Se connecter / S'enregistrer
Votre question

Pubs Intempestives [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Mars 2008 16:27:50

Bonjour ,

Je suis de nouveau régulièrement averti par des Pubs intempestives(Que ce soit les faux-Antivirus , aux casinos en passant par les agences de voyage) en Pop-Up , ce qui devient légèrement "énervant" ^^.

Il y a quelques mois j'avais fait appel a Angeldark qui avait résolu ce meme problème (commun a beaucoup d'autres Pc) avec succés.

Je dispose de Hijackthis , Navilog1, Avg Anti-Spyware, Spybot , SDFix, Clean.cmd et Naturellement Avast.

Pc : Windows Xp Sp2

Il me semble que la première chose a faire est de poster le rapport Hijack , merci de me dire si c'est le cas :) 

Merci a Vous ;) 

Autres pages sur : pubs intempestives resolu

31 Mars 2008 19:50:41

Re,

Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:20, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\LimeWire01\LimeWire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BrowsingAdvisor - {F1E96EDC-E0C8-BE98-1F15-C29DBED83B53} - C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ER45YRID\ErrorSafeFrenchNewReleaseInstall[1].exe" -nag
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{1C-C9-9C-C5-DW}] C:\WINDOWS\system32\ext\begmgr11.exe DWram
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [Task] C:\DOCUME~1\HP_ADM~1\taskmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelp...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://rivernile.microgaming.com/rivernile/FlashAX.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinosplendido.microgaming.com/casinosplendido...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10900 bytes
Contenus similaires
a b 8 Sécurité
31 Mars 2008 21:28:09

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    31 Mars 2008 23:14:57

    Hop la ,

    40 Fichiers Supprimés ,

    Le Rapport :

    Malwarebytes' Anti-Malware 1.09
    Database version: 574
    Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|I:\|)
    Objects scanned: 170077
    Time elapsed: 31 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 10
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 8
    Files Infected: 25

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{06075f5d-ef05-16d5-5687-249a7c80eb26} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5b225ecb-2ed9-991d-713c-461009a60f29} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1e96edc-e0c8-be98-1f15-c29dbed83b53} (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\browsingadvisor.pornpro_bho.1 (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\browsingadvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1C-C9-9C-C5-DW} (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\POSTSETUPCHECK (Adware.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingAdvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\ext\begmgr11.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingAdvisor\BrowsingAdvisor-2.dll (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingAdvisor\BrowsingAdvisor.dat (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    C:\Program Files\BrowsingAdvisor\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atgban.dll (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rundll32.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureau\WebMediaPlayer.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.

    Mais euhhh ... Petit problème , je n'arrive plus a executer sysdm.cpl
    pareil pour addwiz.cpl

    Cette Ligne m'inquiète : C:\WINDOWS\system32\rundll32.exe (Adware.Agent) -> Quarantined and deleted successfully.

    Est-ce Normal ? 8-) :s
    a b 8 Sécurité
    1 Avril 2008 15:50:00

    Reposte un rapport Hijackthis ;) 
    1 Avril 2008 17:51:37

    Le voici :p  ,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:51:17, on 01/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll (file missing)
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ER45YRID\ErrorSafeFrenchNewReleaseInstall[1].exe" -nag
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [Task] C:\DOCUME~1\HP_ADM~1\taskmgr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelp...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://rivernile.microgaming.com/rivernile/FlashAX.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinosplendido.microgaming.com/casinosplendido...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10287 bytes
    a b 8 Sécurité
    1 Avril 2008 18:11:29

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    1 Avril 2008 18:26:00

    Voici le Scan :




    ComboFix 08-03-30.5 - HP_Administrateur 2008-04-01 18:16:13.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1455 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\bfefoa.dat
    c:\documents and settings\hp_administrateur\local settings\application data\bfefoa.exe
    c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\bfefoa_nav.dat
    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\bfefoa_navps.dat
    C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\gbRve12
    C:\Temp\gbRve12\csLioes.log
    C:\WA6P
    C:\WINDOWS\system32\ext
    C:\WINDOWS\system32\fo-remove.exe
    C:\WINDOWS\system32\UpMedia
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FOPN


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-01 00:48 . 2008-04-01 00:48 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-04-01 00:48 . 2008-04-01 00:48 46,446 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-04-01 00:47 . 2008-04-01 00:47 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-04-01 00:47 . 2008-04-01 00:48 2,451 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-31 22:35 . 2008-03-31 22:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-03-31 22:27 . 2008-03-31 22:27 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
    2008-03-31 22:27 . 2008-03-31 22:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-31 19:50 . 2008-03-31 19:50 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-31 17:20 . 2008-03-31 17:20 <REP> d-------- C:\Program Files\Avira
    2008-03-31 17:20 . 2008-03-31 17:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-31 17:07 . 2008-03-31 17:07 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
    2008-03-31 16:37 . 2008-03-31 16:37 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HPQ
    2008-03-31 16:11 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-31 16:11 . 2008-03-31 16:11 58 --a------ C:\fixnavi.txt)
    2008-03-31 00:22 . 2008-03-31 00:22 <REP> d-------- C:\Program Files\ASIO4ALL v2
    2008-03-31 00:21 . 2008-03-31 00:21 <REP> d-------- C:\Program Files\Outsim
    2008-03-30 22:22 . 2008-03-30 22:22 <REP> d-------- C:\Logs
    2008-03-29 21:36 . 2008-03-30 20:26 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\DivX
    2008-03-29 21:36 . 2008-02-21 04:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\xir
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\pex3
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\imd4
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\DL
    2008-03-27 21:37 . 2008-03-31 18:38 <REP> d-------- C:\WINDOWS\system32\aqVreo05
    2008-03-27 21:37 . 2008-03-27 21:37 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 16:19 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2008-04-01 16:19 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
    2008-03-31 20:18 --------- d-----w C:\Program Files\Steam
    2008-03-31 15:31 3,884 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    2008-03-31 14:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Skype
    2008-03-31 11:21 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
    2008-03-31 11:20 --------- d-----w C:\Program Files\Wanadoo
    2008-03-30 22:35 --------- d-----w C:\Program Files\Image-Line
    2008-03-30 22:34 --------- d-----w C:\Program Files\VstPlugins
    2008-03-30 20:15 --------- d-----w C:\Program Files\World of Warcraft
    2008-03-29 19:36 --------- d-----w C:\Program Files\DivX
    2008-03-28 16:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 22:31 --------- d-----w C:\Program Files\Logitech
    2008-03-23 22:31 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
    2008-03-23 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-03-23 00:17 --------- d-----w C:\Program Files\Java
    2008-02-29 12:54 --------- d-----w C:\Program Files\Windows Live
    2008-02-29 01:46 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-28 19:57 --------- d-----w C:\Program Files\LimeWire01
    2008-02-26 12:07 --------- d-----w C:\Program Files\iTunes
    2008-02-26 12:06 --------- d-----w C:\Program Files\QuickTime
    2008-02-26 12:06 --------- d-----w C:\Program Files\iPod
    2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-04-02 17:28 384 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb6334.dat
    2007-04-02 17:09 194 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb8467.dat
    2007-04-02 17:09 18,432 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb41.dat
    2007-01-30 16:29 3,570,688 --sha-w C:\Program Files\ehthumbs.db
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
    C:\WINDOWS\system32\atgban.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 15:15 151552]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-21 02:06 7622656]
    "nwiz"="nwiz.exe" [2006-06-21 02:06 1519616 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 10:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 07:11 49152]
    "NI.UERSV_9999_N91S1912"="C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ER45YRID\ErrorSafeFrenchNewReleaseInstall[1].exe" [ ]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
    "ISUSScheduler"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 00:50 81920]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-16 19:15 185896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-31 17:22 249896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "Task"= C:\DOCUME~1\HP_ADM~1\taskmgr.exe

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Documents and Settings\HP_Administrateur\Bureau\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    --a------ 2005-10-23 00:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2007-10-25 17:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "AVG Anti-Spyware Guard"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\World of Warcraft\\Repair.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-frFR-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\LimeWire01\\LimeWire.exe"=
    "C:\\Program Files\\Steam\\steamapps\\mangamer\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\steamapps\\calimero666\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\Program Files\\Steam\\steamapps\\mangamer\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\steamapps\\mangamer\\condition zero deleted scenes\\hl.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Steam\\steamapps\\pedro5566\\condition zero\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\HP_Administrateur\Bureau\Dossiers\Securité\Malwarebytes' Anti-Malware\catchme.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19174562-a3c2-11db-9b56-00c0a8c68cf4}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6501dc84-94fc-11dc-9cd8-00c0a8c68cf4}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - F:\Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34dc70c-62e0-11dc-9c8c-00c0a8c68cf4}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-25 09:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 18:21:04
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\WINDOWS\system32\dllhost.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-01 18:24:08 - machine was rebooted [HP_Administrateur]
    ComboFix-quarantined-files.txt 2008-04-01 16:24:05
    Pre-Run: 183,017,828,352 octets libres
    Post-Run: 182,934,290,432 octets libres
    .
    2008-03-11 17:18:34 --- E O F ---
    a b 8 Sécurité
    1 Avril 2008 18:34:01

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ER45YRID\ErrorSafeFrenchNewReleaseInstall[1].exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NI.UERSV_9999_N91S1912"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    1 Avril 2008 19:03:51

    Combofix ne m'a pas demandé de redémarrer , Ni de tapper 1 :) 


    ComboFix 08-03-30.5 - HP_Administrateur 2008-04-01 18:56:38.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1316 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ER45YRID\ErrorSafeFrenchNewReleaseInstall[1].exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-01 to 2008-04-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-01 18:47 . 2008-04-01 18:47 <REP> d-------- C:\WINDOWS\LastGood
    2008-04-01 18:47 . 2008-04-01 18:47 <REP> d-------- C:\Program Files\UxTheme Multipatcher Fr
    2008-04-01 18:47 . 2004-08-17 22:52 219,648 --a------ C:\WINDOWS\system32\OLD6D.tmp
    2008-04-01 00:48 . 2008-04-01 00:48 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-04-01 00:48 . 2008-04-01 00:48 46,446 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-04-01 00:47 . 2008-04-01 00:47 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-04-01 00:47 . 2008-04-01 00:48 2,451 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-31 22:35 . 2008-03-31 22:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-03-31 22:27 . 2008-03-31 22:27 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
    2008-03-31 22:27 . 2008-03-31 22:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-31 19:50 . 2008-03-31 19:50 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-31 17:20 . 2008-03-31 17:20 <REP> d-------- C:\Program Files\Avira
    2008-03-31 17:20 . 2008-03-31 17:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-31 17:07 . 2008-03-31 17:07 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
    2008-03-31 16:37 . 2008-03-31 16:37 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\HPQ
    2008-03-31 16:11 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-03-31 16:11 . 2008-03-31 16:11 58 --a------ C:\fixnavi.txt)
    2008-03-31 00:22 . 2008-03-31 00:22 <REP> d-------- C:\Program Files\ASIO4ALL v2
    2008-03-31 00:21 . 2008-03-31 00:21 <REP> d-------- C:\Program Files\Outsim
    2008-03-30 22:22 . 2008-03-30 22:22 <REP> d-------- C:\Logs
    2008-03-29 21:36 . 2008-03-30 20:26 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\DivX
    2008-03-29 21:36 . 2008-02-21 04:05 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\xir
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\pex3
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\imd4
    2008-03-27 21:37 . 2008-03-27 21:37 <REP> d-------- C:\WINDOWS\system32\DL
    2008-03-27 21:37 . 2008-03-31 18:38 <REP> d-------- C:\WINDOWS\system32\aqVreo05
    2008-03-27 21:37 . 2008-03-27 21:37 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 16:19 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2008-04-01 16:19 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
    2008-03-31 20:18 --------- d-----w C:\Program Files\Steam
    2008-03-31 15:31 3,884 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
    2008-03-31 14:51 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Skype
    2008-03-31 11:21 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Apple Computer
    2008-03-31 11:20 --------- d-----w C:\Program Files\Wanadoo
    2008-03-30 22:35 --------- d-----w C:\Program Files\Image-Line
    2008-03-30 22:34 --------- d-----w C:\Program Files\VstPlugins
    2008-03-30 20:15 --------- d-----w C:\Program Files\World of Warcraft
    2008-03-29 19:36 --------- d-----w C:\Program Files\DivX
    2008-03-28 16:56 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-23 22:31 --------- d-----w C:\Program Files\Logitech
    2008-03-23 22:31 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
    2008-03-23 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
    2008-03-23 00:17 --------- d-----w C:\Program Files\Java
    2008-02-29 12:54 --------- d-----w C:\Program Files\Windows Live
    2008-02-29 01:46 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-28 19:57 --------- d-----w C:\Program Files\LimeWire01
    2008-02-26 12:07 --------- d-----w C:\Program Files\iTunes
    2008-02-26 12:06 --------- d-----w C:\Program Files\QuickTime
    2008-02-26 12:06 --------- d-----w C:\Program Files\iPod
    2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-04-02 17:28 384 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb6334.dat
    2007-04-02 17:09 194 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb8467.dat
    2007-04-02 17:09 18,432 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\internaldb41.dat
    2007-01-30 16:29 3,570,688 --sha-w C:\Program Files\ehthumbs.db
    2006-10-27 18:17 2,532,922 ----a-w C:\WINDOWS\inf\SET15D.tmp
    2006-02-19 09:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2004-08-10 11:00 1,568,358 ----a-w C:\WINDOWS\inf\SET1D0.tmp
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-01_18.23.54.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-17 20:52:08 219,648 ----a-w C:\WINDOWS\LastGood\system32\uxtheme.dll
    + 2002-05-06 12:04:22 1,135,104 ----a-w C:\WINDOWS\Resources\Themes\Black\shell\normalcolor\shellstyle.dll
    - 2008-03-31 22:48:48 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
    + 2004-08-09 21:00:00 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
    - 2008-03-31 22:48:48 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    + 2004-08-09 21:00:00 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 15:15 151552]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-21 02:06 7622656]
    "nwiz"="nwiz.exe" [2006-06-21 02:06 1519616 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 10:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 03:23 663552]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 07:11 49152]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
    "ISUSScheduler"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-28 00:50 81920]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-16 19:15 185896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-31 17:22 249896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "Task"= C:\DOCUME~1\HP_ADM~1\taskmgr.exe

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Documents and Settings\HP_Administrateur\Bureau\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    --a------ 2005-10-23 00:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    --a------ 2007-10-25 17:33 563984 C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    --a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-14 01:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
    C:\PROGRA~1\Wanadoo\GestMaj.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
    C:\PROGRA~1\Wanadoo\Watch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "AVG Anti-Spyware Guard"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\World of Warcraft\\Repair.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.7.6383-frFR-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\LimeWire01\\LimeWire.exe"=
    "C:\\Program Files\\Steam\\steamapps\\mangamer\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Steam\\steamapps\\calimero666\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\Program Files\\Steam\\steamapps\\mangamer\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\steamapps\\mangamer\\condition zero deleted scenes\\hl.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\Program Files\\Steam\\steamapps\\pedro5566\\condition zero\\hl.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 19:44]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 12:35]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
    S3 MBAMCatchMe;MBAMCatchMe;C:\Documents and Settings\HP_Administrateur\Bureau\Dossiers\Securité\Malwarebytes' Anti-Malware\catchme.sys [2008-03-19 18:31]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19174562-a3c2-11db-9b56-00c0a8c68cf4}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6501dc84-94fc-11dc-9cd8-00c0a8c68cf4}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - F:\Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b34dc70c-62e0-11dc-9c8c-00c0a8c68cf4}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-25 09:13:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-01 18:58:08
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-01 18:59:24
    ComboFix-quarantined-files.txt 2008-04-01 16:59:08
    ComboFix2.txt 2008-04-01 16:24:09
    Pre-Run: 183,364,964,352 octets libres
    Post-Run: 183,351,267,328 octets libres
    .
    2008-03-11 17:18:34 --- E O F ---




    Rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03:39, on 01/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [Task] C:\DOCUME~1\HP_ADM~1\taskmgr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe (file missing)
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelp...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://rivernile.microgaming.com/rivernile/FlashAX.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinosplendido.microgaming.com/casinosplendido...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9818 bytes
    a b 8 Sécurité
    1 Avril 2008 19:07:29

    Tu as le dossier qoobox ?
    1 Avril 2008 19:19:36

    Oui , situé dans C:/
    a b 8 Sécurité
    1 Avril 2008 20:53:51

    Merci :) 
    Tu as encore des soucis ?
    1 Avril 2008 21:39:57

    Oui ^^

    Je n'ai plus ma Rundll.exe

    Donc diverses commandes en Executer ne fonctionnent plus...
    (Appwiz.cpl , Sysdm.cpl ... )

    Egalement le Clique droit propriété sur le Bureau ou sur le Poste de travail ...
    a b 8 Sécurité
    1 Avril 2008 21:58:09

    Tu as un autre pc ou le cd de Windows ?
    1 Avril 2008 22:01:38

    Non :s

    Comment se peut il que MalwareByts supprime des Fichiers systèmes ?

    C:\WINDOWS\system32\rundll32.exe (Adware.Agent) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    1 Avril 2008 22:23:17

    Citation :
    Comment se peut il que MalwareByts supprime des Fichiers systèmes ?

    Ton fichier était certainement infecté. Pas moyen de te faire envoyer le fichier rundll32 ?
    1 Avril 2008 22:35:41

    C'est ce que j'ai fait :) 

    Par Msn (Un exploit ^^ )

    Pas d'autre fichier Système supprimés me semble t-il ?

    Merci, plus de pubs :) 
    a b 8 Sécurité
    2 Avril 2008 13:18:55

    J'ai besoin d'un petit test si tu veux bien :
    - mets à jour MalwareByte's Anti-Malware
    - relance un scan complet
    Dis moi si le rundll32 est encore détecté.
    2 Avril 2008 14:47:50

    Re ;) 

    Pas De Rundll32 Supprimée :) 

    Cependant 3Trojans + 2Adwares ^^

    Je te poste le rapport si jamais cela t'interesse :) 







    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 582

    Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|)
    Eléments examinés: 154582
    Temps écoulé: 35 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    a b 8 Sécurité
    2 Avril 2008 14:53:58

    D'autres soucis ?
    2 Avril 2008 16:34:27

    Aucun ;) 

    Merci a Toi :) 

    ++
    a b 8 Sécurité
    2 Avril 2008 18:59:58

    Bon surf :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS