Se connecter / S'enregistrer
Votre question

ordi qui se fige ou s'eteind tout seul

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Avril 2008 11:49:03

bonjour,

tout est dans le titre :

à celui qui sera trouver le pb ds mon Hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:46:57, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\MESSAG~1\StartMessager.exe
D:\WINDOWS\system32\rundll32.exe
D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\florent\eMule\emule.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.390\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - D:\Program Files\ShoppingReport\Bin\2.0.25\ShoppingReport.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - D:\Program Files\ShoppingReport\Bin\2.0.25\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - D:\Program Files\ShoppingReport\Bin\2.0.25\ShoppingReport.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Autres pages sur : ordi fige eteind seul

13 Avril 2008 13:14:46

bonjour

c'est toi qui a installé un keylogger sur ton pc?
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe

http://research.sunbelt-software.com/threatdisplay.aspx...


Télécharge BTFix de Bibi26.
  • Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

    13 Avril 2008 16:58:40

    merci de ton aide :) 

    alors pour la premiere question ... non je ne pense pas, je n'ai pas trouvé ce programme

    sinon por BTFix

    BTFix 1.095 (par bibi26) - 13/04/2008 16:56:41 - Analyse
    Lancé depuis D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - D:\Program Files\ShoppingReport\
    - D:\Documents and Settings\Florent\Application Data\ShoppingReport\

    ---> Analyse terminée le 13/04/2008 16:56:42
    Contenus similaires
    13 Avril 2008 17:07:42

    re

    tu ne réponds pas à ma question, est-ce que c'est toi qui a installé un keylogger:
    voilà ce que c'est:
    http://www.securiteinfo.com/attaques/divers/keylogger.s...

    soit toi ou un membre de ta famille l'installe pour vérifier ce que l'on fait sur ce PC, soit c'est un malware, et là... si tu fais des achats par CB, tu dois rapidement contacter ta banque.

    1

  • Ouvre BTFix.
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

    2

    ajoute un nouveau log Hijackthis stp
    13 Avril 2008 21:18:09

    euh oui c'est moi qui avait installé ça ...
    mais je pensais l'avoir supprimé

    mon scan BTFix
    BTFix 1.095 (par bibi26) - 13/04/2008 21:15:38 - Nettoyage - Mode normal
    Lancé depuis D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - D:\Program Files\ShoppingReport\Bin\2.0.25\
    - D:\Program Files\ShoppingReport\Bin\
    - D:\Program Files\ShoppingReport\cs\
    - D:\Program Files\ShoppingReport\
    - D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\db\
    - D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\dwld\
    - D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\report\
    - D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\res2\
    - D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\
    - D:\Documents and Settings\Florent\Application Data\ShoppingReport\

    ---> Nettoyage terminé le 13/04/2008 21:15:41

    Logfile of HijackThis v1.99.1
    Scan saved at 21:17:42, on 13/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\PROGRA~1\Wanadoo\CnxMon.exe
    D:\PROGRA~1\MESSAG~1\StartMessager.exe
    D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\WinRAR\WinRAR.exe
    D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)





    14 Avril 2008 00:09:59

    ok

    vérifie que tu l'a bien désinstallé via ajout/suppression de programmes puis supprime le dossier en gras:
    D:\Program Files\Active Key Logger

    Voilà ce qu'on va faire, tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    Citation :
    Antivir : le plus efficace des gratuits

    19 Avril 2008 20:51:06

    je n'ai pas trouvé ton dossier .....

    voila le scan

    BTFix 1.095 (par bibi26) - 19/04/2008 20:36:14 - Nettoyage - Mode normal
    Lancé depuis D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés

    ---> Nettoyage terminé le 19/04/2008 20:36:28

    Logfile of HijackThis v1.99.1
    Scan saved at 20:50:28, on 19/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RunDLL32.exe
    D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\PROGRA~1\Wanadoo\CnxMon.exe
    D:\PROGRA~1\MESSAG~1\StartMessager.exe
    D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Windows Media Player\Setup_wm.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    d:\program files\avira\antivir personaledition classic\avcenter.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe
    D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe
    D:\WINDOWS\explorer.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\WinRAR\WinRAR.exe
    D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
    O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


    voila

    merci de ton aide



    19 Avril 2008 22:56:46

    bonsoir
    je voulais un scan avec antivir :) 
    20 Avril 2008 12:37:48

    voila voila oui
    bon alors c'est une vrai galere il faut 2H pour faire un scan
    et ... l'ordi s'éteind avant la fin forcement

    mais j'ai un scan qui s'est terminé et enregistré le voila


    Avira AntiVir Personal
    Report file date: dimanche 20 avril 2008 10:42

    Scanning for 1218459 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: OXYGEN

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:28:29
    ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 18:28:47
    Engineversion : 8.1.0.32
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.26 233850 Bytes 19/04/2008 18:29:34
    AESCN.DLL : 8.1.0.14 119156 Bytes 19/04/2008 18:29:31
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
    AEPACK.DLL : 8.1.1.2 364917 Bytes 19/04/2008 18:29:29
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 18:29:23
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 19/04/2008 18:29:17
    AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 18:29:02
    AEGEN.DLL : 8.1.0.17 299380 Bytes 19/04/2008 18:28:59
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 19/04/2008 18:28:49
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 20 avril 2008 10:42

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
    Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
    Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'AiNap.exe' - '1' Module(s) have been scanned
    Scan process 'aaCenter.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'SMax4.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    47 processes with 47 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '32' files ).


    Starting the file scan:

    Begin scan in 'C:\' <MEMOIRE>
    Begin scan in 'D:\' <PROGRAMMES>
    D:\pagefile.sys
    [WARNING] The file could not be opened!
    D:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: dimanche 20 avril 2008 12:16
    Used time: 1:34:48 min

    The scan has been done completely.

    6012 Scanning directories
    549979 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    549979 Files not concerned
    6581 Archives were scanned
    2 Warnings
    0 Notes

    un autre plus vieux




    Avira AntiVir Personal
    Report file date: samedi 19 avril 2008 22:47

    Scanning for 1218459 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: OXYGEN

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:28:29
    ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 18:28:47
    Engineversion : 8.1.0.32
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.26 233850 Bytes 19/04/2008 18:29:34
    AESCN.DLL : 8.1.0.14 119156 Bytes 19/04/2008 18:29:31
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
    AEPACK.DLL : 8.1.1.2 364917 Bytes 19/04/2008 18:29:29
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 18:29:23
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 19/04/2008 18:29:17
    AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 18:29:02
    AEGEN.DLL : 8.1.0.17 299380 Bytes 19/04/2008 18:28:59
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 19/04/2008 18:28:49
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 19 avril 2008 22:47

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'dslmon.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
    Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
    Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'AiNap.exe' - '1' Module(s) have been scanned
    Scan process 'aaCenter.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'SMax4.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    44 processes with 44 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '32' files ).


    Starting the file scan:

    Begin scan in 'C:\' <MEMOIRE>
    C:\florent\jeux\consoles emulation\kawaks\1.47a.exe
    [DETECTION] Is the Trojan horse TR/Horse3.CG
    [NOTE] The file was moved to '483ebbbf.qua'!
    C:\RECYCLER\S-1-5-21-1708537768-1715567821-839522115-1003\Dc1.zip
    [0] Archive type: ZIP
    --> SecuredeIE_11_ES_SS_-1199883400.exe
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.X.1
    [NOTE] The file was moved to '483bc11e.qua'!
    Begin scan in 'D:\' <PROGRAMMES>
    D:\pagefile.sys
    [WARNING] The file could not be opened!
    D:\Documents and Settings\Elise\Local Settings\Temp\~7.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Bagle.CC.2
    [NOTE] The file was moved to '4838c176.qua'!
    D:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\0X2LSHQT\g2[1].htm
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '4865c18f.qua'!
    D:\Documents and Settings\Florent\Application Data\Sun\Java\Deployment\cache\6.0\25\9180419-54dbd455
    [0] Archive type: ZIP
    --> BnnnnBaa.class
    [DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
    --> VaannnaaBaa.class
    [DETECTION] Is the Trojan horse TR/ClassLoader
    --> Dnnny.class
    [DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.Bytverify.5
    --> Bnnnnn.class
    [DETECTION] Is the Trojan horse TR/Java.ClassLoader.AS
    --> Den.class
    [DETECTION] Is the Trojan horse TR/Exploit.Bytverify
    --> Din.class
    [DETECTION] Is the Trojan horse TR/Exploit.Bytverify.A
    --> Dun.class
    [DETECTION] Is the Trojan horse TR/Exploit.Bytverify.B
    [NOTE] The file was moved to '4842c213.qua'!
    D:\Documents and Settings\Florent\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-518df0ea
    [0] Archive type: ZIP
    --> BaaaaBaa.class
    [DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.A.19
    [NOTE] The file was moved to '4870c21b.qua'!
    D:\Program Files\Cain\Abel.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was moved to '486fc40c.qua'!
    D:\Program Files\Secured IE\Secured IE - Installer.exe
    [DETECTION] Contains detection pattern of the dropper DR/Shopper.Q
    [NOTE] The file was moved to '486dc5b5.qua'!
    D:\WINDOWS\exefld\17474593.exe
    [DETECTION] Is the Trojan horse TR/Bagle.Gen.B
    [NOTE] The file was moved to '483ec781.qua'!
    D:\WINDOWS\system32\flec003.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was moved to '486fc90a.qua'!
    D:\WINDOWS\system32\hldrrr.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    D:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: dimanche 20 avril 2008 06:40
    Used time: 7:52:51 min

    The scan has been done completely.

    6011 Scanning directories
    550829 Files were scanned
    15 viruses and/or unwanted programs were found
    2 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    10 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    550814 Files not concerned
    6585 Archives were scanned
    2 Warnings
    11 Notes





    20 Avril 2008 15:33:49

    Bonjour

    ton log montre une infection bagle...

    ~Télécharge Elibagla sur cette page :
    http://www.zonavirus.com/datos/descargas/95/elibagla.as...

    Tu trouveras le programme à télécharger tout en bas de la page :,
    clique sur escargar Elibagla 11.28

    Enregistre ce fichier sur le bureau
    Va sur ton bureau et double-clic sur Elibagla.exe
    La case "eliminar ficheros automaticamente" doit être cochée
    Clique sur"explorar" et laisse-le travailler
    ~Poste le rapport final qui sera dans c:\infosat.txt

    20 Avril 2008 21:04:44

    je ne connais pas ton infevtion ...

    mais sinon voila le scan :) 


    Sun Apr 20 20:29:36 2008
    EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    D:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
    Eliminada Carpeta "%WinDir%\exefld"

    Sun Apr 20 20:30:25 2008
    EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad D:\

    Nº Total de Directorios: 4768
    Nº Total de Ficheros: 57571
    Nº de Ficheros Analizados: 12675
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Sun Apr 20 21:02:58 2008
    EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Sun Apr 20 21:03:11 2008
    EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad D:\
    20 Avril 2008 21:19:55

    re

    bagle détruit les antivirus... mais là, il n'y avait que des restes...
    comment se comporte ton pc?
    reposte un log hijackthis stp
    24 Avril 2008 08:37:15

    salut

    ben rien n'a changé ....

    c pas un foudre de guere alors qu'il n'a qu'un an, et il se fige ou s'éteind encore ....

    Logfile of HijackThis v1.99.1
    Scan saved at 08:36:05, on 24/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RunDLL32.exe
    D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\PROGRA~1\Wanadoo\CnxMon.exe
    D:\PROGRA~1\MESSAG~1\StartMessager.exe
    D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Program Files\WinRAR\WinRAR.exe
    D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
    O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


    24 Avril 2008 16:58:38

    bonjour

    on va supprimer:
    D:\Program Files\Active Key Logger

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    26 Avril 2008 11:47:51

    voila voila

    ComboFix 08-04-24.1 - Florent 2008-04-26 11:37:00.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.640 [GMT 2:00]
    Endroit: D:\Documents and Settings\Florent\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    ADS - WINDOWS: deleted 0 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Documents and Settings\Elise\Application Data\hidires
    D:\Documents and Settings\Elise\Application Data\ShoppingReport
    D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\Config.xml
    D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\db\Aliases.dbs
    D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\db\Sites.dbs
    D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\report\send_storage.xml
    D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    D:\Documents and Settings\Elise\Menu Démarrer\Programmes\WebMediaPlayer
    D:\Documents and Settings\Elise\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
    D:\Documents and Settings\Elise\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
    D:\WINDOWS\regedit.com
    D:\WINDOWS\system32\5_exception.nls
    D:\WINDOWS\system32\main.sys
    D:\WINDOWS\system32\taskmgr.com

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NEW_DRV
    -------\Legacy_RUNTIME


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-19 20:52 . 2008-04-19 20:52 23,392 --a------ D:\WINDOWS\system32\nscompat.tlb
    2008-04-19 20:52 . 2008-04-19 20:52 16,832 --a------ D:\WINDOWS\system32\amcompat.tlb
    2008-04-19 20:22 . 2008-04-19 20:22 <REP> d-------- D:\Program Files\Avira
    2008-04-19 20:22 . 2008-04-19 20:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
    2008-04-09 22:06 . 2008-04-20 21:53 <REP> d-------- D:\WINDOWS\system32\Adobe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-26 09:35 --------- d-----w D:\Documents and Settings\Florent\Application Data\EoRezo
    2008-04-25 12:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-20 04:23 --------- d-----w D:\Program Files\Secured IE
    2008-04-20 04:16 --------- d-----w D:\Program Files\Cain
    2008-04-19 19:06 --------- d---a-w D:\Program Files\Java
    2008-04-19 18:16 --------- d-----w D:\Program Files\Windows Media Connect 2
    2008-03-11 18:39 --------- d-----w D:\Documents and Settings\Elise\Application Data\EoRezo
    2008-03-04 12:10 --------- d-----w D:\Program Files\MSN Messenger
    2008-03-03 20:41 --------- dcsh--w D:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-03 20:41 --------- d-----w D:\Program Files\Windows Live
    2008-03-03 20:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{626482AF-17D0-5DFC-C12D-32A58E631863}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
    2007-09-06 13:28 1453080 --a------ D:\Program Files\securedie\tbsecu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CD36797A-70F3-4ACD-8825-623D3B896881}"= "D:\Program Files\securedie\tbsecu.dll" [2007-09-06 13:28 1453080]

    [HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{CD36797A-70F3-4ACD-8825-623D3B896881}"= D:\Program Files\securedie\tbsecu.dll [2007-09-06 13:28 1453080]

    [HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 13:55 68856]
    "updateMgr"="D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "RocketDock"="D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 22:47 344064]
    "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
    "msnmsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 10:19 729088]
    "NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2006-06-01 18:22 7618560]
    "nwiz"="nwiz.exe" [2006-06-01 18:22 1519616 D:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 86016 D:\WINDOWS\system32\nvmctray.dll]
    "AsusServiceProvider"="D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 11:25 591360]
    "Ai Nap"="D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-08-31 17:01 1422848]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 11:50 20992 D:\WINDOWS\LOGI_MWX.EXE]
    "SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "exp32sys"="D:\Program Files\Active Key Logger\Active Key Logger.exe" [ ]
    "WooCnxMon"="D:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
    "MessagerStarter Wanadoo"="D:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47 32768]
    "WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
    "WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]
    "Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
    "avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 1 (0x1)
    "ConsentPromptBehaviorUser"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "vidc.wmv3"= D:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoCAD Startup Accelerator.lnk]
    path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AutoCAD Startup Accelerator.lnk
    backup=D:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^Florent^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
    path=D:\Documents and Settings\Florent\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk
    backup=D:\WINDOWS\pss\Anti-Pub.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
    --a------ 2007-02-01 11:25 462848 D:\Program Files\eoRezo\EoEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\freeBrowser]
    --a------ 2006-08-28 00:54 413696 D:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
    --a------ 2007-03-01 12:49 2146304 D:\Program Files\Its Label\ItsTV\ItsTV.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    ---hs---- 2004-10-13 18:24 1694208 D:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    D:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "usnjsvc"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\WINDOWS\\system32\\dpvsetup.exe"=
    "D:\\WINDOWS\\system32\\rundll32.exe"=
    "D:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "D:\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "C:\\florent\\jeux\\MOHAA\\moh_spearhead.exe"=
    "C:\\florent\\eMule\\emule.exe"=
    "D:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\florent\\jeux\\cod2\\CoD2MP_s.exe"=
    "C:\\florent\\pilotes\\Freeplayer\\vlc\\vlc.exe"=
    "D:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
    "D:\\Program Files\\freeBrowser\\vlc\\vlc.exe"=
    "D:\\Program Files\\freeBrowser\\freeBrowser\\freeBrowser.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4662:TCP"= 4662:TCP:4662tcp
    "4672:UDP"= 4672:UDP:4672udp

    S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cf4ce90-e14f-11db-bb92-0018f309352d}]
    \Shell\AutoRun\command - F:\Setup\rsrc\autorun.exe
    \Shell\dinstall\command - F:\Directx\dxsetup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-29 14:00:00 D:\WINDOWS\Tasks\Norton Security Scan.job"
    - D:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-26 11:42:10
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\WINDOWS\system32\savedump.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Wanadoo\CnxMon.exe
    D:\Program Files\Messager Wanadoo\StartMessager.exe
    D:\Program Files\Wanadoo\TaskBarIcon.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
    D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-26 11:45:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-26 09:45:03

    Pre-Run: 41,369,473,024 octets libres
    Post-Run: 41,463,304,192 octets libres

    195 --- E O F --- 2008-04-20 01:01:06


    Logfile of HijackThis v1.99.1
    Scan saved at 11:47:34, on 26/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RunDLL32.exe
    D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\PROGRA~1\Wanadoo\CnxMon.exe
    D:\PROGRA~1\MESSAG~1\StartMessager.exe
    D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    D:\WINDOWS\explorer.exe
    D:\WINDOWS\system32\notepad.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Program Files\WinRAR\WinRAR.exe
    D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
    O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)




    26 Avril 2008 13:12:29

    bonjour

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
    O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe


    Clique sur Fix checked (en bas à gauche)

    eoRezo est un vecteur de pubs, tu devrait le désinstaller, lis cette page:
    http://forum.telecharger.01net.com/telecharger/securite...


    on va vérifier quelque chose:

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

    17 Mai 2008 10:21:39

    Search Navipromo version 3.5.7 commencé le 17/05/2008 à 10:12:08,84

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis D:\Program Files\navilog1
    Session actuelle : "Florent"

    Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***


    *** Recherche dossiers dans "D:\WINDOWS" ***


    *** Recherche dossiers dans "D:\Program Files" ***


    *** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***


    *** Recherche dossiers dans "d:\docume~1\alluse~1\menudm~1\progra~1" ***


    *** Recherche dossiers dans "D:\Documents and Settings\Florent\applic~1" ***


    *** Recherche dossiers dans "D:\DOCUME~1\Elise\applic~1" ***


    *** Recherche dossiers dans "D:\Documents and Settings\Florent\locals~1\applic~1" ***


    *** Recherche dossiers dans "D:\DOCUME~1\Elise\locals~1\applic~1" ***


    *** Recherche dossiers dans "D:\Documents and Settings\Florent\menudm~1\progra~1" ***


    *** Recherche dossiers dans "D:\DOCUME~1\Elise\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé


    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "D:\WINDOWS\system32" *

    * Recherche dans "D:\Documents and Settings\Florent\locals~1\applic~1" *

    * Recherche dans "D:\DOCUME~1\Elise\locals~1\applic~1" *



    *** Recherche fichiers ***



    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans "D:\WINDOWS\system32" :


    * Dans "D:\Documents and Settings\Florent\locals~1\applic~1" :


    * Dans "D:\DOCUME~1\Elise\locals~1\applic~1" :


    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 17/05/2008 à 10:17:06,06 ***


    et ...

    Logfile of HijackThis v1.99.1
    Scan saved at 10:21:06, on 17/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\WINDOWS\System32\nvsvc32.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RunDLL32.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\PROGRA~1\Wanadoo\CnxMon.exe
    D:\PROGRA~1\MESSAG~1\StartMessager.exe
    D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    D:\Program Files\Logitech\MouseWare\system\em_exec.exe
    D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
    D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    D:\Program Files\DAEMON Tools\daemon.exe
    D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\WINDOWS\notepad.exe
    D:\Program Files\WinRAR\WinRAR.exe
    D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
    O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    voila dsl pour l'attente


    17 Mai 2008 14:41:21

    bonjour

    Citation :
    voila dsl pour l'attente


    effectivement....

    encore des soucis?
    18 Mai 2008 11:57:01

    lol oui oui :) 
    il s'est bloqué ce matin encore :p 
    18 Mai 2008 12:33:59

    re

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis et ferme tous les programmes.
    Double-clique sur Gmer.exe.

    IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et copie/colle le contenu ici.




    25 Mai 2008 16:35:13

    GMER 1.0.14.14205 - http://www.gmer.net
    Rootkit scan 2008-05-20 23:20:53
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.14 ----

    SSDT sptd.sys ZwCreateKey [0xF73B40D0]
    SSDT F7CBAF64 ZwCreateThread
    SSDT sptd.sys ZwEnumerateKey [0xF73B9E2C]
    SSDT sptd.sys ZwEnumerateValueKey [0xF73BA1BA]
    SSDT sptd.sys ZwOpenKey [0xF73B40B0]
    SSDT F7CBAF50 ZwOpenProcess
    SSDT F7CBAF55 ZwOpenThread
    SSDT sptd.sys ZwQueryKey [0xF73BA292]
    SSDT sptd.sys ZwQueryValueKey [0xF73BA112]
    SSDT sptd.sys ZwSetValueKey [0xF73BA324]
    SSDT F7CBAF5F ZwTerminateProcess
    SSDT F7CBAF5A ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.14 ----

    ? D:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
    .text USBPORT.SYS!DllUnload F615E62C 5 Bytes JMP 86FB41C8
    ? System32\Drivers\anqcg6b0.SYS Le fichier spécifié est introuvable. !

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B4AD4] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B4C1A] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B4B9C] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B5748] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B561E] sptd.sys

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 871D11E8
    Device \Driver\usbuhci \Device\USBPDO-0 86EFA1E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 871601E8
    Device \Driver\dmio \Device\DmControl\DmConfig 871601E8
    Device \Driver\dmio \Device\DmControl\DmPnP 871601E8
    Device \Driver\dmio \Device\DmControl\DmInfo 871601E8
    Device \Driver\usbuhci \Device\USBPDO-1 86EFA1E8
    Device \Driver\usbehci \Device\USBPDO-2 86FB95C0
    Device \Driver\usbuhci \Device\USBPDO-3 86EFA1E8
    Device \Driver\usbuhci \Device\USBPDO-4 86EFA1E8
    Device \Driver\PCI_NTPNP4056 \Device\00000048 sptd.sys
    Device \Driver\usbuhci \Device\USBPDO-5 86EFA1E8
    Device \Driver\usbehci \Device\USBPDO-6 86FB95C0
    Device \Driver\Ftdisk \Device\HarddiskVolume1 871D31E8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 871D31E8
    Device \Driver\atapi \Device\Ide\IdePort0 871D21E8
    Device \Driver\atapi \Device\Ide\IdePort1 871D21E8
    Device \Driver\atapi \Device\Ide\IdePort2 871D21E8
    Device \Driver\atapi \Device\Ide\IdePort3 871D21E8
    Device \Driver\atapi \Device\Ide\IdePort4 871D21E8
    Device \Driver\atapi \Device\Ide\IdePort5 871D21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 871D21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 871D21E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 86B37608
    Device \Driver\NetBT \Device\NetbiosSmb 86B37608
    Device \Driver\NetBT \Device\NetBT_Tcpip_{80F976D8-5F98-42CE-B01E-BBF22022C466} 86B37608
    Device \Driver\usbuhci \Device\USBFDO-0 86EFA1E8
    Device \Driver\usbuhci \Device\USBFDO-1 86EFA1E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CE57A0
    Device \Driver\usbehci \Device\USBFDO-2 86FB95C0
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CE57A0
    Device \Driver\usbuhci \Device\USBFDO-3 86EFA1E8
    Device \Driver\usbuhci \Device\USBFDO-4 86EFA1E8
    Device \Driver\Ftdisk \Device\FtControl 871D31E8
    Device \Driver\usbuhci \Device\USBFDO-5 86EFA1E8
    Device \Driver\usbehci \Device\USBFDO-6 86FB95C0
    Device \Driver\anqcg6b0 \Device\Scsi\anqcg6b01 86ECB1E8
    Device \Driver\anqcg6b0 \Device\Scsi\anqcg6b01Port6Path0Target0Lun0 86ECB1E8
    Device \FileSystem\Cdfs \Cdfs 86AC7468

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x6A 0x5C 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x49 0xE7 0xEA 0xB1 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0xFE 0xBE 0x77 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\ssmdrv\Products@Avira AntiVir Personal \x2013 Free Antivirus D:\Program Files\Avira\AntiVir PersonalEdition Classic\??????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x6A 0x5C 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x49 0xE7 0xEA 0xB1 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0xFE 0xBE 0x77 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\ssmdrv\Products@Avira AntiVir Personal \x2013 Free Antivirus D:\Program Files\Avira\AntiVir PersonalEdition Classic\??????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1162389967
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -515347545
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x6A 0x5C 0xF9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x49 0xE7 0xEA 0xB1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0xFE 0xBE 0x77 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\ssmdrv\Products@Avira AntiVir Personal \x2013 Free Antivirus D:\Program Files\Avira\AntiVir PersonalEdition Classic\??????????????????????????????????????????????????????????????????????????
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls@Avira AntiVir Personal \x2013 Free Antivirus D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

    ---- EOF - GMER 1.0.14 ----


    voila voila :) 
    25 Mai 2008 18:39:10

    re
    on va vérifier qu'un fichier normalement légitime n'est pas patché par une infection.




    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    D:\WINDOWS\system32\drivers\sptd.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
    26 Mai 2008 00:11:42

    dsl je cale sur l'envoi du fichier
    le lien me dis une fois que j'ai sélectionné le fichier :

    0 bytes size received / Se ha recibido un archivo vacio
    26 Mai 2008 20:35:34

    re

    on va regarder:

    Télécharge IceSword de pjf_ sur ce lien http://mail2.ustc.edu.cn/~jfpan/download/IceSword120_en.zip


  • Dézippe le sur ton bureau.
  • Ouvre le dossier qui vient d'être créé
  • Double-clique sur IceSword
  • Dans la colonne de gauche, clique sur File
  • Clique sur la croix de Local Disk ( D: )
  • Clique sur la croix de Windows
  • Clique sur le dossier system32 puis ouvre le dossier drivers
  • Recherche le fichier suivant: sptd.sys
  • Une fois trouvé, clique-droit dessus, choisis Copie to...
  • Nomme le "Malware.sys" et enregistre le sur ton Bureau.
  • Ferme IceSword


    après, tu scannes le fichier du bureau chez virus total:
    D:\Documents and Settings\Florent\Bureau\Malware.sys
    31 Mai 2008 21:05:33

    VOILA :) 


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - -
    FileAdvisor - - -
    Fortinet - - -
    Ikarus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - -
    Prevx1 - - -
    Rising - - -
    Sophos - - -
    Sunbelt - - VIPRE.Suspicious
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - -
    Information additionnelle
    MD5: 4f576e516cc76ec50a244586bcfa1c78
    SHA1: a05ae09feba1212e812cb1068600a1087324f617
    SHA256: 75bca3475af5e211307ee3feeb523a935971f56884f1174fd117e4afe0b0dbd6
    SHA512: 4dd4c3b7b1dbfb9e9f85de9a3bbebf602e9bb0f51e3ca05100550b1dbc0d5442aa3bf0ed569d2e865db9a9a9880b35eaa870dd899e807b17172c73e0aaa49938
    31 Mai 2008 21:42:47

    bonsoir

    crée un sujet ici:Section hardware

    le scan chez virus total n'est pas assez concluant. à mon avis, tu as un problème matériel.
    1 Juin 2008 09:32:17

    D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\Mini060108-01.dmp
    D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\sysdata.xml

    tiens mon ordi s'est éteind tout seul et il il a créé un rapport d'erreur voila les fichiers incriminés

    BCCode : a BCP1 : 00000065 BCP2 : 0000001C BCP3 : 00000000
    BCP4 : 8050272E OSVer : 5_1_2600 SP : 2_0 Product : 256_1
    1 Juin 2008 09:39:08

    D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\Mini060108-01.dmp
    D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\sysdata.xml

    tiens mon ordi s'est éteind tout seul et il il a créé un rapport d'erreur voila les fichiers incriminés

    BCCode : a BCP1 : 00000065 BCP2 : 0000001C BCP3 : 00000000
    BCP4 : 8050272E OSVer : 5_1_2600 SP : 2_0 Product : 256_1
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS