Votre question

Virus isuisse

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Mars 2008 12:56:40

Bonjour à tous,

J'ai chopé le virus isuisse sur msn, je n'arrive pas à le supprimer, avez vous des pistes?
Je vous remercie.

Autres pages sur : virus isuisse

a b 8 Sécurité
10 Mars 2008 14:04:05

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
10 Mars 2008 19:16:29

Bonjour, voici le rapport de msnfix

MSNFix 1.678-c

C:\Documents and Settings\Alexandre BERNARD\Bureau\MSNFix\MSNFix
Fix exécuté le 10/03/2008 - 19:07:54,18 By Alexandre BERNARD
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
... C:\WINDOWS\system32\real.txt

************************ Recherche les dossiers présents

... \TEMP\
... C:\Temp\




************************ Suppression des fichiers

/!\ ... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\real.txt


************************ Suppression des dossiers

/!\ ... \TEMP\
/!\ ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10032008_19123801.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Contenus similaires
10 Mars 2008 19:37:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:22, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\MultiPASS4\MPDBMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

--
End of file - 10369 bytes
a b 8 Sécurité
10 Mars 2008 19:42:03

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    10 Mars 2008 20:00:45

    ComboFix 08-03-10.1 - Alexandre BERNARD 2008-03-10 19:55:15.3 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.226 [GMT 1:00]
    Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-10 00:33 . 2008-03-10 00:33 <REP> d--hs---- C:\FOUND.014
    2008-03-06 21:36 . 2008-03-06 21:36 <REP> d--hs---- C:\FOUND.013
    2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
    2008-03-06 21:22 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-03-06 21:22 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-03-06 21:22 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-06 21:22 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-03-06 21:22 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-06 21:22 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-06 21:22 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-06 21:22 . 2008-03-06 21:22 51 --a------ C:\WINDOWS\system32\config.nt
    2008-03-06 20:07 . 2008-03-06 20:07 <REP> d--hs---- C:\FOUND.012
    2008-03-06 19:41 . 2008-03-06 19:41 <REP> d--hs---- C:\FOUND.011
    2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
    2008-03-06 12:47 . 2008-03-06 12:47 <REP> d--hs---- C:\FOUND.010
    2008-03-05 22:17 . 2008-03-05 22:17 <REP> d--hs---- C:\FOUND.009
    2008-03-05 20:33 . 2008-03-05 20:33 <REP> d--hs---- C:\FOUND.008
    2008-03-05 20:03 . 2008-03-05 20:03 <REP> d--hs---- C:\FOUND.007
    2008-03-05 16:35 . 2008-03-05 16:35 <REP> d--hs---- C:\FOUND.006
    2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
    2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
    2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
    2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
    2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
    2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-02-28 21:18 . 2008-02-28 21:18 <REP> d-------- C:\Program Files\Fichiers communs\WhenU
    2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
    2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
    2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
    2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
    2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
    2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
    2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
    2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
    2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
    2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
    2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
    2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
    2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
    2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-10_19.48.00.81 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-10 18:51:30 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_564.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "preload"="C:\Windows\RUNXMLPL.exe" [ ]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
    "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
    "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
    "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
    "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 17:10:23 110592]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
    backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "D:\\ALEX\\blobby\\volley.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
    R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
    R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
    R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
    S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
    S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

    *Newly Created Service* - INT15.SYS
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-10 19:58:54
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    "ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
    [\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"

    .
    Temps d'accomplissement: 2008-03-10 19:59:53
    ComboFix-quarantined-files.txt 2008-03-10 18:59:50
    ComboFix2.txt 2008-03-10 18:48:22
    .
    2008-03-09 23:46:26 --- E O F ---
    10 Mars 2008 20:29:43

    Merci pour ces manipulations, je ne sais pas si elles ont supprimées le virus.
    Je reste en attente.
    a b 8 Sécurité
    10 Mars 2008 21:20:42

    Re,

    Télécharge BTFix ([#ff0000]Bibi26[/#f]).
    Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    10 Mars 2008 21:23:43

    BTFix 1.085 (par bibi26) - 10/03/2008 21:23:08 - Analyse
    Lancé depuis C:\Documents and Settings\Alexandre BERNARD\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\Program Files\Fichiers communs\WhenU\

    ---> Analyse terminée
    11 Mars 2008 12:10:44

    BTFix 1.085 (par bibi26) - 11/03/2008 12:09:30 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\Alexandre BERNARD\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - C:\Program Files\Fichiers communs\WhenU\

    ---> Nettoyage terminé
    11 Mars 2008 17:41:09

    Le scan de antivir est en cours je poste dès que c'est terminé.
    Merci pour les conseils.
    11 Mars 2008 18:30:31



    AntiVir PersonalEdition Classic
    Report file date: mardi 11 mars 2008 17:36

    Scanning for 1142431 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Alexandre BERNARD
    Computer name: ALEX

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:28:46
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 12:28:46
    ANTIVIR3.VDF : 7.0.3.16 76800 Bytes 11/03/2008 12:28:46
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 11/03/2008 12:28:46
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/03/2008 12:28:46
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 11 mars 2008 17:36

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'ScsiAccess.EXE' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'SQLSERVR.EXE' - '1' Module(s) have been scanned
    Scan process 'MPSERVIC.EXE' - '1' Module(s) have been scanned
    Scan process 'KodakCCS.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'admServ.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
    Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
    Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
    Scan process 'ADMTRAY.EXE' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned
    Scan process 'WButton.exe' - '1' Module(s) have been scanned
    Scan process 'OSDCtrl.exe' - '1' Module(s) have been scanned
    Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
    Scan process 'Powerkey.exe' - '1' Module(s) have been scanned
    Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned
    Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    53 processes with 53 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '40' files ).


    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\QooBox\Quarantine\catchme2008-03-10_194748.12.zip
    [0] Archive type: ZIP
    --> services.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '484abda1.qua'!
    Begin scan in 'D:\' <ACERDATA>


    End of the scan: mardi 11 mars 2008 18:26
    Used time: 49:48 min

    The scan has been done completely.

    8412 Scanning directories
    278939 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    278938 Files not concerned
    7794 Archives were scanned
    3 Warnings
    0 Notes

    a b 8 Sécurité
    11 Mars 2008 19:39:58

    Refais un scan Combofix.
    11 Mars 2008 20:03:37

    ComboFix 08-03-10.1 - Alexandre BERNARD 2008-03-11 19:46:46.4 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.195 [GMT 1:00]
    Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-11 13:27 . 2008-03-11 13:27 <REP> d-------- C:\Program Files\Avira
    2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-10 00:33 . 2008-03-10 00:33 <REP> d--hs---- C:\FOUND.014
    2008-03-06 21:36 . 2008-03-06 21:36 <REP> d--hs---- C:\FOUND.013
    2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
    2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-03-06 21:22 . 2008-03-11 12:11 2 --a------ C:\WINDOWS\system32\config.nt
    2008-03-06 20:07 . 2008-03-06 20:07 <REP> d--hs---- C:\FOUND.012
    2008-03-06 19:41 . 2008-03-06 19:41 <REP> d--hs---- C:\FOUND.011
    2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
    2008-03-06 12:47 . 2008-03-06 12:47 <REP> d--hs---- C:\FOUND.010
    2008-03-05 22:17 . 2008-03-05 22:17 <REP> d--hs---- C:\FOUND.009
    2008-03-05 20:33 . 2008-03-05 20:33 <REP> d--hs---- C:\FOUND.008
    2008-03-05 20:03 . 2008-03-05 20:03 <REP> d--hs---- C:\FOUND.007
    2008-03-05 16:35 . 2008-03-05 16:35 <REP> d--hs---- C:\FOUND.006
    2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
    2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
    2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
    2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
    2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
    2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
    2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
    2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
    2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
    2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
    2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
    2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
    2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
    2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
    2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
    2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
    2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
    2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
    2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-10_19.48.00.81 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-04-25 08:38:54 124,928 ------w C:\WINDOWS\system32\advpack.dll
    + 2007-12-07 02:08:32 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
    - 2004-08-05 06:00:00 581,120 ------w C:\WINDOWS\system32\dllcache\rpcrt4.dll
    + 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
    - 2006-12-19 21:49:48 8,509,952 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    + 2007-10-25 16:43:26 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    + 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-11 12:28:46 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2007-03-08 16:37:50 281,600 ------w C:\WINDOWS\system32\gdi32.dll
    + 2007-06-19 13:32:26 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
    - 2006-10-17 10:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
    + 2007-12-07 02:08:32 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
    - 2007-04-25 08:39:00 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
    + 2007-12-07 02:08:32 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
    - 2007-04-25 08:39:24 6,058,496 ------w C:\WINDOWS\system32\ieframe.dll
    + 2007-12-07 02:08:34 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
    - 2007-04-25 08:39:26 267,776 ------w C:\WINDOWS\system32\iertutil.dll
    + 2007-12-07 02:08:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
    - 2007-04-25 08:39:36 459,264 ------w C:\WINDOWS\system32\msfeeds.dll
    + 2007-12-07 02:08:34 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
    - 2007-04-25 08:39:36 52,224 ------w C:\WINDOWS\system32\msfeedsbs.dll
    + 2007-12-07 02:08:34 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
    - 2007-05-08 09:59:02 3,583,488 ------w C:\WINDOWS\system32\mshtml.dll
    + 2007-12-08 05:08:36 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2006-09-13 05:03:06 1,084,416 ------w C:\WINDOWS\system32\msxml3.dll
    + 2007-06-26 06:09:14 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
    - 2004-08-05 04:00:00 581,120 ------w C:\WINDOWS\system32\rpcrt4.dll
    + 2007-07-09 13:19:28 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
    - 2006-12-19 21:49:48 8,509,952 ------w C:\WINDOWS\system32\shell32.dll
    + 2007-10-25 16:43:26 8,516,608 ----a-w C:\WINDOWS\system32\shell32.dll
    - 2007-04-25 08:40:14 105,984 ------w C:\WINDOWS\system32\url.dll
    + 2007-12-07 02:08:34 105,984 ----a-w C:\WINDOWS\system32\url.dll
    - 2007-04-25 08:40:18 1,152,000 ------w C:\WINDOWS\system32\urlmon.dll
    + 2007-12-07 02:08:34 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
    - 2007-04-25 08:40:26 822,784 ------w C:\WINDOWS\system32\wininet.dll
    + 2007-12-07 02:08:34 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    - 2004-08-05 04:00:00 230,400 ------w C:\WINDOWS\system32\wmasf.dll
    + 2007-10-25 09:00:50 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
    - 2006-12-07 16:02:24 2,174,976 ------w C:\WINDOWS\system32\wmvcore.dll
    + 2007-10-25 09:01:10 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
    - 2007-03-09 12:51:20 265,216 ------w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-10-29 15:07:16 369,152 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "preload"="C:\Windows\RUNXMLPL.exe" [ ]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
    "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
    "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
    "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
    "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-11 13:28 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-03 17:10:23 110592]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
    backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "D:\\ALEX\\blobby\\volley.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
    R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
    R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
    R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
    S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
    S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

    *Newly Created Service* - INT15.SYS
    *Newly Created Service* - SSMDRV
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 19:50:17
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    "ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
    [\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"

    .
    Temps d'accomplissement: 2008-03-11 19:51:12
    ComboFix-quarantined-files.txt 2008-03-11 18:51:10
    ComboFix3.txt 2008-03-10 18:48:22
    ComboFix2.txt 2008-03-10 18:59:56
    .
    2008-03-10 21:22:14 --- E O F ---
    a b 8 Sécurité
    11 Mars 2008 20:30:09

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\Windows\RUNXMLPL.exe

    Rootkit::
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe

    Folder::
    C:\FOUND.014
    C:\FOUND.013
    C:\FOUND.012
    C:\FOUND.011
    C:\FOUND.010
    C:\FOUND.009
    C:\FOUND.008
    C:\FOUND.007
    C:\FOUND.006
    C:\Program Files\ErrorSafe Free

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "preload"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    11 Mars 2008 21:04:28

    Rapport combofix je poste hijackthis après.

    ComboFix 08-03-10.1 - Alexandre BERNARD 2008-03-11 20:54:27.5 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.160 [GMT 1:00]
    Endroit: C:\Documents and Settings\Alexandre BERNARD\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Alexandre BERNARD\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\Windows\RUNXMLPL.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\services.exe
    C:\FOUND.006
    C:\FOUND.006\FILE0000.CHK
    C:\FOUND.007
    C:\FOUND.007\FILE0000.CHK
    C:\FOUND.007\FILE0001.CHK
    C:\FOUND.007\FILE0002.CHK
    C:\FOUND.007\FILE0003.CHK
    C:\FOUND.007\FILE0004.CHK
    C:\FOUND.007\FILE0005.CHK
    C:\FOUND.008
    C:\FOUND.008\FILE0000.CHK
    C:\FOUND.009
    C:\FOUND.009\FILE0000.CHK
    C:\FOUND.009\FILE0001.CHK
    C:\FOUND.009\FILE0002.CHK
    C:\FOUND.009\FILE0003.CHK
    C:\FOUND.009\FILE0004.CHK
    C:\FOUND.009\FILE0005.CHK
    C:\FOUND.009\FILE0006.CHK
    C:\FOUND.009\FILE0007.CHK
    C:\FOUND.009\FILE0008.CHK
    C:\FOUND.009\FILE0009.CHK
    C:\FOUND.010
    C:\FOUND.010\FILE0000.CHK
    C:\FOUND.010\FILE0001.CHK
    C:\FOUND.010\FILE0002.CHK
    C:\FOUND.010\FILE0003.CHK
    C:\FOUND.010\FILE0004.CHK
    C:\FOUND.010\FILE0005.CHK
    C:\FOUND.010\FILE0006.CHK
    C:\FOUND.010\FILE0007.CHK
    C:\FOUND.010\FILE0008.CHK
    C:\FOUND.010\FILE0009.CHK
    C:\FOUND.010\FILE0010.CHK
    C:\FOUND.010\FILE0011.CHK
    C:\FOUND.010\FILE0012.CHK
    C:\FOUND.010\FILE0013.CHK
    C:\FOUND.010\FILE0014.CHK
    C:\FOUND.010\FILE0015.CHK
    C:\FOUND.010\FILE0016.CHK
    C:\FOUND.010\FILE0017.CHK
    C:\FOUND.010\FILE0018.CHK
    C:\FOUND.010\FILE0019.CHK
    C:\FOUND.010\FILE0020.CHK
    C:\FOUND.010\FILE0021.CHK
    C:\FOUND.010\FILE0022.CHK
    C:\FOUND.010\FILE0023.CHK
    C:\FOUND.010\FILE0024.CHK
    C:\FOUND.010\FILE0025.CHK
    C:\FOUND.010\FILE0026.CHK
    C:\FOUND.010\FILE0027.CHK
    C:\FOUND.010\FILE0028.CHK
    C:\FOUND.010\FILE0029.CHK
    C:\FOUND.010\FILE0030.CHK
    C:\FOUND.010\FILE0031.CHK
    C:\FOUND.010\FILE0032.CHK
    C:\FOUND.010\FILE0033.CHK
    C:\FOUND.010\FILE0034.CHK
    C:\FOUND.010\FILE0035.CHK
    C:\FOUND.010\FILE0036.CHK
    C:\FOUND.010\FILE0037.CHK
    C:\FOUND.010\FILE0038.CHK
    C:\FOUND.010\FILE0039.CHK
    C:\FOUND.010\FILE0040.CHK
    C:\FOUND.010\FILE0041.CHK
    C:\FOUND.010\FILE0042.CHK
    C:\FOUND.010\FILE0043.CHK
    C:\FOUND.010\FILE0044.CHK
    C:\FOUND.010\FILE0045.CHK
    C:\FOUND.010\FILE0046.CHK
    C:\FOUND.010\FILE0047.CHK
    C:\FOUND.010\FILE0048.CHK
    C:\FOUND.010\FILE0049.CHK
    C:\FOUND.010\FILE0050.CHK
    C:\FOUND.010\FILE0051.CHK
    C:\FOUND.010\FILE0052.CHK
    C:\FOUND.010\FILE0053.CHK
    C:\FOUND.010\FILE0054.CHK
    C:\FOUND.010\FILE0055.CHK
    C:\FOUND.010\FILE0056.CHK
    C:\FOUND.010\FILE0057.CHK
    C:\FOUND.010\FILE0058.CHK
    C:\FOUND.010\FILE0059.CHK
    C:\FOUND.010\FILE0060.CHK
    C:\FOUND.010\FILE0061.CHK
    C:\FOUND.010\FILE0062.CHK
    C:\FOUND.010\FILE0063.CHK
    C:\FOUND.010\FILE0064.CHK
    C:\FOUND.010\FILE0065.CHK
    C:\FOUND.010\FILE0066.CHK
    C:\FOUND.010\FILE0067.CHK
    C:\FOUND.010\FILE0068.CHK
    C:\FOUND.010\FILE0069.CHK
    C:\FOUND.010\FILE0070.CHK
    C:\FOUND.010\FILE0071.CHK
    C:\FOUND.010\FILE0072.CHK
    C:\FOUND.010\FILE0073.CHK
    C:\FOUND.010\FILE0074.CHK
    C:\FOUND.010\FILE0075.CHK
    C:\FOUND.010\FILE0076.CHK
    C:\FOUND.010\FILE0077.CHK
    C:\FOUND.010\FILE0078.CHK
    C:\FOUND.010\FILE0079.CHK
    C:\FOUND.010\FILE0080.CHK
    C:\FOUND.010\FILE0081.CHK
    C:\FOUND.010\FILE0082.CHK
    C:\FOUND.010\FILE0083.CHK
    C:\FOUND.010\FILE0084.CHK
    C:\FOUND.010\FILE0085.CHK
    C:\FOUND.010\FILE0086.CHK
    C:\FOUND.010\FILE0087.CHK
    C:\FOUND.010\FILE0088.CHK
    C:\FOUND.010\FILE0089.CHK
    C:\FOUND.010\FILE0090.CHK
    C:\FOUND.010\FILE0091.CHK
    C:\FOUND.010\FILE0092.CHK
    C:\FOUND.010\FILE0093.CHK
    C:\FOUND.010\FILE0094.CHK
    C:\FOUND.010\FILE0095.CHK
    C:\FOUND.010\FILE0096.CHK
    C:\FOUND.010\FILE0097.CHK
    C:\FOUND.010\FILE0098.CHK
    C:\FOUND.010\FILE0099.CHK
    C:\FOUND.010\FILE0100.CHK
    C:\FOUND.010\FILE0101.CHK
    C:\FOUND.010\FILE0102.CHK
    C:\FOUND.010\FILE0103.CHK
    C:\FOUND.010\FILE0104.CHK
    C:\FOUND.010\FILE0105.CHK
    C:\FOUND.010\FILE0106.CHK
    C:\FOUND.010\FILE0107.CHK
    C:\FOUND.010\FILE0108.CHK
    C:\FOUND.010\FILE0109.CHK
    C:\FOUND.010\FILE0110.CHK
    C:\FOUND.010\FILE0111.CHK
    C:\FOUND.010\FILE0112.CHK
    C:\FOUND.010\FILE0113.CHK
    C:\FOUND.010\FILE0114.CHK
    C:\FOUND.010\FILE0115.CHK
    C:\FOUND.010\FILE0116.CHK
    C:\FOUND.010\FILE0117.CHK
    C:\FOUND.010\FILE0118.CHK
    C:\FOUND.010\FILE0119.CHK
    C:\FOUND.010\FILE0120.CHK
    C:\FOUND.010\FILE0121.CHK
    C:\FOUND.010\FILE0122.CHK
    C:\FOUND.010\FILE0123.CHK
    C:\FOUND.010\FILE0124.CHK
    C:\FOUND.010\FILE0125.CHK
    C:\FOUND.010\FILE0126.CHK
    C:\FOUND.010\FILE0127.CHK
    C:\FOUND.010\FILE0128.CHK
    C:\FOUND.010\FILE0129.CHK
    C:\FOUND.010\FILE0130.CHK
    C:\FOUND.010\FILE0131.CHK
    C:\FOUND.010\FILE0132.CHK
    C:\FOUND.010\FILE0133.CHK
    C:\FOUND.010\FILE0134.CHK
    C:\FOUND.010\FILE0135.CHK
    C:\FOUND.010\FILE0136.CHK
    C:\FOUND.010\FILE0137.CHK
    C:\FOUND.010\FILE0138.CHK
    C:\FOUND.010\FILE0139.CHK
    C:\FOUND.010\FILE0140.CHK
    C:\FOUND.010\FILE0141.CHK
    C:\FOUND.010\FILE0142.CHK
    C:\FOUND.010\FILE0143.CHK
    C:\FOUND.010\FILE0144.CHK
    C:\FOUND.010\FILE0145.CHK
    C:\FOUND.010\FILE0146.CHK
    C:\FOUND.010\FILE0147.CHK
    C:\FOUND.010\FILE0148.CHK
    C:\FOUND.010\FILE0149.CHK
    C:\FOUND.010\FILE0150.CHK
    C:\FOUND.010\FILE0151.CHK
    C:\FOUND.010\FILE0152.CHK
    C:\FOUND.010\FILE0153.CHK
    C:\FOUND.010\FILE0154.CHK
    C:\FOUND.010\FILE0155.CHK
    C:\FOUND.010\FILE0156.CHK
    C:\FOUND.010\FILE0157.CHK
    C:\FOUND.010\FILE0158.CHK
    C:\FOUND.010\FILE0159.CHK
    C:\FOUND.010\FILE0160.CHK
    C:\FOUND.010\FILE0161.CHK
    C:\FOUND.010\FILE0162.CHK
    C:\FOUND.010\FILE0163.CHK
    C:\FOUND.010\FILE0164.CHK
    C:\FOUND.010\FILE0165.CHK
    C:\FOUND.010\FILE0166.CHK
    C:\FOUND.010\FILE0167.CHK
    C:\FOUND.010\FILE0168.CHK
    C:\FOUND.010\FILE0169.CHK
    C:\FOUND.010\FILE0170.CHK
    C:\FOUND.010\FILE0171.CHK
    C:\FOUND.010\FILE0172.CHK
    C:\FOUND.010\FILE0173.CHK
    C:\FOUND.010\FILE0174.CHK
    C:\FOUND.010\FILE0175.CHK
    C:\FOUND.010\FILE0176.CHK
    C:\FOUND.010\FILE0177.CHK
    C:\FOUND.010\FILE0178.CHK
    C:\FOUND.010\FILE0179.CHK
    C:\FOUND.010\FILE0180.CHK
    C:\FOUND.010\FILE0181.CHK
    C:\FOUND.010\FILE0182.CHK
    C:\FOUND.010\FILE0183.CHK
    C:\FOUND.010\FILE0184.CHK
    C:\FOUND.010\FILE0185.CHK
    C:\FOUND.010\FILE0186.CHK
    C:\FOUND.010\FILE0187.CHK
    C:\FOUND.010\FILE0188.CHK
    C:\FOUND.010\FILE0189.CHK
    C:\FOUND.010\FILE0190.CHK
    C:\FOUND.010\FILE0191.CHK
    C:\FOUND.010\FILE0192.CHK
    C:\FOUND.010\FILE0193.CHK
    C:\FOUND.010\FILE0194.CHK
    C:\FOUND.010\FILE0195.CHK
    C:\FOUND.010\FILE0196.CHK
    C:\FOUND.010\FILE0197.CHK
    C:\FOUND.010\FILE0198.CHK
    C:\FOUND.010\FILE0199.CHK
    C:\FOUND.010\FILE0200.CHK
    C:\FOUND.010\FILE0201.CHK
    C:\FOUND.010\FILE0202.CHK
    C:\FOUND.010\FILE0203.CHK
    C:\FOUND.010\FILE0204.CHK
    C:\FOUND.010\FILE0205.CHK
    C:\FOUND.010\FILE0206.CHK
    C:\FOUND.010\FILE0207.CHK
    C:\FOUND.010\FILE0208.CHK
    C:\FOUND.010\FILE0209.CHK
    C:\FOUND.010\FILE0210.CHK
    C:\FOUND.010\FILE0211.CHK
    C:\FOUND.010\FILE0212.CHK
    C:\FOUND.010\FILE0213.CHK
    C:\FOUND.010\FILE0214.CHK
    C:\FOUND.010\FILE0215.CHK
    C:\FOUND.010\FILE0216.CHK
    C:\FOUND.010\FILE0217.CHK
    C:\FOUND.010\FILE0218.CHK
    C:\FOUND.010\FILE0219.CHK
    C:\FOUND.010\FILE0220.CHK
    C:\FOUND.010\FILE0221.CHK
    C:\FOUND.010\FILE0222.CHK
    C:\FOUND.010\FILE0223.CHK
    C:\FOUND.010\FILE0224.CHK
    C:\FOUND.010\FILE0225.CHK
    C:\FOUND.010\FILE0226.CHK
    C:\FOUND.010\FILE0227.CHK
    C:\FOUND.010\FILE0228.CHK
    C:\FOUND.010\FILE0229.CHK
    C:\FOUND.010\FILE0230.CHK
    C:\FOUND.010\FILE0231.CHK
    C:\FOUND.010\FILE0232.CHK
    C:\FOUND.010\FILE0233.CHK
    C:\FOUND.010\FILE0234.CHK
    C:\FOUND.010\FILE0235.CHK
    C:\FOUND.010\FILE0236.CHK
    C:\FOUND.010\FILE0237.CHK
    C:\FOUND.010\FILE0238.CHK
    C:\FOUND.010\FILE0239.CHK
    C:\FOUND.010\FILE0240.CHK
    C:\FOUND.010\FILE0241.CHK
    C:\FOUND.010\FILE0242.CHK
    C:\FOUND.010\FILE0243.CHK
    C:\FOUND.010\FILE0244.CHK
    C:\FOUND.010\FILE0245.CHK
    C:\FOUND.010\FILE0246.CHK
    C:\FOUND.010\FILE0247.CHK
    C:\FOUND.010\FILE0248.CHK
    C:\FOUND.011
    C:\FOUND.011\FILE0000.CHK
    C:\FOUND.011\FILE0001.CHK
    C:\FOUND.011\FILE0002.CHK
    C:\FOUND.011\FILE0003.CHK
    C:\FOUND.011\FILE0004.CHK
    C:\FOUND.011\FILE0005.CHK
    C:\FOUND.011\FILE0006.CHK
    C:\FOUND.011\FILE0007.CHK
    C:\FOUND.011\FILE0008.CHK
    C:\FOUND.011\FILE0009.CHK
    C:\FOUND.011\FILE0011.CHK
    C:\FOUND.011\FILE0012.CHK
    C:\FOUND.012
    C:\FOUND.012\FILE0000.CHK
    C:\FOUND.012\FILE0001.CHK
    C:\FOUND.012\FILE0002.CHK
    C:\FOUND.012\FILE0003.CHK
    C:\FOUND.012\FILE0004.CHK
    C:\FOUND.012\FILE0005.CHK
    C:\FOUND.012\FILE0006.CHK
    C:\FOUND.013
    C:\FOUND.013\FILE0000.CHK
    C:\FOUND.013\FILE0001.CHK
    C:\FOUND.014
    C:\FOUND.014\FILE0000.CHK
    C:\FOUND.014\FILE0001.CHK
    C:\FOUND.014\FILE0002.CHK
    C:\FOUND.014\FILE0003.CHK
    C:\FOUND.014\FILE0004.CHK
    C:\FOUND.014\FILE0005.CHK
    C:\FOUND.014\FILE0006.CHK
    C:\FOUND.014\FILE0007.CHK
    C:\FOUND.014\FILE0008.CHK
    C:\FOUND.014\FILE0009.CHK
    C:\FOUND.014\FILE0010.CHK
    C:\FOUND.014\FILE0011.CHK
    C:\FOUND.014\FILE0012.CHK

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-11 to 2008-03-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-11 13:27 . 2008-03-11 13:27 <REP> d-------- C:\Program Files\Avira
    2008-03-10 00:36 . 2008-03-10 00:36 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-06 21:22 . 2008-03-06 21:22 <REP> d-------- C:\Program Files\Alwil Software
    2008-03-06 21:22 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-03-06 21:22 . 2008-03-11 12:11 2 --a------ C:\WINDOWS\system32\config.nt
    2008-03-06 19:31 . 2008-03-06 19:31 <REP> d-------- C:\Program Files\Motherboard Monitor 5
    2008-03-04 12:37 . 2008-03-04 12:37 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-03-04 11:30 . 2008-03-04 11:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-03-04 11:07 . 2008-03-04 11:07 <REP> d-------- C:\BackUpMSNCleaner
    2008-03-04 10:55 . 2008-03-04 10:55 <REP> d--hs---- C:\FOUND.005
    2008-03-04 09:59 . 2008-03-04 09:59 <REP> d-------- C:\Program Files\CCleaner
    2008-03-04 07:25 . 2008-03-04 07:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-04 07:25 . 2008-03-04 07:25 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-28 21:39 . 2008-02-28 21:39 <REP> d-------- C:\Program Files\Microsoft SQL Server
    2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
    2008-02-28 21:38 . 2008-02-28 21:38 <REP> d-------- C:\Program Files\Microsoft Device Emulator
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\WINDOWS\Symbols
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\HTML Help Workshop
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Business Objects
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\Program Files\CE Remote Tools
    2008-02-28 21:24 . 2008-02-28 21:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PreEmptive Solutions
    2008-02-28 21:22 . 2008-02-28 21:22 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-02-28 21:15 . 2008-02-28 21:15 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-28 19:51 . 2008-02-28 19:51 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD1
    2008-02-28 19:24 . 2008-02-28 19:24 <REP> d-------- C:\Temp\FR_Visual_Studio_2005_Professional_CD2
    2008-02-13 12:51 . 2008-02-13 12:51 <REP> d--hs---- C:\FOUND.004

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 18:56 --------- d-----w C:\Program Files\Canon
    2008-01-29 18:56 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canon
    2008-01-21 21:20 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
    2008-01-21 21:20 --------- d-----w C:\Program Files\AVS4YOU
    2008-01-21 21:20 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\AVS4YOU
    2008-01-21 21:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    2008-01-21 20:55 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\River Past G5
    2008-01-21 20:55 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\River Past G5
    2008-01-21 18:09 --------- d-----w C:\Program Files\Red Kawa
    2008-01-21 18:09 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-01-21 14:41 --------- d-----w C:\Program Files\iTunes
    2008-01-21 14:41 --------- d-----w C:\Program Files\iPod
    2008-01-21 14:39 --------- d-----w C:\Program Files\QuickTime
    2008-01-21 14:31 --------- d-----w C:\Documents and Settings\Alexandre BERNARD\Application Data\Apple Computer
    2008-01-21 14:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2008-01-21 14:29 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-01-21 14:29 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-21 14:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-08-28 13:36 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [ ]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
    "ErrorSafeFree"="C:\Program Files\ErrorSafe Free\uers.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-24 12:50 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-24 12:47 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-24 12:51 114688]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 11:12 102490]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
    "SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
    "EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-10 19:09 212992]
    "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-02 10:31 397312]
    "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-07-26 11:36 69632]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "MPTBox"="C:\Program Files\Canon\MultiPASS4\MPTBox.exe" [2002-11-01 15:29 167936]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-11 13:28 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\KODAK Software Updater.lnk
    backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
    backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "D:\\ALEX\\blobby\\volley.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
    R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
    R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
    R3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
    S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys []
    S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S4 msvsmon80;Débogueur distant Visual Studio 2005;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

    *Newly Created Service* - INT15.SYS
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-11 21:00:41
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    "ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\00\00\00\00\00\00\00\00(\00\00\00\00\00R\02pè\13\00pè\13\00\18î‘|ðô
    [\02ÿÿÿÿm\05’|x\01\15\00\00\00\15\00\00\00\00\00ö\1b"

    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-11 21:03:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-11 20:03:04
    ComboFix4.txt 2008-03-10 18:48:22
    ComboFix3.txt 2008-03-10 18:59:56
    ComboFix2.txt 2008-03-11 18:51:14
    .
    2008-03-10 21:22:14 --- E O F ---
    11 Mars 2008 21:05:07

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:04:17, on 11/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
    O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    --
    End of file - 9530 bytes
    a b 8 Sécurité
    11 Mars 2008 21:47:57

    J'ai fait une erreur, tu peux résinstaller MSNMessenger ?
    11 Mars 2008 21:57:24

    Je l'utilise pas, j'utilise live mensenger, faut il que je l'installe quand même? J'ai regardé sur le net, je trouve pas de lien pour télécharger MSNMessenger.
    a b 8 Sécurité
    11 Mars 2008 22:19:21

    Je parle de Windows Live oui. C'est pas une erreur méchante mais fais le quand même.
    11 Mars 2008 22:26:26

    Je les pas désinstaller. Il est toujours sur le pc, c'est grave??
    a b 8 Sécurité
    12 Mars 2008 13:25:35

    Refais un scan Hijackthis pour voir.
    12 Mars 2008 18:00:03

    voilà

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:59:24, on 12/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Canon\MultiPASS4\MPTBox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
    O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    --
    End of file - 9596 bytes
    a b 8 Sécurité
    12 Mars 2008 18:08:22

    Fix la ligne suivante avec Hijackthis :
    O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
    12 Mars 2008 18:34:58

    Voici le scan après le fix checked

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:33:48, on 12/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Acer\Acer Arcade\PCMService.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Canon\MultiPASS4\MPTBox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alexandre BERNARD\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [MPTBox] C:\Program Files\Canon\MultiPASS4\MPTBox.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPU...
    O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecorporate.com/bin/tol9inst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

    --
    End of file - 9423 bytes

    a b 8 Sécurité
    12 Mars 2008 20:22:19

    Ton pc se comporte mieux ?
    12 Mars 2008 20:26:26

    Oui il n'y a plus de problème avec msn et il plante plus au démarrage et à la fermeture.
    12 Mars 2008 21:03:58

    Je peux supprimer les logiciels téléchargés? sauf antivir bien sûre.
    a b 8 Sécurité
    13 Mars 2008 18:14:06

    Un tool va s'occuper de la suppression ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    14 Mars 2008 09:15:14

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 05/06/2007 a 21:55:01,85

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\
    tentative de suppression de C:\WINDOWS\RUNXMLPL.exe

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    a b 8 Sécurité
    14 Mars 2008 13:16:10

    Euh...ce n'est pas ce que j'ai demandé.
    26 Mars 2008 17:46:28

    Je recommence la manip.
    26 Mars 2008 17:50:33

    -->- Recherche:


    ---------------------------------
    -->- Suppression:

    26 Mars 2008 17:52:54

    Angeldark a dit :
    Euh...ce n'est pas ce que j'ai demandé.


    Je suis inquièt j'ai fait une bêtise??
    a b 8 Sécurité
    26 Mars 2008 18:35:19

    Il est complet ton rapport ToolsCleaner ?
    27 Mars 2008 20:55:07

    oui. Je vais en refaire un.
    27 Mars 2008 20:57:28

    Idem rien de plus pourquoi? En tout cas le pc un peu long au démarrage.
    a b 8 Sécurité
    27 Mars 2008 22:03:02

    Ce problème n'est pas lié à un virus.
    28 Mars 2008 20:11:05

    C'est depuis que j'ai eu le virus sur msn qu'il est un peu plus long. Tu crois que ça vient de quoi?
    a b 8 Sécurité
    28 Mars 2008 20:58:23

    Laisse-le se remettre des ses émotions :D 
    Fais le ménage dans tes programmes au démarrage.
    2 Avril 2008 15:32:33

    Bonjour,
    Je suis également infecté par ce virus msn et je voudrais savoir si quelqu'un pouvait me consacrer un peu de temps pour m'aider à l'éradiquer;
    Par avance merci
    a b 8 Sécurité
    2 Avril 2008 16:28:44

    Chacun son sujet :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS