07-01 21:07 <REP> d-------- C:\Program Files\Elaborate Bytes
    2008-07-01 20:54 . 2008-07-01 20:55 401 --a------ C:\WINDOWS\CD Jaquette.ini
    2008-07-01 20:35 . 2008-07-01 21:02 <REP> d-------- C:\Program Files\SlySoft
    2008-07-01 20:35 . 2008-07-01 21:10 72 ---hs---- C:\WINDOWS\S8652554D.tmp
    2008-07-01 19:20 . 2008-07-01 19:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-07-01 19:12 . 2008-07-01 19:12 <REP> d-------- C:\Program Files\Messenger Plus! Live
    2008-07-01 18:54 . 2008-07-01 18:54 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-07-01 18:54 . 2008-07-01 19:12 <REP> d-------- C:\Program Files\MSN Messenger
    2008-07-01 18:31 . 2008-07-01 18:40 <REP> d-------- C:\Program Files\uTorrent
    2008-07-01 18:29 . 2008-07-01 18:29 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-07-01 18:20 . 2008-07-01 19:12 <REP> d-------- C:\Program Files\Windows Live
    2008-07-01 18:20 . 2008-07-01 18:21 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-07-01 18:19 . 2008-07-01 18:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-01 18:01 . 2008-07-01 18:01 <REP> d-------- C:\Program Files\Alwil Software
    2008-07-01 11:25 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-01 11:25 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-01 11:23 . 2008-07-01 11:23 <REP> d-------- C:\WINDOWS\system32\Lang
    2008-07-01 11:23 . 2008-07-01 11:23 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-07-01 11:23 . 2008-07-01 11:23 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-07-01 11:05 . 2008-07-01 11:27 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-07-01 11:05 . 2008-07-01 11:05 <REP> d-------- C:\WINDOWS\system32\fr
    2008-07-01 11:05 . 2008-07-01 11:05 <REP> d-------- C:\WINDOWS\system32\bits
    2008-07-01 11:05 . 2008-07-01 11:05 <REP> d-------- C:\WINDOWS\l2schemas
    2008-07-01 11:04 . 2008-07-01 11:04 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-07-01 11:03 . 2008-07-01 11:03 <REP> d-------- C:\WINDOWS\EHome
    2008-06-23 18:27 . 2008-04-14 04:33 1,571,840 --a------ C:\WINDOWS\system32\sfcfiles.dll
    2008-06-23 18:26 . 2008-06-23 18:26 9,715,200 --a------ C:\WINDOWS\RTLCPL.EXE
    2008-06-23 18:26 . 2008-06-23 18:26 4,547,584 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2008-06-23 18:26 . 2008-06-23 18:26 1,826,816 --a------ C:\WINDOWS\SkyTel.exe
    2008-06-23 18:26 . 2008-06-23 18:26 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
    2008-06-23 18:26 . 2008-06-23 18:26 282,624 --a------ C:\WINDOWS\system32\RTSndMgr.CPL
    2008-06-23 18:26 . 2008-06-23 18:26 86,016 --a------ C:\WINDOWS\SOUNDMAN.EXE
    2008-06-23 18:25 . 2008-06-23 18:25 16,380,416 --a------ C:\WINDOWS\RTHDCPL.EXE
    2008-06-23 18:24 . 2008-06-23 18:24 2,808,832 --a------ C:\WINDOWS\ALCWZRD.EXE
    2008-06-23 18:24 . 2008-06-23 18:24 2,165,760 --a------ C:\WINDOWS\MicCal.exe
    2008-06-23 18:24 . 2008-06-23 18:24 299,008 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
    2008-06-23 18:24 . 2008-06-23 18:24 69,632 --a------ C:\WINDOWS\ALCMTR.EXE

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-01 08:45 --------- d-----w C:\Program Files\microsoft frontpage
    2008-07-01 08:44 --------- d-----w C:\Program Files\Services en ligne
    2008-06-23 16:20 895,744 ----a-w C:\WINDOWS\system32\drivers\nvnrm.sys
    2008-06-23 16:20 67,712 ----a-w C:\WINDOWS\system32\drivers\si3132.sys
    2008-06-23 16:20 58,368 ----a-w C:\WINDOWS\system32\drivers\NVENETFD.sys
    2008-06-23 16:20 36,352 ----a-w C:\WINDOWS\system32\drivers\AmdK8.sys
    2008-06-23 16:20 261,632 ----a-w C:\WINDOWS\system32\drivers\nvsnpu.sys
    2008-06-23 16:20 210,224 ----a-w C:\WINDOWS\system32\drivers\Si3531.sys
    2008-06-23 16:20 19,968 ----a-w C:\WINDOWS\system32\drivers\nvnetbus.sys
    2008-06-23 16:20 110,592 ----a-w C:\WINDOWS\system32\drivers\nvtcp.sys
    2008-06-23 16:20 105,472 ----a-w C:\WINDOWS\system32\drivers\nvatabus.sys
    2008-06-23 16:20 105,472 ----a-w C:\WINDOWS\system32\drivers\nvata.sys
    2008-06-23 16:20 1,732 ----a-w C:\WINDOWS\system32\drivers\nvphy.bin
    2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-04-14 02:34 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
    2008-04-14 02:34 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
    2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe
    2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe
    2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe
    2008-04-14 02:34 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
    2008-04-14 02:34 172,544 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
    2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe
    2008-04-14 02:34 151,040 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
    2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe
    2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 06:12 68856]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 08:35 7634944]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 08:35 86016]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
    "nwiz"="nwiz.exe" [2006-10-31 08:35 1622016 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2008-06-23 18:25 16380416 C:\WINDOWS\RTHDCPL.EXE]
    "Alcmtr"="ALCMTR.EXE" [2008-06-23 18:24 69632 C:\WINDOWS\ALCMTR.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

    R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2008-06-23 18:20]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    S0 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdd80e4-4823-11dd-8d57-001d92e427df}]
    \Shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
    \Shell\dinstall\command - F:\Directx\dxsetup.exe

    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{087f2f06-3c78-466f-a263-c3f6e02716f9} - (no file)
    BHO-{1D871473-FA91-4DC1-B801-9CFE6CB63244} - C:\WINDOWS\system32\geBRJYOE.dll
    BHO-{3DA9916C-393F-430D-A27F-97F6EBA6F7CF} - C:\WINDOWS\system32\ssqQkLCU.dll
    BHO-{793ed2f7-3015-4ba8-8c1b-02f335ee0301} - (no file)
    BHO-{ACBD93CD-0F2B-45E2-B45A-82E3F9E47E90} - (no file)
    BHO-{D7F9DF29-7A42-4910-9481-B8838CFDD266} - (no file)
    Notify-xxyaaWMF - (no file)


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-03 21:08:43
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-03 21:09:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-03 19:09:41

    Pre-Run: 175,002,374,144 octets libres
    Post-Run: 175,728,275,456 octets libres

    220 --- E O F --- 2008-07-02 10:43:36
    a b 8 Sécurité
    3 Juillet 2008 21:19:24

    Reposte un rapport Hijackthis.
    3 Juillet 2008 23:16:12

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:15:35, on 03/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Jérome\Mes documents\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {087f2f06-3c78-466f-a263-c3f6e02716f9} - (no file)
    O2 - BHO: (no name) - {1D871473-FA91-4DC1-B801-9CFE6CB63244} - (no file)
    O2 - BHO: (no name) - {3DA9916C-393F-430D-A27F-97F6EBA6F7CF} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {793ed2f7-3015-4ba8-8c1b-02f335ee0301} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {ACBD93CD-0F2B-45E2-B45A-82E3F9E47E90} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {D7F9DF29-7A42-4910-9481-B8838CFDD266} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - Winlogon Notify: xxyaaWMF - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 6150 bytes



    voila mon ami!
    4 Juillet 2008 00:02:36

    voila scan effectué:
    -----------------------------------
    Avira AntiVir Personal
    Report file date: vendredi 4 juillet 2008 00:03

    Scanning for 1376780 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: BOSC-E9D46894CE

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 21:57:27
    ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 21:57:28
    ANTIVIR3.VDF : 7.0.5.45 115712 Bytes 03/07/2008 21:57:29
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 21:57:39
    AESCN.DLL : 8.1.0.22 119157 Bytes 03/07/2008 21:57:38
    AERDL.DLL : 8.1.0.20 418165 Bytes 03/07/2008 21:57:37
    AEPACK.DLL : 8.1.1.6 364918 Bytes 03/07/2008 21:57:36
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 03/07/2008 21:57:35
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 21:57:35
    AEHELP.DLL : 8.1.0.15 115063 Bytes 03/07/2008 21:57:32
    AEGEN.DLL : 8.1.0.29 307573 Bytes 03/07/2008 21:57:32
    AEEMU.DLL : 8.1.0.6 430451 Bytes 03/07/2008 21:57:31
    AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 21:57:30
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 4 juillet 2008 00:03

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    28 processes with 28 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '24' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Jérome\Mes documents\logiciel\WinRar.V3.71+Keygen+PatchFR.by-JEB\keygen.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.aac.4 Backdoor server programs
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\bgcgwn.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\dwcaivhw.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\icjygylh.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\nvhlmp.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\omecwswp.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\opnnNHyV.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\qpplac.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tymhaftf.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ulqqxh.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\xxyaaWMF.dll.vir
    [DETECTION] Is the Trojan horse TR/Monderc.25600.23
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0006729.dll
    [DETECTION] Is the Trojan horse TR/Monderc.82496
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0006781.dll
    [DETECTION] Is the Trojan horse TR/Monderc.82496
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0006807.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0006809.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0007894.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0007895.dll
    [DETECTION] Is the Trojan horse TR/Monderc.25600.23
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0007896.dll
    [DETECTION] Is the Trojan horse TR/Monderc.25600.23
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0007897.dll
    [DETECTION] Is the Trojan horse TR/Monderc.25600.23
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0007898.dll
    [DETECTION] Is the Trojan horse TR/Monderc.25600.23
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP29\A0007899.dll
    [DETECTION] Is the Trojan horse TR/Monderc.25600.23
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008971.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008972.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008974.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008975.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008976.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008977.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008978.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008979.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008980.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{9A5C1F17-9018-4066-AB68-831B67A2BF39}\RP31\A0008981.dll
    [DETECTION] Is the Trojan horse TR/Monderc.25600.23
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: vendredi 4 juillet 2008 00:19
    Used time: 15:23 min

    The scan has been done completely.

    1626 Scanning directories
    120905 Files were scanned
    31 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    31 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    120874 Files not concerned
    1119 Archives were scanned
    3 Warnings
    31 Notes

    a b 8 Sécurité
    4 Juillet 2008 12:43:40

    Reposte un rapport Hijackthis.
    4 Juillet 2008 17:25:31

    voici le rapport, par contre c bon deja cela lui a fait du bien car je n'ai plus de pub intempestive et les sites ou je ne pouvais allé, maintenant je peux sans probleme ,mais bon si il reste quelque chose n'hesite pas a me le dire, merci en tout cas!
    -----------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:23:55, on 04/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Documents and Settings\Jérome\Bureau\antivir_workstation_win7u_en_h.exe
    C:\DOCUME~1\JROME~1\LOCALS~1\Temp\RarSFX1\basic\setup.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Jérome\Mes documents\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {087f2f06-3c78-466f-a263-c3f6e02716f9} - (no file)
    O2 - BHO: (no name) - {1D871473-FA91-4DC1-B801-9CFE6CB63244} - (no file)
    O2 - BHO: (no name) - {3DA9916C-393F-430D-A27F-97F6EBA6F7CF} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {793ed2f7-3015-4ba8-8c1b-02f335ee0301} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {ACBD93CD-0F2B-45E2-B45A-82E3F9E47E90} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {D7F9DF29-7A42-4910-9481-B8838CFDD266} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - Winlogon Notify: xxyaaWMF - C:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 5977 bytes
    a b 8 Sécurité
    4 Juillet 2008 18:32:30

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {087f2f06-3c78-466f-a263-c3f6e02716f9} - (no file)
    O2 - BHO: (no name) - {1D871473-FA91-4DC1-B801-9CFE6CB63244} - (no file)
    O2 - BHO: (no name) - {3DA9916C-393F-430D-A27F-97F6EBA6F7CF} - (no file)
    O2 - BHO: (no name) - {793ed2f7-3015-4ba8-8c1b-02f335ee0301} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {ACBD93CD-0F2B-45E2-B45A-82E3F9E47E90} - (no file)
    O2 - BHO: (no name) - {D7F9DF29-7A42-4910-9481-B8838CFDD266} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O20 - Winlogon Notify: xxyaaWMF - C:\WINDOWS\
    4 Juillet 2008 23:05:55

    voila c fait jté fait un nouveau rapport :
    --------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:05:22, on 04/07/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Jérome\Mes documents\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 5347 bytes
    a b 8 Sécurité
    5 Juillet 2008 12:57:56

    Encore des problèmes ?
    5 Juillet 2008 18:40:16

    ben ecoute apperement ,non plus rien , on en a fini tu crois avec ca? lol
    si c'est le cas laisse moi te dire que si tu passes prés d'avignon tu m'envoi un mail et jte payerais un apero d'enfer! lol
    a b 8 Sécurité
    5 Juillet 2008 18:43:50

    :D 
    On a terminé, bon surf.
    6 Juillet 2008 01:46:22

    meri de ton aide en tout cas heureusement qu'il existe des gars comme vous sur le net! chapeau bas messieurs!
    a b 8 Sécurité
    6 Juillet 2008 16:10:09

    Merci :jap: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS