Votre question

PC redemarre tout seul+empeche d'aller sur internet+Plein de pubs

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
14 Juin 2008 10:21:37

Bonjour voila mes problems:
_mon pc redémarre tout seul tous les jours à 9h50!!!
_Internet Explorer m'empeche d'aller sur certains sites(qui sont tout à fait normaux ^^) qui en plus de cela plusieurs publicitées pour des jeux en ligne viennent s'ouvrir. En esperant grace à vous tout va redevenir normal.

Je vais poster mon rapport HijackThis.

Autres pages sur : redemarre seul empeche aller internet plein pubs

14 Juin 2008 10:22:27

Le voici:

Logfile of HijackThis v1.99.1
Scan saved at 10:21:49, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\chef\Mes documents\Débarra\logiciels\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3095D50F-F1BA-4BBC-A54D-819EEB7E0898} - C:\WINDOWS\system32\ljJCuTmm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {D083C3F4-4201-4765-B9B1-792C225AC410} - C:\WINDOWS\system32\mlJcAQiF.dll (file missing)
O2 - BHO: (no name) - {D1811913-FEB4-4342-A24A-763A2E79A3B1} - C:\WINDOWS\system32\rqRKEWMg.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] C:\Documents and Settings\chef\svchost.exe
O4 - HKLM\..\Run: [c8d4de60] rundll32.exe "C:\WINDOWS\system32\stsvhhnf.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMcbe7edfc] Rundll32.exe "C:\WINDOWS\system32\ynqijnff.dll",s
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD39/JSCDL/jdk/6u5b/jinsta...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6004ECB-7DA1-4550-9979-4634711A9F2F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A14A7A-0C27-4571-A1E0-AB61CD85964D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ljJCuTmm - ljJCuTmm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

a b 8 Sécurité
14 Juin 2008 11:39:54

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Contenus similaires
    14 Juin 2008 13:38:41

    voici le rapport:

    Malwarebytes' Anti-Malware 1.17
    Version de la base de données: 854

    13:32:37 14/06/2008
    mbam-log-6-14-2008 (13-32-37).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 171913
    Temps écoulé: 1 hour(s), 29 minute(s), 40 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 32
    Valeur(s) du Registre infectée(s): 11
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 56

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e94eb13e-d78f-0857-7734-5e67a49ffff1} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0ec085a8-9818-43b7-b975-ec7555eda4d2} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1a74c41c-0837-4fbe-ba50-621eb70f01ce} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{25297614-1b76-4c2c-82c6-62738aa0e8f0} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{37f89457-1208-4670-9245-58c62bd6d870} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{45477032-abd0-454d-9ce4-ea34c10322f8} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{69e34747-0b27-4b30-ae20-1023bf29e246} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{79be5b3b-80b2-4b77-a042-efc90f6e0de7} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{7ebb34cf-1728-4136-a968-48f231dad1b4} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{88daa291-b413-4c46-b378-3be66f65369e} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{936a2f4a-53f8-4d2f-92aa-2f9de889841c} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{afcc3fa7-82a9-42d5-a405-78711e97a5d6} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cc05a4a3-7b28-488f-ab02-6aaedb86accf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{e80114aa-6653-4952-9e97-5f1dc63bee0f} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f9109a2a-432b-4add-a6fa-06ba22dcd2d9} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fca3958a-8d38-4d14-8b81-ccd7f68a8a01} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf} (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8d4de60 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMcbe7edfc (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\rdblgsbl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lbsglbdr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\stsvhhnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fnhhvsts.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565811.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565825.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565826.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0565827.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566067.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566080.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566081.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP167\A0566257.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567828.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567829.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567830.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567874.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567875.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567900.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567901.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0567902.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568040.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568187.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0568198.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569102.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569192.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569451.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569452.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP168\A0569453.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569479.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569480.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP169\A0569481.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0569980.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0569981.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570017.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570018.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570019.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570020.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP171\A0570021.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP181\A0573474.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP185\A0577642.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0577945.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578295.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578296.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578307.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP188\A0578310.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591904.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591926.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591967.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{8A8BE1DB-6071-4CAB-AA72-FF12AFFF4D7D}\RP211\A0591989.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ysifwvgi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ynqijnff.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    14 Juin 2008 15:17:53

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    14 Juin 2008 16:06:40

    Re desolé je ne trouve pas où desactiver l'antivirus( AVG free edition). Le d'sinstaller peut-il etre possible?? Vu que je dois changer!
    a b 8 Sécurité
    14 Juin 2008 16:38:38

    Pas grave, fais sans la désactivation.
    14 Juin 2008 17:08:23

    voila j'ai fais la desactivaton!!


    ComboFix 08-06-12.2 - chef 2008-06-14 16:55:15.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT 2:00]
    Endroit: C:\Documents and Settings\chef\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    ADS - svchost.exe: deleted 100 bytes in 1 streams.
    ADS - ntoskrnl.exe: deleted 100 bytes in 1 streams.
    ADS - explorer.exe: deleted 36 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Temp\vtmp2
    C:\WINDOWS\BMcbe7edfc.xml
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\Fonts\CALIBRIB.TTF
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\elvmsnmr.ini
    C:\WINDOWS\system32\FiQAcJlm.ini
    C:\WINDOWS\system32\FiQAcJlm.ini2
    C:\WINDOWS\system32\gMWEKRqr.ini
    C:\WINDOWS\system32\gMWEKRqr.ini2
    C:\WINDOWS\system32\hibcycqs.ini
    C:\WINDOWS\system32\ilcgtuht.dll
    C:\WINDOWS\system32\iqugpjge.dll
    C:\WINDOWS\system32\jybvweys.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\tnmojbae.dll
    C:\WINDOWS\system32\umqlwngo.ini

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-14 to 2008-06-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\chef\Application Data\Malwarebytes
    2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-14 11:57 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-14 11:57 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-14 11:49 . 2008-06-14 11:49 <REP> d-------- C:\Documents and Settings\chef\Application Data\Uniblue
    2008-06-12 22:52 . 2008-06-12 22:52 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-06-11 10:47 . 2008-06-11 10:47 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-06-11 08:39 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 08:39 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-06 18:31 . 2008-06-06 18:31 <REP> d-------- C:\Program Files\RomuSoft
    2008-06-03 13:53 . 2008-06-03 13:53 192,512 --a------ C:\WINDOWS\off-road-uninst.exe
    2008-06-03 13:52 . 2008-06-03 16:51 <REP> d-------- C:\Program Files\M6 Jeux
    2008-06-03 13:52 . 2008-06-03 13:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2008-06-03 13:32 . 2008-06-03 13:32 <REP> d-------- C:\Documents and Settings\chef\Application Data\THQ
    2008-05-27 17:53 . 2008-05-27 17:53 123 --a------ C:\WINDOWS\wininit.ini
    2008-05-24 08:18 . 2008-05-24 08:21 <REP> d--hs---- C:\Documents and Settings\chef\!
    2008-05-24 08:18 . 2008-05-24 08:18 0 --a------ C:\WINDOWS\system32\taskkill.exe
    2008-05-24 08:17 . 2008-05-29 09:18 <REP> d-------- C:\WINDOWS\system32\vntiho05
    2008-05-16 17:04 . 2008-05-27 16:36 <REP> d-------- C:\Program Files\LimeWire
    2008-05-16 17:04 . 2008-05-27 16:27 <REP> d-------- C:\Documents and Settings\chef\Application Data\LimeWire
    2008-05-16 13:57 . 2008-06-11 17:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-16 13:57 . 2008-05-16 13:57 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-14 07:12 --------- d-----w C:\Documents and Settings\chef\Application Data\AVG7
    2008-06-14 03:41 --------- d-----w C:\Program Files\eMule
    2008-06-13 15:02 --------- d-----w C:\Program Files\EA GAMES
    2008-06-12 20:56 --------- d-----w C:\Program Files\VisualTaskTips
    2008-06-09 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-06-04 08:22 --------- d-----w C:\Documents and Settings\chef\Application Data\AdobeUM
    2008-06-03 11:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-03 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-29 07:55 --------- d-----w C:\Program Files\SuperMarioPac
    2008-05-23 15:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-18 13:07 --------- d-----w C:\Program Files\VirtualDJ
    2008-05-16 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-09 16:56 --------- d-----w C:\Program Files\Java
    2008-05-09 16:53 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-02 10:28 --------- d-----w C:\Program Files\Windows Live
    2008-05-02 10:28 --------- d-----w C:\Program Files\Fake Webcam
    2008-03-14 21:24 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-03-14 21:24 253,952 ------w C:\WINDOWS\Setup1.exe
    2008-03-14 17:53 71,326 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-03-14 17:53 5,368 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-14 16:55 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2008-01-02 17:02 22,328 ----a-w C:\Documents and Settings\chef\Application Data\PnkBstrK.sys
    2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
    C:\WINDOWS\system32\ljJCuTmm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D083C3F4-4201-4765-B9B1-792C225AC410}]
    C:\WINDOWS\system32\mlJcAQiF.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1811913-FEB4-4342-A24A-763A2E79A3B1}]
    C:\WINDOWS\system32\rqRKEWMg.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [ ]
    "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 14:07 1289000]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:47 579584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-05 00:50 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-19 21:38 219136]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
    "{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"= C:\WINDOWS\system32\ljJCuTmm.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCuTmm]
    ljJCuTmm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "vidc.VP40"= vp4vfw.dll
    "vidc.ffds"= ffdshow.ax
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahm30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovc41.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\mcoinstall.exe"=
    "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
    "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "<NO NAME>"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Documents and Settings\\chef\\Mes documents\\Jeux\\mini jeux\\Volley\\volley.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\EA GAMES\\NFS Underground\\Speed.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2000-02-22 16:46]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    S0 Ahm30;Ahm30;C:\WINDOWS\system32\Drivers\Ahm30.sys []
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfbf0e4-d006-11dc-96f4-0015f237590f}]
    \Shell\Auto\command - Cn911.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-22 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-14 17:00:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
    "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\searchindexer.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-14 17:06:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-14 15:06:32

    Pre-Run: 73,027,543,040 octets libres
    Post-Run: 73,348,734,976 octets libres

    214 --- E O F --- 2008-06-11 08:48:16
    a b 8 Sécurité
    15 Juin 2008 12:38:59

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D083C3F4-4201-4765-B9B1-792C225AC410}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1811913-FEB4-4342-A24A-763A2E79A3B1}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCuTmm]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    15 Juin 2008 13:05:32

    ComboFix 08-06-12.2 - chef 2008-06-15 12:54:26.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.567 [GMT 2:00]
    Endroit: C:\Documents and Settings\chef\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\chef\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\chef\real.txt
    C:\WINDOWS\system32\taskkill.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\chef\Application Data\Malwarebytes
    2008-06-14 11:57 . 2008-06-14 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-14 11:57 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-14 11:57 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-14 11:49 . 2008-06-14 11:49 <REP> d-------- C:\Documents and Settings\chef\Application Data\Uniblue
    2008-06-12 22:52 . 2008-06-12 22:52 <REP> d-------- C:\Program Files\SystemRequirementsLab
    2008-06-11 10:47 . 2008-06-11 10:47 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-06-11 08:39 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 08:39 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-06 18:31 . 2008-06-06 18:31 <REP> d-------- C:\Program Files\RomuSoft
    2008-06-03 13:53 . 2008-06-03 13:53 192,512 --a------ C:\WINDOWS\off-road-uninst.exe
    2008-06-03 13:52 . 2008-06-03 16:51 <REP> d-------- C:\Program Files\M6 Jeux
    2008-06-03 13:52 . 2008-06-03 13:52 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2008-06-03 13:32 . 2008-06-03 13:32 <REP> d-------- C:\Documents and Settings\chef\Application Data\THQ
    2008-05-27 17:53 . 2008-05-27 17:53 123 --a------ C:\WINDOWS\wininit.ini
    2008-05-24 08:18 . 2008-05-24 08:21 <REP> d--hs---- C:\Documents and Settings\chef\!
    2008-05-24 08:17 . 2008-05-29 09:18 <REP> d-------- C:\WINDOWS\system32\vntiho05
    2008-05-16 17:04 . 2008-05-27 16:36 <REP> d-------- C:\Program Files\LimeWire
    2008-05-16 17:04 . 2008-05-27 16:27 <REP> d-------- C:\Documents and Settings\chef\Application Data\LimeWire
    2008-05-16 13:57 . 2008-06-11 17:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-16 13:57 . 2008-05-16 13:57 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-15 07:38 --------- d-----w C:\Documents and Settings\chef\Application Data\AVG7
    2008-06-15 03:32 --------- d-----w C:\Program Files\eMule
    2008-06-13 15:02 --------- d-----w C:\Program Files\EA GAMES
    2008-06-12 20:56 --------- d-----w C:\Program Files\VisualTaskTips
    2008-06-09 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-06-04 08:22 --------- d-----w C:\Documents and Settings\chef\Application Data\AdobeUM
    2008-06-03 11:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-03 11:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-29 07:55 --------- d-----w C:\Program Files\SuperMarioPac
    2008-05-23 15:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-05-23 15:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-05-18 13:07 --------- d-----w C:\Program Files\VirtualDJ
    2008-05-16 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-09 16:56 --------- d-----w C:\Program Files\Java
    2008-05-09 16:53 --------- d-----w C:\Program Files\Fichiers communs\Java
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-02 10:28 --------- d-----w C:\Program Files\Windows Live
    2008-05-02 10:28 --------- d-----w C:\Program Files\Fake Webcam
    2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-01-02 17:02 22,328 ----a-w C:\Documents and Settings\chef\Application Data\PnkBstrK.sys
    2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\80_msimn.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-06-14_17.06.21.35 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-14 14:59:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-15 07:48:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UberIcon"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [ ]
    "RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-11-13 14:07 1289000]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:47 579584]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-05 00:50 155648]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-19 21:38 219136]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2007-07-07 15:02:00 626176]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "vidc.VP40"= vp4vfw.dll
    "vidc.ffds"= ffdshow.ax
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahm30.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ovc41.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\mcoinstall.exe"=
    "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
    "C:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "<NO NAME>"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Documents and Settings\\chef\\Mes documents\\Jeux\\mini jeux\\Volley\\volley.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\EA GAMES\\NFS Underground\\Speed.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2000-02-22 16:46]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    S0 Ahm30;Ahm30;C:\WINDOWS\system32\Drivers\Ahm30.sys []
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcfbf0e4-d006-11dc-96f4-0015f237590f}]
    \Shell\Auto\command - Cn911.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-22 16:15:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-15 12:56:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
    "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 4.1\my.ini\" MySQL"
    .
    Temps d'accomplissement: 2008-06-15 12:59:24
    ComboFix-quarantined-files.txt 2008-06-15 10:58:22
    ComboFix2.txt 2008-06-14 15:06:36

    Pre-Run: 76,965,199,872 octets libres
    Post-Run: 76,954,320,896 octets libres

    175 --- E O F --- 2008-06-11 08:48:16
    15 Juin 2008 13:06:21

    Logfile of HijackThis v1.99.1
    Scan saved at 13:05:58, on 15/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\chef\Mes documents\Débarra\logiciels\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD39/JSCDL/jdk/6u5b/jinsta...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6004ECB-7DA1-4550-9979-4634711A9F2F}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A14A7A-0C27-4571-A1E0-AB61CD85964D}: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe




    voila tous
    a b 8 Sécurité
    15 Juin 2008 20:25:14

    Encore des soucis ?
    15 Juin 2008 20:54:01

    Ba écoute c'est vrai que je n'ai plus de pubs et je peux aller ou je veux sur le net!! mais je saurais que demain si mon pc redemarre encore tout seul ou pas!! mais merci deja!!
    a b 8 Sécurité
    16 Juin 2008 11:12:28

    No problem ;) 
    17 Juin 2008 10:29:08

    Voila je viens de verifier et il ne redemarre plus tout seul! Tout est redevenu comme avant merci!!!!
    a b 8 Sécurité
    17 Juin 2008 12:59:44

    Bon surf ;) 
    25 Juin 2008 13:42:46

    Voila je suis desolé mais mon pc se remet a redémarrer tout seul toujours a la meme heure qu'avant!! Cela fait 3 jours que sa a repris!
    a b 8 Sécurité
    25 Juin 2008 13:45:12

    Reposte un rapport Hijackthis.

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
    25 Juin 2008 14:30:42

    voila le rapport hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 14:34:08, on 25/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\Hercules\WiFi Station\WifiStation.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\chef\Mes documents\Débarra\logiciels\Proteger pc\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
    O4 - Global Startup: WiFi Station.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD39/JSCDL/jdk/6u5b/jinsta...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D6004ECB-7DA1-4550-9979-4634711A9F2F}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4A14A7A-0C27-4571-A1E0-AB61CD85964D}: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    25 Juin 2008 14:58:09

    Gmer m'as dit qu'il n'a rien trouver!!!!
    a b 8 Sécurité
    25 Juin 2008 17:46:56

    Ce problème n'est pas lié à une infection pour moi.
    25 Juin 2008 20:51:18

    ok ba merci quand meme alors!!
    a b 8 Sécurité
    25 Juin 2008 20:53:44

    Tu devrais voir dans la section Hardware.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS