Votre question

mon poste de travail s'ouvre avec paint shop pro

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Avril 2008 12:38:49

Bonjour,
Voilà mon problème, avant hier avast a detecté un virus sur mon ordi et malheuresement j'ai supprimé les fichier inffectés. Ala suite de cette supréssion mes icones et ma barre de tache ont disparu, j'ai donc téléchargé explorer.exe pour les récupérer (il avait disparu), et depui mes icone sont de retour ma barres de taches egalement mais dès que j'éssai d'ouvrir mon poste de travail il s'ouvre avec paint shop je compren pa pourkoi, mes doc, mes images, ma musique également.
Si quelqu'un a une réponse à mon problème je suis preneur.
Merci

Autres pages sur : poste travail ouvre paint shop pro

12 Avril 2008 13:30:07

voila mon scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:16, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\runservice.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\WgaTray.exe
I:\WINDOWS\system32\explorer.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Fichiers communs\VirusGarde\stmon.exe
I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe
I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
I:\Program Files\DAEMON Tools\daemon.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
I:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
I:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\Admin\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Smart Start UP] I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "I:\WINDOWS\TEMP\E_S88.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Salestart] "I:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
O4 - HKLM\..\Run: [Salestart(1)] "I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe" dm=http://sysdepannage.com; ad=http://sysdepannage.com
O4 - HKLM\..\Run: [spa_start] I:\WINDOWS\System32\Rundll32.exe "I:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = I:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - I:\WINDOWS\runservice.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - Unknown owner - I:\WINDOWS\system32\lkcitdl.exe (file missing)
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - Unknown owner - I:\WINDOWS\system32\lkads.exe (file missing)
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - Unknown owner - I:\WINDOWS\system32\lktsrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - Unknown owner - I:\WINDOWS\system32\OpcEnum.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.fond-ecran.net/fonds/bebe_015.jpg
O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/srv30/Images/Wallpapers/...

--
End of file - 10964 bytes
a b 8 Sécurité
12 Avril 2008 13:48:25

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    Contenus similaires
    12 Avril 2008 14:36:19

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 615

    Type de recherche: Examen complet (I:\|)
    Eléments examinés: 112237
    Temps écoulé: 17 minute(s), 31 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 20
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> No action taken.
    HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken.
    HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> No action taken.
    HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> No action taken.
    HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IeBrowserCmp.BrowserCmp (Adware.RightOnAds) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    I:\Program Files\contexttool (Adware.PlayaZ) -> No action taken.
    I:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> No action taken.
    I:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
    I:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.

    Fichier(s) infecté(s):
    I:\WINDOWS\system32\KCMDNIns.exe (Trojan.Inject) -> No action taken.
    I:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> No action taken.
    I:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> No action taken.
    I:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> No action taken.
    I:\WINDOWS\system32\rundll32.exe (Adware.Agent) -> No action taken.
    I:\WINDOWS\system32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> No action taken.
    I:\Documents and Settings\Admin\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
    I:\WINDOWS\explorer.exe.tmp (Heuristics.Reserved.Word.Exploit) -> No action taken.
    I:\Documents and Settings\Admin\Bureau\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
    12 Avril 2008 15:10:37

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 615

    Type de recherche: Examen complet (I:\|)
    Eléments examinés: 114346
    Temps écoulé: 26 minute(s), 17 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 20
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e} (Adware.Fotomoto) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssocial (Adware.RightOnAds) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IeBrowserCmp.BrowserCmp (Adware.RightOnAds) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Adware.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    I:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
    I:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    I:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
    I:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    I:\WINDOWS\system32\KCMDNIns.exe (Trojan.Inject) -> Quarantined and deleted successfully.
    I:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
    I:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
    I:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\rundll32.exe (Adware.Agent) -> Delete on reboot.
    I:\WINDOWS\system32\DcadsSocial-uninstall.exe (Adware.RightOnAds) -> Quarantined and deleted successfully.
    I:\Documents and Settings\Admin\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
    I:\WINDOWS\explorer.exe.tmp (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    I:\Documents and Settings\Admin\Bureau\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    12 Avril 2008 16:32:05

    Reposte un rapport Hijackthis.
    12 Avril 2008 16:38:52

    Voila et bon courage moi j'y comprend rien.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:38:20, on 12/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    I:\WINDOWS\runservice.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    I:\WINDOWS\system32\WgaTray.exe
    I:\WINDOWS\system32\explorer.exe
    I:\WINDOWS\system32\RUNDLL32.EXE
    I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\WINDOWS\system32\rundll32.exe
    I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
    I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    I:\Program Files\Fichiers communs\VirusGarde\stmon.exe
    I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe
    I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    I:\Program Files\DAEMON Tools\daemon.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\Program Files\Windows Live\Messenger\msnmsgr.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Program Files\Sports Interactive\Football Manager 2008\fm.exe
    I:\Documents and Settings\Admin\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Smart Start UP] I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
    O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "I:\WINDOWS\TEMP\E_S88.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Salestart] "I:\Program Files\Fichiers communs\VirusGarde\stmon.exe" dm=http://virusgarde.com; ad=http://virusgarde.com
    O4 - HKLM\..\Run: [Salestart(1)] "I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe" dm=http://sysdepannage.com; ad=http://sysdepannage.com
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = I:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - I:\WINDOWS\runservice.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - Unknown owner - I:\WINDOWS\system32\lkcitdl.exe (file missing)
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - Unknown owner - I:\WINDOWS\system32\lkads.exe (file missing)
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - Unknown owner - I:\WINDOWS\system32\lktsrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OpcEnum - Unknown owner - I:\WINDOWS\system32\OpcEnum.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran.net/fonds/bebe_015.jpg
    O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/srv30/Images/Wallpapers/...

    --
    End of file - 11125 bytes
    a b 8 Sécurité
    12 Avril 2008 17:07:16

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    12 Avril 2008 17:22:02

    Ya un souci le fait de lancer combofix a supprimé les fichiers explorer.exe que j'avais téléchargé je ne peu donc pa retiré le rapport(enfin je crois pas je vois pas comment faire).
    a b 8 Sécurité
    13 Avril 2008 11:10:42

    Tu as redémarré ? Toujours pareil ?
    13 Avril 2008 16:40:45

    Oui sa n'a pas changer c'est toujours pareils
    a b 8 Sécurité
    13 Avril 2008 21:55:38

    Démarrer > Exécuter >explorer.exe
    13 Avril 2008 22:09:40

    Lorsque je fais sa, sa me marque que je ne l'ai pas. Le fait d'utiliser combofix aurait du le réinstaller?
    Je peux toujours retenter une analyse avec combofix je vérais bien.
    13 Avril 2008 22:23:36

    Voila le rapport combofix j'ai finalement réussi à le récupéré.J'éspére que cela pourra vous aider.merci

    ComboFix 08-04-11.8 - Admin 2008-04-13 22:11:44.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.199 [GMT 2:00]
    Endroit: I:\Documents and Settings\Admin\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\Documents and Settings\All Users\Application Data\salesmonitor
    .
    ---- Previous Run -------
    .
    I:\Documents and Settings\All Users\Application Data\salesmonitor
    I:\WINDOWS\system32\dcads-remove.exe
    I:\WINDOWS\system32\explorer.exe
    I:\WINDOWS\system32\real.txt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FMTR


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-13 22:17 . 2008-04-13 22:17 <REP> dr------- I:\Documents and Settings\All Users\Application Data\SalesMonitor
    2008-04-12 14:02 . 2008-04-12 14:02 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-04-12 14:02 . 2008-04-12 14:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-12 14:02 . 2008-04-12 14:02 <REP> d-------- I:\Documents and Settings\Admin\Application Data\Malwarebytes
    2008-04-12 13:59 . 2008-04-12 13:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
    2008-04-12 13:59 . 2004-07-17 11:40 19,528 --a------ I:\WINDOWS\000001_.tmp
    2008-04-11 22:52 . 2008-04-11 22:52 73,269 --a------ I:\WINDOWS\pspbrwse.jbf
    2008-04-11 22:52 . 2008-04-11 22:52 7,912 --a------ I:\WINDOWS\system32\pspbrwse.jbf
    2008-04-11 19:21 . 2008-04-11 19:21 12,900 --a------ I:\WINDOWS\system32\normaliz[1].zip
    2008-04-11 18:45 . 2007-12-07 04:08 383,488 --------- I:\WINDOWS\system32\SET26.tmp
    2008-04-09 22:25 . 2008-04-09 22:25 <REP> d-------- I:\Documents and Settings\Admin\Application Data\Uniblue
    2008-04-09 20:01 . 2005-07-26 13:43 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
    2008-04-09 20:01 . 2005-07-26 13:43 8,192 --a------ I:\WINDOWS\system32\kbdkor.dll
    2008-04-09 20:01 . 2005-07-26 13:43 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
    2008-04-09 20:01 . 2005-07-26 13:43 6,144 --a------ I:\WINDOWS\system32\kbd101c.dll
    2008-04-09 20:01 . 2005-07-26 13:43 6,144 --a------ I:\WINDOWS\system32\kbd101b.dll
    2008-04-09 20:01 . 2005-07-26 13:43 5,632 --a------ I:\WINDOWS\system32\kbd103.dll
    2008-04-09 19:59 . 2008-04-09 19:59 <REP> d-------- I:\Program Files\sina
    2008-04-09 17:03 . 2008-04-09 17:03 <REP> d-------- I:\Program Files\Safari
    2008-04-09 17:02 . 2008-04-09 17:02 <REP> d-------- I:\Program Files\iTunes
    2008-04-09 17:02 . 2008-04-09 17:02 <REP> d-------- I:\Program Files\iPod
    2008-04-09 17:02 . 2008-04-13 22:17 54,156 --ah----- I:\WINDOWS\QTFont.qfn
    2008-04-09 17:02 . 2008-04-09 17:02 1,409 --a------ I:\WINDOWS\QTFont.for
    2008-04-09 17:00 . 2008-04-09 17:01 <REP> d-------- I:\Program Files\QuickTime
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
    2008-03-28 16:03 . 2008-03-30 10:26 <REP> d-------- I:\Program Files\Fichiers communs\Symantec Shared
    2008-03-20 19:40 . 2008-04-13 20:31 <REP> d-------- I:\Program Files\Incomplete

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-13 18:38 --------- d-----r I:\Program Files\LimeWire
    2008-04-13 18:25 --------- d-----w I:\Documents and Settings\Admin\Application Data\LimeWire
    2008-04-13 16:43 --------- d-----w I:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-13 09:07 --------- d-----w I:\Documents and Settings\Admin\Application Data\OpenOffice.org2
    2008-04-12 13:23 --------- d-----w I:\Program Files\Java
    2008-04-12 12:01 --------- d-----w I:\Program Files\Common Files
    2008-04-12 10:21 --------- d--h--w I:\Program Files\InstallShield Installation Information
    2008-04-12 10:21 --------- d-----w I:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-04-09 15:07 --------- d-----w I:\Documents and Settings\Admin\Application Data\Apple Computer
    2008-04-09 07:54 37,074 ----a-w I:\Documents and Settings\Admin\laesiixt.exe
    2008-04-04 11:08 20,570 ----a-w I:\Documents and Settings\Admin\Application Data\wklnhst.dat
    2008-03-29 12:33 --------- d-----w I:\Program Files\National Instruments
    2008-03-29 12:33 --------- d-----w I:\Documents and Settings\All Users\Application Data\National Instruments
    2008-03-29 12:29 --------- d-----w I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-29 12:00 --------- d-----w I:\Program Files\eMule
    2008-03-19 10:06 32,008 ----a-w I:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-08 16:55 --------- d-----w I:\Program Files\Everest Poker
    2008-02-27 21:10 --------- d-----w I:\Program Files\Windows Live
    2008-02-01 10:17 587,264 ----a-w I:\WINDOWS\WLXPGSS.SCR
    2007-11-25 11:08 191,512 ----a-w I:\Documents and Settings\Admin\Application Data\install_fr[2].exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 19:15 68856]
    "MsnMsgr"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
    "RegistryBooster 2 d’Uniblue "="I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-07-12 07:19 7626752]
    "nwiz"="nwiz.exe" [2006-07-12 07:19 1519616 I:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 07:19 86016]
    "SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 09:48 16208384 I:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 I:\WINDOWS\SkyTel.exe]
    "Smart Start UP"="I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe" [2003-01-21 14:25 98304]
    "Sony Ericsson PC Suite"="I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 01:07 593920]
    "Adobe Photo Downloader"="I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
    "avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "Salestart(1)"="I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe" [2007-11-12 20:44 424960]
    "TkBellExe"="I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-05 16:35 185896]
    "DAEMON Tools"="I:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "QuickTime Task"="I:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Config"="I:\WINDOWS\system32\run.cmd" [2005-08-23 13:24 341]
    "nlsf"="cmd.exe" [2004-08-19 18:09 400896 I:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="I:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 17:52 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "I:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "I:\\Program Files\\LimeWire\\LimeWire.exe"=
    "I:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Achernar;Achernar - SCSI Command Filters;I:\WINDOWS\system32\Drivers\Achernar.sys [2005-09-23 13:50]
    R0 xmasbus;xmasbus;I:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
    R0 xmasscsi;xmasscsi;I:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
    R2 LicCtrlService;LicCtrl Service;I:\WINDOWS\runservice.exe [2007-01-10 20:05]
    R3 Aldebaran;Aldebaran - SCSI Command Filters;I:\WINDOWS\system32\Drivers\Aldebaran.sys [2005-09-23 13:50]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);I:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2007-08-27 16:12]
    S3 DSCVc;Video Capture;I:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 17:31]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);I:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);I:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;I:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;I:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);I:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);I:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;I:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);I:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);I:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 12:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58e5fbb4-d63f-11db-ad8e-b73e16f1665b}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72c08a86-a01b-11db-ad6a-91db3fbdde5a}]
    \Shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7745e461-1a5b-11dc-adcb-85da6f5e425d}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdec06f6-c28b-11dc-ae4e-0007cb0000ff}]
    \Shell\AutoRun\command - K:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-09 13:38:02 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - I:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-13 20:15:11 I:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - I:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-13 22:17:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    I:\WINDOWS\system32\WgaTray.exe
    I:\WINDOWS\system32\taskmgr.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\Program Files\Alwil Software\Avast4\ashDisp.exe
    I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.bin
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-13 22:21:08 - machine was rebooted [Admin]
    ComboFix-quarantined-files.txt 2008-04-13 20:21:03
    Pre-Run: 202,683,633,664 octets libres
    Post-Run: 202,702,131,200 octets libres
    .
    2008-04-12 13:14:16 --- E O F ---
    a b 8 Sécurité
    14 Avril 2008 18:20:46

    Reposte un rapport Hijackthis.
    14 Avril 2008 18:46:27

    Voila pour le rapport:
    merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:45:42, on 14/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    I:\WINDOWS\runservice.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\svchost.exe
    I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    I:\WINDOWS\system32\WgaTray.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Documents and Settings\Admin\WINDOWS\system\explorer.exe
    I:\WINDOWS\system32\RUNDLL32.EXE
    I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\WINDOWS\system32\rundll32.exe
    I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe
    I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    I:\Program Files\DAEMON Tools\daemon.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\Program Files\Windows Live\Messenger\msnmsgr.exe
    I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    I:\Program Files\internet explorer\iexplore.exe
    I:\Documents and Settings\Admin\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Smart Start UP] I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Salestart(1)] "I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe" dm=http://sysdepannage.com; ad=http://sysdepannage.com
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = I:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - I:\WINDOWS\runservice.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - Unknown owner - I:\WINDOWS\system32\lkcitdl.exe (file missing)
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - Unknown owner - I:\WINDOWS\system32\lkads.exe (file missing)
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - Unknown owner - I:\WINDOWS\system32\lktsrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OpcEnum - Unknown owner - I:\WINDOWS\system32\OpcEnum.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran.net/fonds/bebe_015.jpg
    O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/srv30/Images/Wallpapers/...

    --
    End of file - 10247 bytes
    a b 8 Sécurité
    14 Avril 2008 18:50:46

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    I:\Documents and Settings\Admin\laesiixt.exe

    Folder::
    I:\Program Files\Fichiers communs\SysDepannage

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Salestart(1)"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    14 Avril 2008 19:12:25

    Voila pour combo fix:

    ComboFix 08-04-11.8 - Admin 2008-04-14 19:03:28.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.419 [GMT 2:00]
    Endroit: I:\Documents and Settings\Admin\Bureau\ComboFix.exe
    Command switches used :: I:\Documents and Settings\Admin\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    I:\Documents and Settings\Admin\laesiixt.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\Documents and Settings\Admin\laesiixt.exe
    I:\Documents and Settings\All Users\Application Data\salesmonitor
    I:\Program Files\Fichiers communs\SysDepannage
    I:\Program Files\Fichiers communs\SysDepannage\strpmon.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-12 14:02 . 2008-04-12 14:02 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-04-12 14:02 . 2008-04-12 14:02 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-12 14:02 . 2008-04-12 14:02 <REP> d-------- I:\Documents and Settings\Admin\Application Data\Malwarebytes
    2008-04-12 13:59 . 2008-04-12 13:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
    2008-04-12 13:59 . 2004-07-17 11:40 19,528 --a------ I:\WINDOWS\000001_.tmp
    2008-04-11 22:52 . 2008-04-11 22:52 73,269 --a------ I:\WINDOWS\pspbrwse.jbf
    2008-04-11 22:52 . 2008-04-11 22:52 7,912 --a------ I:\WINDOWS\system32\pspbrwse.jbf
    2008-04-11 19:21 . 2008-04-11 19:21 12,900 --a------ I:\WINDOWS\system32\normaliz[1].zip
    2008-04-11 18:45 . 2007-12-07 04:08 383,488 --------- I:\WINDOWS\system32\SET26.tmp
    2008-04-09 22:25 . 2008-04-09 22:25 <REP> d-------- I:\Documents and Settings\Admin\Application Data\Uniblue
    2008-04-09 20:01 . 2005-07-26 13:43 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
    2008-04-09 20:01 . 2005-07-26 13:43 8,192 --a------ I:\WINDOWS\system32\kbdkor.dll
    2008-04-09 20:01 . 2005-07-26 13:43 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
    2008-04-09 20:01 . 2005-07-26 13:43 6,144 --a------ I:\WINDOWS\system32\kbd101c.dll
    2008-04-09 20:01 . 2005-07-26 13:43 6,144 --a------ I:\WINDOWS\system32\kbd101b.dll
    2008-04-09 20:01 . 2005-07-26 13:43 5,632 --a------ I:\WINDOWS\system32\kbd103.dll
    2008-04-09 19:59 . 2008-04-09 19:59 <REP> d-------- I:\Program Files\sina
    2008-04-09 17:03 . 2008-04-09 17:03 <REP> d-------- I:\Program Files\Safari
    2008-04-09 17:02 . 2008-04-09 17:02 <REP> d-------- I:\Program Files\iTunes
    2008-04-09 17:02 . 2008-04-09 17:02 <REP> d-------- I:\Program Files\iPod
    2008-04-09 17:02 . 2008-04-14 07:07 54,156 --ah----- I:\WINDOWS\QTFont.qfn
    2008-04-09 17:02 . 2008-04-09 17:02 1,409 --a------ I:\WINDOWS\QTFont.for
    2008-04-09 17:00 . 2008-04-09 17:01 <REP> d-------- I:\Program Files\QuickTime
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
    2008-03-28 16:03 . 2008-03-30 10:26 <REP> d-------- I:\Program Files\Fichiers communs\Symantec Shared
    2008-03-20 19:40 . 2008-04-13 20:31 <REP> d-------- I:\Program Files\Incomplete

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-14 05:08 --------- d-----w I:\Documents and Settings\Admin\Application Data\OpenOffice.org2
    2008-04-13 18:38 --------- d-----r I:\Program Files\LimeWire
    2008-04-13 18:25 --------- d-----w I:\Documents and Settings\Admin\Application Data\LimeWire
    2008-04-13 16:43 --------- d-----w I:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-12 13:23 --------- d-----w I:\Program Files\Java
    2008-04-12 12:01 --------- d-----w I:\Program Files\Common Files
    2008-04-12 10:21 --------- d--h--w I:\Program Files\InstallShield Installation Information
    2008-04-12 10:21 --------- d-----w I:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-04-09 15:07 --------- d-----w I:\Documents and Settings\Admin\Application Data\Apple Computer
    2008-04-04 11:08 20,570 ----a-w I:\Documents and Settings\Admin\Application Data\wklnhst.dat
    2008-03-29 12:33 --------- d-----w I:\Program Files\National Instruments
    2008-03-29 12:33 --------- d-----w I:\Documents and Settings\All Users\Application Data\National Instruments
    2008-03-29 12:29 --------- d-----w I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-29 12:00 --------- d-----w I:\Program Files\eMule
    2008-03-19 10:06 32,008 ----a-w I:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-08 16:55 --------- d-----w I:\Program Files\Everest Poker
    2008-02-27 21:10 --------- d-----w I:\Program Files\Windows Live
    2008-02-01 10:17 587,264 ----a-w I:\WINDOWS\WLXPGSS.SCR
    2007-11-25 11:08 191,512 ----a-w I:\Documents and Settings\Admin\Application Data\install_fr[2].exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-13_22.20.52.60 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-14 17:06:29 16,384 ----atw I:\WINDOWS\Temp\Perflib_Perfdata_5d0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-22 19:15 68856]
    "MsnMsgr"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09 15360]
    "RegistryBooster 2 d’Uniblue "="I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-07-12 07:19 7626752]
    "nwiz"="nwiz.exe" [2006-07-12 07:19 1519616 I:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 07:19 86016]
    "SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 09:48 16208384 I:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 I:\WINDOWS\SkyTel.exe]
    "Smart Start UP"="I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe" [2003-01-21 14:25 98304]
    "Sony Ericsson PC Suite"="I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 01:07 593920]
    "Adobe Photo Downloader"="I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
    "avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
    "TkBellExe"="I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-05 16:35 185896]
    "DAEMON Tools"="I:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
    "QuickTime Task"="I:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="I:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Config"="I:\WINDOWS\system32\run.cmd" [2005-08-23 13:24 341]
    "nlsf"="cmd.exe" [2004-08-19 18:09 400896 I:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="I:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 17:52 44544]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "I:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "I:\\Program Files\\LimeWire\\LimeWire.exe"=
    "I:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Achernar;Achernar - SCSI Command Filters;I:\WINDOWS\system32\Drivers\Achernar.sys [2005-09-23 13:50]
    R0 xmasbus;xmasbus;I:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
    R0 xmasscsi;xmasscsi;I:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
    R2 LicCtrlService;LicCtrl Service;I:\WINDOWS\runservice.exe [2007-01-10 20:05]
    R3 Aldebaran;Aldebaran - SCSI Command Filters;I:\WINDOWS\system32\Drivers\Aldebaran.sys [2005-09-23 13:50]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits);I:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2007-08-27 16:12]
    S3 DSCVc;Video Capture;I:\WINDOWS\system32\DRIVERS\CoachVc.sys [2003-11-03 17:31]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);I:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 19:23]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);I:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;I:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;I:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);I:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);I:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;I:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);I:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);I:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 12:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58e5fbb4-d63f-11db-ad8e-b73e16f1665b}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - I:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72c08a86-a01b-11db-ad6a-91db3fbdde5a}]
    \Shell\AutoRun\command - H:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7745e461-1a5b-11dc-adcb-85da6f5e425d}]
    \Shell\AutoRun\command - J:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdec06f6-c28b-11dc-ae4e-0007cb0000ff}]
    \Shell\AutoRun\command - K:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-09 13:38:02 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - I:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-14 17:06:43 I:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - I:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-14 19:07:15
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\WgaTray.exe
    I:\WINDOWS\system32\taskmgr.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\Program Files\Alwil Software\Avast4\ashDisp.exe
    I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.bin
    I:\WINDOWS\system32\wscntfy.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-14 19:10:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-14 17:10:54
    ComboFix2.txt 2008-04-13 20:21:16
    Pre-Run: 202,803,658,752 octets libres
    Post-Run: 202,781,712,384 octets libres
    .
    2008-04-12 13:14:16 --- E O F ---
    14 Avril 2008 19:13:27

    Et voila le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:12:54, on 14/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    I:\WINDOWS\runservice.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\WgaTray.exe
    I:\WINDOWS\system32\taskmgr.exe
    I:\WINDOWS\system32\RUNDLL32.EXE
    I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\WINDOWS\system32\rundll32.exe
    I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    I:\Program Files\DAEMON Tools\daemon.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    I:\WINDOWS\system32\wscntfy.exe
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Documents and Settings\Admin\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Smart Start UP] I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = I:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - I:\WINDOWS\runservice.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - Unknown owner - I:\WINDOWS\system32\lkcitdl.exe (file missing)
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - Unknown owner - I:\WINDOWS\system32\lkads.exe (file missing)
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - Unknown owner - I:\WINDOWS\system32\lktsrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OpcEnum - Unknown owner - I:\WINDOWS\system32\OpcEnum.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran.net/fonds/bebe_015.jpg
    O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/srv30/Images/Wallpapers/...

    --
    End of file - 9831 bytes
    15 Avril 2008 18:20:30

    voila pour le scan. Par contre mon ordi c'est toujours pas mieux j'ai pas moyen d'acceder a mes document mon poste de travail, et suivant les programme que les scan supprime je n'est plus de barre de tache ni d'icone.
    Bon courage si vous y comprenez quelques choses.

    Avira AntiVir Personal
    Report file date: mardi 15 avril 2008 17:53

    Scanning for 1202665 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: XPSP2-72AB49B46

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 15:35:44
    ANTIVIR3.VDF : 7.0.3.170 123904 Bytes 15/04/2008 15:35:54
    Engineversion : 8.1.0.30
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.23 233851 Bytes 15/04/2008 15:36:47
    AESCN.DLL : 8.1.0.13 115061 Bytes 15/04/2008 15:36:45
    AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
    AEPACK.DLL : 8.1.1.1 364918 Bytes 15/04/2008 15:36:41
    AEOFFICE.DLL : 8.1.0.17 192891 Bytes 15/04/2008 15:36:31
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 15/04/2008 15:36:28
    AEHELP.DLL : 8.1.0.12 115063 Bytes 15/04/2008 15:36:04
    AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 15:34:43
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.26 168311 Bytes 15/04/2008 15:36:01
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: I:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 15 avril 2008 17:53

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'Runservice.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    41 processes with 41 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'I:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '38' files ).


    Starting the file scan:

    Begin scan in 'I:\' <disque local>
    I:\pagefile.sys
    [WARNING] The file could not be opened!
    I:\Program Files\Fichiers communs\VirusGarde\stmon.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
    [NOTE] The file was moved to '4871d18b.qua'!
    I:\QooBox\Quarantine\I\Documents and Settings\Admin\laesiixt.exe.vir
    [DETECTION] Is the Trojan horse TR/Patched.BM
    [NOTE] The file was moved to '4869d31f.qua'!
    I:\QooBox\Quarantine\I\Program Files\Fichiers communs\SysDepannage\strpmon.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
    [NOTE] The file was moved to '4876d334.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP11\A0003595.exe
    [DETECTION] Is the Trojan horse TR/Patched.BM
    [NOTE] The file was moved to '4834d2f8.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP17\A0004989.exe
    [DETECTION] Is the Trojan horse TR/Patched.BM
    [NOTE] The file was moved to '4834d327.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006279.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d34b.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006280.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d34d.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006281.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d34f.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006282.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d350.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006283.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d352.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006285.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d354.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006287.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d357.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP18\A0006293.exe
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [NOTE] The file was moved to '4834d358.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP23\A0006610.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
    [NOTE] The file was moved to '4834d372.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP23\A0006611.exe
    [DETECTION] Is the Trojan horse TR/Patched.BM
    [NOTE] The file was moved to '4834d374.qua'!
    I:\System Volume Information\_restore{1CE939A8-F9D8-4270-90B5-CC2F4D1B64A6}\RP26\A0006787.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agen.593920
    [NOTE] The file was moved to '4834d37b.qua'!
    I:\WINDOWS\system32\mmf.sys
    [WARNING] The file could not be opened!
    I:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: mardi 15 avril 2008 18:16
    Used time: 23:27 min

    The scan has been done completely.

    7595 Scanning directories
    325932 Files were scanned
    16 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    16 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    325916 Files not concerned
    1813 Archives were scanned
    7 Warnings
    16 Notes

    a b 8 Sécurité
    15 Avril 2008 19:05:15

    Reposte un rapport Hijackthis.
    15 Avril 2008 19:11:27

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:11:24, on 15/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    I:\WINDOWS\runservice.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\WgaTray.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    I:\WINDOWS\system\explorer.exe
    I:\WINDOWS\system32\RUNDLL32.EXE
    I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    I:\Program Files\DAEMON Tools\daemon.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\Program Files\Windows Live\Messenger\msnmsgr.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    I:\Program Files\internet explorer\iexplore.exe
    I:\Documents and Settings\Admin\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Smart Start UP] I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = I:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - I:\WINDOWS\runservice.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - Unknown owner - I:\WINDOWS\system32\lkcitdl.exe (file missing)
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - Unknown owner - I:\WINDOWS\system32\lkads.exe (file missing)
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - Unknown owner - I:\WINDOWS\system32\lktsrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OpcEnum - Unknown owner - I:\WINDOWS\system32\OpcEnum.exe (file missing)
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran.net/fonds/bebe_015.jpg
    O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/srv30/Images/Wallpapers/...

    --
    End of file - 9924 bytes
    a b 8 Sécurité
    15 Avril 2008 20:19:24

    Encore des soucis ?
    15 Avril 2008 20:24:00

    Toujours des soucis! lol
    Je vraiment désolé mais après tous ce qu'on a fait rien a changé.Je pense que tous vient du fait d'avoir supprimé les fichiers explorer lorsque j'ai eu un virus.
    J'avais une question je n'ai plus accès a mes image mes musique mes documents. Est ce que si je tranfert les dossiers sur un disque dur externe je pourrai les lire?
    Merci
    a b 8 Sécurité
    15 Avril 2008 20:34:05

    Ces problèmes ne sont pas lié à un virus pour moi.
    Tu avais AVG avant ?

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O24 - Desktop Component 0: (no name) - http://www.fond-ecran.net/fonds/bebe_015.jpg
    O24 - Desktop Component 1: (no name) - http://wallpapers.boolsite.net/srv [...] dation.jpg
    15 Avril 2008 20:42:09

    AVG? Je ne sais pas ce que sais.
    Je reposte un hijackthis?
    15 Avril 2008 20:42:39

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:42:34, on 15/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    I:\WINDOWS\runservice.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\WgaTray.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    I:\WINDOWS\system\explorer.exe
    I:\WINDOWS\system32\RUNDLL32.EXE
    I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    I:\Program Files\DAEMON Tools\daemon.exe
    I:\Program Files\iTunes\iTunesHelper.exe
    I:\Program Files\Windows Live\Messenger\msnmsgr.exe
    I:\WINDOWS\system32\ctfmon.exe
    I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    I:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    I:\Program Files\iPod\bin\iPodService.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    I:\Program Files\internet explorer\iexplore.exe
    I:\Documents and Settings\Admin\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - I:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Smart Start UP] I:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools] "I:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] I:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = I:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = I:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - I:\WINDOWS\runservice.exe
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - Unknown owner - I:\WINDOWS\system32\lkcitdl.exe (file missing)
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - Unknown owner - I:\WINDOWS\system32\lkads.exe (file missing)
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - Unknown owner - I:\WINDOWS\system32\lktsrv.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OpcEnum - Unknown owner - I:\WINDOWS\system32\OpcEnum.exe (file missing)

    --
    End of file - 9667 bytes
    a b 8 Sécurité
    16 Avril 2008 13:30:37

    C'est propre.
    16 Avril 2008 18:05:14

    Je n'ai toujours pas de barre de tache a pars si je vais en télécharger une. Mais même quand j'en télécharge un je peu plus acceder à mes documents. Je comprend pas. Et si je formate est ce que je peu etre sur que mes fichiers sont bien sur mon disque dur? j'aimerais ne pas tout perdre.
    a b 8 Sécurité
    16 Avril 2008 20:09:57

    Ctrl + Alt + Suppr -> Fichier -> Nouvelle tâche -> explorer.exe
    17 Avril 2008 20:03:21

    Non toujours pas. Je suis vraiment désolé, c'est la première fois que ce probleme arrive à quelqu'un? Merci d'essayer de trouver une solution a mon problème moi je suis completement perdu.
    a b 8 Sécurité
    17 Avril 2008 20:35:32

    Tu as le cd de windows ?
    18 Avril 2008 18:30:19

    C'est là que je me sent très bête car malheuresement j'ai pas voulu acheté de windows du coup maintenant je me retrouve sans véritable cd windows pour restaurer.Je n'ai même pas de cd du tous on me l'avait prété a l'époque.
    a b 8 Sécurité
    18 Avril 2008 18:31:10

    Tu devrais essayer dans la section Hardware.
    19 Avril 2008 10:13:03

    ok d'accord merci pour tous. Vraiment sympa ton aide.
    A une prochaine fois peu étre pour un problème plus simple a résoudre j'éspère!
    a b 8 Sécurité
    19 Avril 2008 12:45:00

    Bon surf ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS