Se connecter / S'enregistrer
Votre question

[Résolu] Virus winvsnet

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
25 Mars 2008 19:47:04

Bonjour !

Ma connexion wifi étant très instable, je suis obligé de lancer un p2p pour pouvoir garder une ligne stable.
Ca n'a pas raté, j'ai attrapé un virus assez embêtant.

C'est le malware qui installe winvsnet. Avast l'a détecté et supprimé. Je suis passé derrière en lancant ad-aware et en supprimant tous les fichiers "winvsnet.exe".

Mais je ne pense pas que ça ai suffit...

Je vous poste donc mon log hijackthis, en vous demandant de m'aider (si il y a toujours infection)
Merci d'avance :) 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:21, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91223DE9-F8E6-4FFD-8889-BE6784C18696} - C:\WINDOWS\system32\tuvtuus.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\atgban.dll" DllStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O20 - Winlogon Notify: tuvtuus - C:\WINDOWS\SYSTEM32\tuvtuus.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 9105 bytes

Autres pages sur : resolu virus winvsnet

25 Mars 2008 21:09:45

Salut !

Quel rapport entre la perte de ton wifi et ta connection à un réseau p2p ?
Tu as choppé un joli virus... :/ 

Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=4

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
    Anonyme
    26 Mars 2008 08:25:13

    Ma connexion étant très mauvaise, je suis obligé d'avoir un trafic permanent pour maintenir environ 10ko/s. La commande ping ne suffit pas, je lance donc utorrent tout le temps...

    Vundofix n'a rien trouvé :( 

    (c'est normal le premier rapport, je l'ai coupé)

    VundoFix V7.0.3

    Scan started at 22:20:19 25/03/2008

    Listing files found while scanning....


    VundoFix V7.0.3

    Scan started at 07:55:06 26/03/2008

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...
    Contenus similaires
    26 Mars 2008 13:26:15

    :hello: 

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !

    Télécharge Combofix de sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !


    Redémarre en mode sans échecs : aide ici >>>

    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt
    Anonyme
    26 Mars 2008 21:37:12

    Bonsoir ! ^^

    ComboFix 08-03-25.4 - Propriétaire 2008-03-26 17:11:44.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.343 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    .
    ADS - svchost.exe: deleted 228 bytes in 1 streams.
    -- Script messages for sUBs --
    GREP -Fis \baiso
    VFind -td "C:\WINDOWS\system32\*"

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\atgban.dll
    C:\WINDOWS\system32\bcbeg.ini
    C:\WINDOWS\system32\bcbeg.ini2
    C:\WINDOWS\system32\ext
    C:\WINDOWS\system32\ext\TGbn1dll.exe
    C:\WINDOWS\system32\gebcb.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\tuvtuus.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-26 08:13 . 2008-03-26 08:13 <REP> d-------- C:\WINDOWS\LastGood
    2008-03-25 22:20 . 2008-03-25 22:20 <REP> d-------- C:\VundoFix Backups
    2008-03-25 19:42 . 2008-03-25 19:42 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-22 07:38 . 2008-03-22 07:38 <REP> d-------- C:\WINDOWS\system32\xir
    2008-03-22 07:38 . 2008-03-22 07:38 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
    2008-03-22 07:37 . 2008-03-22 07:38 <REP> d-------- C:\WINDOWS\system32\pex3
    2008-03-22 07:35 . 2008-03-22 07:37 <REP> d-------- C:\WINDOWS\system32\imd4
    2008-03-22 07:35 . 2008-03-22 07:35 <REP> d-------- C:\WINDOWS\system32\aqVreo01
    2008-03-19 07:22 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-03-19 07:16 . 2008-03-26 08:14 164,081 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-03-19 07:16 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-03-15 13:43 . 2008-03-15 13:43 32,768 --a------ C:\WINDOWS\system32\aqVreo01\aqVreo011065.exe
    2008-03-14 17:29 . 2008-03-14 17:29 <REP> d-------- C:\Program Files\RADVideo
    2008-03-13 20:25 . 2008-03-13 20:34 <REP> d-------- C:\Program Files\FlashGet
    2008-03-10 08:49 . 2008-03-26 17:09 <REP> d-------- C:\WINDOWS\nview
    2008-03-10 08:13 . 2008-03-10 08:46 <REP> d-------- C:\WINDOWS\NV22842288.TMP
    2008-03-03 20:01 . 2008-03-03 20:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-26 16:04 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
    2008-03-21 18:33 --------- d-----w C:\Program Files\Steam
    2008-03-19 18:25 --------- d-----w C:\Program Files\Notepad++
    2008-03-08 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-25 19:11 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter
    2008-02-22 22:37 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-02-22 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-22 22:25 --------- d-----w C:\Program Files\Fichiers communs\Merge Modules
    2008-02-22 21:57 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
    2008-02-22 21:56 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-22 21:54 --------- d-----w C:\Program Files\Microsoft SDKs
    2008-02-22 19:18 --------- d-----w C:\Program Files\Gamenext
    2008-02-22 16:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
    2008-02-22 15:38 --------- d-----w C:\Program Files\GamesBar
    2008-02-20 15:25 --------- d-----w C:\Program Files\GCFScape
    2008-02-20 06:57 --------- d-----w C:\Program Files\QuickTime
    2008-02-20 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-14 19:51 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
    2008-02-13 12:25 --------- d-----w C:\Program Files\ToniArts
    2008-02-07 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-07 09:26 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-02-02 19:20 2,163 ----a-w C:\Program Files\Craftyov.ini
    2008-01-30 13:06 --------- d-----w C:\Program Files\Real Alternative
    2008-01-26 15:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-26 15:05 --------- d-----w C:\Program Files\Lavasoft
    2008-01-26 15:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2005-06-03 07:46 588,800 ----a-w C:\Program Files\ssc.exe
    2002-07-23 00:29 24,576 ----a-w C:\Program Files\wintextract.exe
    2000-07-25 12:59 233,472 ----a-w C:\Program Files\PakScape.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
    "StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
    "VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 03:28 81920]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life\\hl.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Starcraft\\starcraft.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life 2\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life 2 deathmatch\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\source sdk base\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Red Swoosh
    "5000:UDP"= 5000:UDP:Red Swoosh

    S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-04-29 15:29]
    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
    S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
    S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
    S3 kbeepm;kbeepm;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kbeepm.sys []
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-06-01 17:46]
    S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-03-18 18:16]
    S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-06-29 18:57]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e15f5f46-ba15-11d9-91f4-806d6172696f}]
    \Shell\AutoRun\command - D:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-26 06:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-26 17:17:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-26 17:21:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-26 16:21:04
    .
    2008-03-11 22:13:34 --- E O F ---
    26 Mars 2008 22:39:04

    Re,

    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\drivers\oreans32.sys
    C:\Program Files\wintextract.exe
    C:\WINDOWS\system32\IESetting.dll

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    ;) 
    Anonyme
    27 Mars 2008 08:47:47

    Bonjour :) 

    Euh wintextract est un logiciel d'extraction de textures... il ne me sert plus à rien donc je l'ai supprimé.

    Voici les autres logs :

    Fichier oreans32.sys reçu le 2008.03.27 08:37:23 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.3.26.0 2008.03.27 -
    AntiVir 7.6.0.75 2008.03.27 -
    Authentium 4.93.8 2008.03.27 W32/Sdbot.AEFT
    Avast 4.7.1098.0 2008.03.26 -
    AVG 7.5.0.516 2008.03.26 -
    BitDefender 7.2 2008.03.27 -
    CAT-QuickHeal 9.50 2008.03.26 Rootkit.Agent.ad
    ClamAV 0.92.1 2008.03.27 -
    DrWeb 4.44.0.09170 2008.03.26 -
    eSafe 7.0.15.0 2008.03.18 -
    eTrust-Vet 31.3.5646 2008.03.27 -
    Ewido 4.0 2008.03.26 -
    F-Prot 4.4.2.54 2008.03.26 W32/Sdbot.AEFT
    F-Secure 6.70.13260.0 2008.03.27 -
    FileAdvisor 1 2008.03.27 -
    Fortinet 3.14.0.0 2008.03.27 RTKT_AGENT.CTH
    Ikarus T3.1.1.20 2008.03.26 -
    Kaspersky 7.0.0.125 2008.03.27 -
    McAfee 5260 2008.03.26 -
    Microsoft 1.3301 2008.03.27 -
    NOD32v2 2976 2008.03.26 -
    Norman 5.80.02 2008.03.26 -
    Panda 9.0.0.4 2008.03.26 -
    Prevx1 V2 2008.03.27 -
    Rising 20.37.30.00 2008.03.27 -
    Sophos 4.27.0 2008.03.27 -
    Sunbelt 3.0.978.0 2008.03.18 -
    Symantec 10 2008.03.27 -
    TheHacker 6.2.92.256 2008.03.27 -
    VBA32 3.12.6.3 2008.03.25 -
    VirusBuster 4.3.26:9 2008.03.26 -
    Webwasher-Gateway 6.6.2 2008.03.27 -
    Information additionnelle
    File size: 33952 bytes
    MD5: aad837bf3b475092fd515cd0842334e9
    SHA1: 2f845acac30e40d5aea3ccf8d02f5226089366a5
    PEiD: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.3.26.0 2008.03.27 -
    AntiVir 7.6.0.75 2008.03.27 -
    Authentium 4.93.8 2008.03.27 W32/Sdbot.AEFT
    Avast 4.7.1098.0 2008.03.26 -
    AVG 7.5.0.516 2008.03.26 -
    BitDefender 7.2 2008.03.27 -
    CAT-QuickHeal 9.50 2008.03.26 Rootkit.Agent.ad
    ClamAV 0.92.1 2008.03.27 -
    DrWeb 4.44.0.09170 2008.03.26 -
    eSafe 7.0.15.0 2008.03.18 -
    eTrust-Vet 31.3.5646 2008.03.27 -
    Ewido 4.0 2008.03.26 -
    F-Prot 4.4.2.54 2008.03.26 W32/Sdbot.AEFT
    F-Secure 6.70.13260.0 2008.03.27 -
    FileAdvisor 1 2008.03.27 -
    Fortinet 3.14.0.0 2008.03.27 RTKT_AGENT.CTH
    Ikarus T3.1.1.20 2008.03.26 -
    Kaspersky 7.0.0.125 2008.03.27 -
    McAfee 5260 2008.03.26 -
    Microsoft 1.3301 2008.03.27 -
    NOD32v2 2976 2008.03.26 -
    Norman 5.80.02 2008.03.26 -
    Panda 9.0.0.4 2008.03.26 -
    Prevx1 V2 2008.03.27 -
    Rising 20.37.30.00 2008.03.27 -
    Sophos 4.27.0 2008.03.27 -
    Sunbelt 3.0.978.0 2008.03.18 -
    Symantec 10 2008.03.27 -
    TheHacker 6.2.92.256 2008.03.27 -
    VBA32 3.12.6.3 2008.03.25 -
    VirusBuster 4.3.26:9 2008.03.26 -
    Webwasher-Gateway 6.6.2 2008.03.27 -

    Information additionnelle
    File size: 33952 bytes
    MD5: aad837bf3b475092fd515cd0842334e9
    SHA1: 2f845acac30e40d5aea3ccf8d02f5226089366a5
    PEiD: -


    Fichier IESetting.dll reçu le 2008.03.27 08:43:45 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.3.26.0 2008.03.27 -
    AntiVir 7.6.0.75 2008.03.27 -
    Authentium 4.93.8 2008.03.27 -
    Avast 4.7.1098.0 2008.03.26 -
    AVG 7.5.0.516 2008.03.26 -
    BitDefender 7.2 2008.03.27 -
    CAT-QuickHeal 9.50 2008.03.26 -
    ClamAV 0.92.1 2008.03.27 -
    DrWeb 4.44.0.09170 2008.03.26 -
    eSafe 7.0.15.0 2008.03.18 -
    eTrust-Vet 31.3.5646 2008.03.27 -
    Ewido 4.0 2008.03.26 -
    F-Prot 4.4.2.54 2008.03.26 -
    F-Secure 6.70.13260.0 2008.03.27 -
    FileAdvisor 1 2008.03.27 -
    Fortinet 3.14.0.0 2008.03.27 -
    Ikarus T3.1.1.20 2008.03.26 -
    Kaspersky 7.0.0.125 2008.03.27 -
    McAfee 5260 2008.03.26 -
    Microsoft 1.3301 2008.03.27 -
    NOD32v2 2976 2008.03.26 -
    Norman 5.80.02 2008.03.26 -
    Panda 9.0.0.4 2008.03.26 -
    Prevx1 V2 2008.03.27 -
    Rising 20.37.30.00 2008.03.27 -
    Sophos 4.27.0 2008.03.27 -
    Sunbelt 3.0.978.0 2008.03.18 -
    Symantec 10 2008.03.27 -
    TheHacker 6.2.92.256 2008.03.27 -
    VBA32 3.12.6.3 2008.03.25 -
    VirusBuster 4.3.26:9 2008.03.26 -
    Webwasher-Gateway 6.6.2 2008.03.27 -
    Information additionnelle
    File size: 142848 bytes
    MD5: 7ddf19e9930e8eb4c8ab3d9dd2f811e4
    SHA1: c6ff4e7b010e2b6439775e9c90f2e053f4ac3e17
    PEiD: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.3.26.0 2008.03.27 -
    AntiVir 7.6.0.75 2008.03.27 -
    Authentium 4.93.8 2008.03.27 -
    Avast 4.7.1098.0 2008.03.26 -
    AVG 7.5.0.516 2008.03.26 -
    BitDefender 7.2 2008.03.27 -
    CAT-QuickHeal 9.50 2008.03.26 -
    ClamAV 0.92.1 2008.03.27 -
    DrWeb 4.44.0.09170 2008.03.26 -
    eSafe 7.0.15.0 2008.03.18 -
    eTrust-Vet 31.3.5646 2008.03.27 -
    Ewido 4.0 2008.03.26 -
    F-Prot 4.4.2.54 2008.03.26 -
    F-Secure 6.70.13260.0 2008.03.27 -
    FileAdvisor 1 2008.03.27 -
    Fortinet 3.14.0.0 2008.03.27 -
    Ikarus T3.1.1.20 2008.03.26 -
    Kaspersky 7.0.0.125 2008.03.27 -
    McAfee 5260 2008.03.26 -
    Microsoft 1.3301 2008.03.27 -
    NOD32v2 2976 2008.03.26 -
    Norman 5.80.02 2008.03.26 -
    Panda 9.0.0.4 2008.03.26 -
    Prevx1 V2 2008.03.27 -
    Rising 20.37.30.00 2008.03.27 -
    Sophos 4.27.0 2008.03.27 -
    Sunbelt 3.0.978.0 2008.03.18 -
    Symantec 10 2008.03.27 -
    TheHacker 6.2.92.256 2008.03.27 -
    VBA32 3.12.6.3 2008.03.25 -
    VirusBuster 4.3.26:9 2008.03.26 -
    Webwasher-Gateway 6.6.2 2008.03.27 -

    Information additionnelle
    File size: 142848 bytes
    MD5: 7ddf19e9930e8eb4c8ab3d9dd2f811e4
    SHA1: c6ff4e7b010e2b6439775e9c90f2e053f4ac3e17
    PEiD: -


    Voilà ^^ et merci de m'aider !
    27 Mars 2008 16:55:55

    :hello: 

  • Télécharge SREng (de Smallfrogs) ( ou System Repair Engineer ) :
    http://www.kztechs.com/eng/download.html
  • Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
  • Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
  • Clique sur "smart scan".
  • Clique sur le bouton "scan".
  • Quand l'analyse est terminée, clique sur le bouton "save reports".
  • Sauvegarde alors le rapport sur ton bureau.
  • Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

    ;) 
    Anonyme
    27 Mars 2008 19:27:02

    :salut:


    2008-03-27,19:26:03

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan


    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    <CTSyncU.exe><"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"> []
    <WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows Component Publisher]
    <msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <hpsysdrv><c:\windows\system\hpsysdrv.exe> [Hewlett-Packard Company]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows Publisher]
    <StorageGuard><"C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r> [Sonic Solutions]
    <Recguard><C:\WINDOWS\SMINST\RECGUARD.EXE> []
    <VTTimer><VTTimer.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PS2><C:\WINDOWS\system32\ps2.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
    <Logitech Hardware Abstraction Layer><KHALMNPR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
    <D-Link AirPlus G><C:\Program Files\D-Link\AirPlus G\AirGCFG.exe> [D-Link]
    <ANIWZCS2Service><C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe> [Alpha Networks Inc.]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
    <QuickTime Task><"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
    <AlcxMonitor><ALCXMNTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install> []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser> [(Verified)Microsoft Windows Publisher]

    ==================================
    Startup Folders
    N/A

    ==================================
    Services
    [Ad-Aware 2007 Service / aawservice][Running/Auto Start]
    <"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"><Lavasoft>
    [ANIWZCSd Service / ANIWZCSdService][Running/Auto Start]
    <C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe><Alpha Networks Inc.>
    [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
    [avast! Antivirus / avast! Antivirus][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
    [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
    [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
    [Diskeeper / Diskeeper][Running/Auto Start]
    <"C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"><Executive Software International, Inc.>
    [Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
    <c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
    [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
    [Windows CardSpace / idsvc][Stopped/Manual Start]
    <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
    [Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
    <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
    [nTune Service / nTuneService][Stopped/Auto Start]
    <C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService><N/A>
    [NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
    <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
    [wampapache / wampapache][Stopped/Manual Start]
    <"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice><Apache Software Foundation>
    [wampmysqld / wampmysqld][Stopped/Manual Start]
    <c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld><N/A>
    [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
    <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

    ==================================
    Drivers
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [ANIO Service / ANIO][Running/Auto Start]
    <\??\C:\WINDOWS\system32\ANIO.SYS><Alpha Networks Inc.>
    [catchme / catchme][Stopped/Manual Start]
    <\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\catchme.sys><N/A>
    [Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start]
    <System32\DRIVERS\el90xbc5.sys><3Com Corporation>
    [ialm / ialm][Stopped/Manual Start]
    <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
    [ids00026 / ids00026][Stopped/Manual Start]
    <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys><N/A>
    [ids0004C / ids0004C][Stopped/Manual Start]
    <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys><N/A>
    [ids0005c / ids0005c][Stopped/Manual Start]
    <\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys><N/A>
    [kbeepm / kbeepm][Stopped/Manual Start]
    <\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kbeepm.sys><N/A>
    [Logitech SetPoint Keyboard Driver / L8042Kbd][Running/Manual Start]
    <system32\DRIVERS\L8042Kbd.sys><Logitech, Inc.>
    [Logitech SetPoint PS/2 Mouse Filter Driver / L8042mou][Stopped/Manual Start]
    <system32\DRIVERS\L8042mou.Sys><Logitech, Inc.>
    [Logitech SetPoint HID Mouse Filter Driver / LHidKe][Stopped/Manual Start]
    <system32\DRIVERS\LHidKE.Sys><Logitech, Inc.>
    [Logitech SetPoint USB Receiver device driver / LHidUsbK][Stopped/Manual Start]
    <System32\Drivers\LHidUsbK.Sys><Logitech, Inc.>
    [Logitech SetPoint Mouse Filter Driver / LMouKE][Stopped/Manual Start]
    <system32\DRIVERS\LMouKE.Sys><Logitech, Inc.>
    [nocashio / nocashio][Stopped/Manual Start]
    <system32\drivers\nocashio.sys><N/A>
    [nv / nv][Running/Manual Start]
    <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
    [nvatabus / nvatabus][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
    [Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Running/Manual Start]
    <system32\drivers\nvax.sys><NVIDIA Corporation>
    [NVIDIA nForce Networking Controller Driver / NVENET][Running/Manual Start]
    <System32\DRIVERS\NVENET.sys><NVIDIA Corporation>
    [Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Running/Manual Start]
    <system32\drivers\nvapu.sys><NVIDIA Corporation>
    [NVR0Dev / NVR0Dev][Stopped/Manual Start]
    <\??\C:\WINDOWS\nvoclock.sys><N/A>
    [NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
    [oreans32 / oreans32][Running/System Start]
    <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
    [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
    [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
    [Ps2 / Ps2][Stopped/Manual Start]
    <System32\DRIVERS\PS2.sys><Hewlett-Packard Company>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [PxHelp20 / PxHelp20][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
    [D-Link Wireless Driver / RT61][Stopped/Manual Start]
    <system32\DRIVERS\RT61.sys><Ralink Technology Inc.>
    [D-Link USB Wireless LAN Card Driver / RT73][Stopped/Manual Start]
    <system32\DRIVERS\Dr71WU.sys><Ralink Technology, Corp.>
    [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
    <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
    [Secdrv / Secdrv][Running/Auto Start]
    <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
    [StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
    <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
    [StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
    <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
    [StarForce Protection VFS Driver (version 2.x) / sfvfs02][Running/Boot Start]
    <\SystemRoot\System32\drivers\sfvfs02.sys><Protection Technology>
    [SAGEM 802.11g XG760 1211 Driver / SG760_XP][Running/Manual Start]
    <system32\DRIVERS\WlanUZXP.sys><ZyDAS Technology Corporation>
    [SiS315 / SiS315][Stopped/Manual Start]
    <System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
    [SiS AGP Filter / SISAGP][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
    [SiSkp / SiSkp][Running/System Start]
    <System32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
    [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
    <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
    [D-Link WLAN USB Boot Device / TIAcxubt][Stopped/Manual Start]
    <System32\Drivers\tiacxubt.sys><Texas Instruments>
    [D-Link AirPlus DWL-120+ Wireless USB Adapter / TIACXUSB][Stopped/Manual Start]
    <System32\Drivers\tiacxusb.sys><D-Link>
    [VIA AGP Filter / viaagp1][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
    [viagfx / viagfx][Stopped/Manual Start]
    <System32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics, Inc.>
    [ViaIde / ViaIde][Stopped/Disabled]
    <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
    [NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335) / W8335XP][Stopped/Manual Start]
    <system32\DRIVERS\WG311v3XP.sys><N/A>
    [ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\ZDCndis5.SYS><N/A>
    [ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\ZDPNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
    [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
    <system32\drivers\ialmsbw.sys><Intel Corporation>
    [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
    <system32\drivers\ialmkchw.sys><Intel Corporation>

    ==================================
    Browser Add-ons
    [Aide pour le lien d'Adobe PDF Reader]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, N/A>
    [Windows Live Sign-in Helper]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    []
    {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
    [Checkers Class]
    {00B71CFB-6864-4346-A978-C0A14556272C} <C:\WINDOWS\Downloaded Program Files\msgrchkr.dll, Microsoft Corporation>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
    [Checkers Class]
    {20A60F0D-9AFA-4515-A0FD-83BD84642501} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll, Microsoft Corporation>
    [Minesweeper Flags Class]
    {2917297F-F02B-4B9D-81DF-494B6333150B} <C:\WINDOWS\Downloaded Program Files\minesweeper.dll, Microsoft Corporation>
    [Office Update Installation Engine]
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
    [UnoCtrl Class]
    {5D6F45B3-9043-443D-A792-115447494D24} <C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll, Microsoft>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [Java Plug-in 1.4.1_02]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll, JavaSoft / Sun Microsystems, Inc.>
    [MessengerStatsClient Class]
    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
    [MessengerStatsClient Class]
    {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
    [Java Plug-in 1.4.1_02]
    {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll, JavaSoft / Sun Microsystems, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
    [Solitaire Showdown Class]
    {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} <C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll, Microsoft Corporation>
    [Aide pour le lien d'Adobe PDF Reader]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, N/A>
    [Shockwave ActiveX Control]
    {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
    [Checkers Class]
    {20A60F0D-9AFA-4515-A0FD-83BD84642501} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll, Microsoft Corporation>
    [Windows Media Player]
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
    [Shockwave ActiveX Control]
    {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Adobe Systems, Inc.>
    [HTML Document]
    {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
    [XML DOM Document]
    {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
    [Office Update Installation Engine]
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
    [XML Document]
    {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
    []
    {4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
    [HHCtrl Object]
    {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
    [Shell Name Space]
    {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [MUWebControl Class]
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
    [Active Desktop Mover]
    {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
    [Microsoft Web Browser]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [XML HTTP 4.0]
    {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
    [Java Plug-in 1.4.1_02]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll, JavaSoft / Sun Microsystems, Inc.>
    [Windows Live Sign-in Helper]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [RMGetLicense Class]
    {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
    [SearchAssistantOC]
    {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
    [MessengerStatsClient Class]
    {C3F79A2B-B9B4-4A66-B012-3EE46475B072} <C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll, Microsoft Corporation>
    [Java Plug-in 1.4.1_02]
    {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll, JavaSoft / Sun Microsystems, Inc.>
    [AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [AUDIO__WAV Moniker Class]
    {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__MPEG Moniker Class]
    {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_WMV Moniker Class]
    {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
    [QuickTimeCheck Class]
    {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
    [AgControl Class]
    {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\npctrl.1.0.30109.0.dll, Microsoft Corporation>
    []
    {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
    [XML HTTP Request]
    {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
    []
    {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, Microsoft Corporation>
    [XML HTTP 3.0]
    {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
    [XML HTTP]
    {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>

    ==================================
    Running Processes
    [PID: 368 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 768 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 792 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 836 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [PID: 848 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1000 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1060 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1200 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\IESetting.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [PID: 1236 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
    [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
    [PID: 1456 / Propriétaire][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\IESetting.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Notepad++\nppcm.dll] [Burgaud.com, 1.2.1]
    [C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll] [Creative Technology Ltd, 1.0.1.0]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\CmdLineExt03.dll] [N/A, ]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.6921]
    [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.11.6921]
    [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6921]
    [C:\WINDOWS\System32\igfxpph.dll] [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\nvshell.dll] [, ]
    [PID: 1496 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1640 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\IESetting.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [PID: 1972 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft, 7,0,2,6]
    [C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft, 7,0,2,6]
    [C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive85u.dll] [PKWARE, Inc., 8.4.1045.0]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\IESetting.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [, 7, 0, 2, 6]
    [PID: 1988 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 2040 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 548 / Propriétaire][C:\windows\system\hpsysdrv.exe] [Hewlett-Packard Company, 1, 7, 0, 0]
    [PID: 672 / Propriétaire][C:\WINDOWS\system32\ps2.exe] [Hewlett-Packard Company, 1.0.2.1]
    [PID: 680 / Propriétaire][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Setup\SetIFace.dll] [N/A, ]
    [PID: 708 / Propriétaire][C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe] [NVIDIA Corporation, 1.0.444]
    [C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerFR.dll] [NVIDIA Corporation, 1.0.444]
    [C:\Program Files\Fichiers communs\NVIDIA Shared\Audio\NVAudioMod.dll] [NVIDIA Corporation, 1.0.444]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 720 / Propriétaire][C:\Program Files\D-Link\AirPlus G\AirGCFG.exe] [D-Link, 3, 3, 1, 50722]
    [C:\WINDOWS\system32\wlanapi.dll] [Alpha Networks Inc., 1, 3, 29, 50802]
    [C:\WINDOWS\system32\ANIOApi.dll] [Alpha Networks Inc., 2, 0, 0, 40127]
    [C:\WINDOWS\system32\AQCKGen.dll] [Alpha Networks Inc., 1, 0, 0, 30603]
    [C:\WINDOWS\system32\WlanApp.dll] [Alpha Networks Inc., 1, 0, 11, 50809]
    [C:\Program Files\D-Link\AirPlus G\WlanMon.dll] [D-Link, 3, 3, 1, 50804]
    [PID: 744 / Propriétaire][C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe] [Alpha Networks Inc., 1, 0, 6, 41216]
    [C:\WINDOWS\system32\ANIWZCS2.DLL] [Alpha Networks Inc., 2, 4, 28, 50808]
    [C:\WINDOWS\system32\AQCKGen.dll] [Alpha Networks Inc., 1, 0, 0, 30603]
    [C:\WINDOWS\system32\ANIOApi.dll] [Alpha Networks Inc., 2, 0, 0, 40127]
    [C:\WINDOWS\system32\WlanApp.dll] [Alpha Networks Inc., 1, 0, 11, 50809]
    [C:\WINDOWS\system32\wlanapi.dll] [Alpha Networks Inc., 1, 3, 29, 50802]
    [PID: 756 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.6000.16438 (winmain(wmbla).070123-1305)]
    [PID: 968 / Propriétaire][C:\Program Files\QuickTime\QTTask.exe] [Apple Inc., 7.4.1]
    [PID: 1412 / Propriétaire][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1432 / Propriétaire][C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe] [, 6.1.5.0]
    [C:\Program Files\Creative\Sync Manager Unicode\CTIntrfu.dll] [Creative Technology Ltd, 3.0.0.0]
    [C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl] [, 6.1.1.0]
    [C:\Program Files\Creative\Sync Manager Unicode\CTTEMgru.cte] [Creative Technology Ltd, 6.0.13.0]
    [C:\Program Files\Creative\Sync Manager Unicode\CTMyComu.cte] [Creative Technology Ltd, 6.0.15.0]
    [C:\Program Files\Creative\Shared Files\MtpManU.dll] [Creative Technology Ltd., 1.3.7.0]
    [PID: 1448 / Propriétaire][C:\Program Files\Windows Media Player\WMPNSCFG.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Windows Media Player\wmpnssci.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [PID: 1452 / Propriétaire][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\MSIMG32.dll] [Patchou, 4, 50, 0, 312]
    [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\IESetting.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll] [Patchou, 4, 50, 0, 312]
    [C:\Program Files\Messenger Plus! Live\Detoured.dll] [N/A, ]
    [C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll] [Patchou, 4, 50, 0, 312]
    [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    [C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\WINDOWS\system32\msdmo.dll] [, ]
    [C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
    [C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018]
    [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018]
    [PID: 1516 / SYSTEM][C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe] [Alpha Networks Inc., 1, 0, 1, 30507]
    [C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSd.DLL] [Alpha Networks Inc., 2, 4, 28, 50808]
    [C:\WINDOWS\system32\AQCKGen.dll] [Alpha Networks Inc., 1, 0, 0, 30603]
    [C:\WINDOWS\system32\ANIOApi.dll] [Alpha Networks Inc., 2, 0, 0, 40127]
    [C:\WINDOWS\system32\WlanApp.dll] [Alpha Networks Inc., 1, 0, 11, 50809]
    [C:\WINDOWS\system32\wlanapi.dll] [Alpha Networks Inc., 1, 3, 29, 50802]
    [PID: 1524 / SYSTEM][C:\Program Files\Executive Software\DiskeeperLite\DKService.exe] [Executive Software International, Inc., 7.0.418.0]
    [C:\Program Files\Executive Software\DiskeeperLite\PSAPI.DLL] [Microsoft Corporation, 5.00.1849.1]
    [C:\Program Files\Executive Software\DiskeeperLite\DKLib.dll] [Executive Software International, Inc., 7.0.418.0]
    [C:\Program Files\Executive Software\DiskeeperLite\DkRes.dll] [Executive Software International, Inc., 7.0.418.0]
    [PID: 1752 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1800 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
    [PID: 604 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\wmpmde.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [PID: 2244 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 2336 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 2528 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 3084 / Propriétaire][C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe] [Mozilla Corporation, 1.9b4]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\xul.dll] [Mozilla Foundation, 1.9b4]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\sqlite3.dll] [sqlite.org, 3.5.4.1]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\MOZCRT19.dll] [Sample Corporation, 8.00.0000]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\js3250.dll] [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\nspr4.dll] [Mozilla Foundation, 4.7.1 Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\smime3.dll] [Mozilla Foundation, 3.12 Basic ECC Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\nss3.dll] [Mozilla Foundation, 3.12 Basic ECC Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\nssutil3.dll] [Mozilla Foundation, 3.12 Basic ECC Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\plc4.dll] [Mozilla Foundation, 4.7.1 Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\plds4.dll] [Mozilla Foundation, 4.7.1 Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\ssl3.dll] [Mozilla Foundation, 3.12 Basic ECC Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\xpcom.dll] [Mozilla Foundation, 1.9b4]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\components\browserdirprovider.dll] [Mozilla Foundation, 1.9b4]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\softokn3.dll] [Mozilla Foundation, 3.12 Basic ECC Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\nssdbm3.dll] [Mozilla Foundation, 3.12 Basic ECC Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\freebl3.dll] [Mozilla Foundation, 3.12 Basic ECC Beta]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\nssckbi.dll] [Mozilla Foundation, 1.70]
    [C:\Program Files\Mozilla Firefox 3 Beta 2\components\brwsrcmp.dll] [Mozilla Foundation, 1.9b4]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\IESetting.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 3628 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6921]
    [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6921]
    [PID: 2136 / Propriétaire][C:\Documents and Settings\Propriétaire\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\WINDOWS\system32\IESetting.dll] [Microsoft Corporation, 8.00.6001.17184 (longhorn_ie8_beta1(wmbla).080303-1908)]
    [C:\Documents and Settings\Propriétaire\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 548, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 708, C:\PROGRAM FILES\NVIDIA CORPORATION\NVMIXER\NVMIXERTRAY.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 720, C:\PROGRAM FILES\D-LINK\AIRPLUS G\AIRGCFG.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 744, C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 968, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1432, C:\PROGRAM FILES\CREATIVE\SYNC MANAGER UNICODE\CTSYNCU.EXE]
    Special Privilege Enabled: SeDebugPrivilege [PID = 2136, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\BUREAU\SRENG2\SRENGPS.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2136, C:\DOCUMENTS AND SETTINGS\PROPRIÉTAIRE\BUREAU\SRENG2\SRENGPS.EXE]

    ==================================
    API HOOK
    N/A

    ==================================
    Hidden Process
    N/A

    ==================================
    27 Mars 2008 19:37:16

    Re,

    Poste le rapport sans balises stp, pour cela édite ton précédent et enlève les balises.

    Puis fais un up du sujet ;) 
    Anonyme
    27 Mars 2008 19:39:38

    Voilà ^^
    27 Mars 2008 20:28:11

    :hello: 

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    Driver::
    oreans32
    kbeepm

    File::
    C:\WINDOWS\system32\drivers\oreans32.sys

    Folder::
    C:\Program Files\GamesBar


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.
    Anonyme
    27 Mars 2008 20:45:57

    :salut:

    ComboFix 08-03-25.4 - Propriétaire 2008-03-27 20:36:09.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.236 [GMT 1:00]
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propri%u201Ataire\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration
    .
    -- Script messages for sUBs --
    GREP -Fis \baiso
    VFind -td "C:\WINDOWS\system32\*"
    Findstr -MIF:/ sursen

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-27 19:20 . 2008-03-27 19:21 <REP> d-------- C:\WINDOWS\NV30523056.TMP
    2008-03-27 19:20 . 2008-03-27 19:20 <REP> d-------- C:\WINDOWS\LastGood
    2008-03-25 22:20 . 2008-03-25 22:20 <REP> d-------- C:\VundoFix Backups
    2008-03-25 19:42 . 2008-03-25 19:42 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-22 07:38 . 2008-03-22 07:38 <REP> d-------- C:\WINDOWS\system32\xir
    2008-03-22 07:38 . 2008-03-22 07:38 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
    2008-03-22 07:37 . 2008-03-22 07:38 <REP> d-------- C:\WINDOWS\system32\pex3
    2008-03-22 07:35 . 2008-03-22 07:37 <REP> d-------- C:\WINDOWS\system32\imd4
    2008-03-22 07:35 . 2008-03-22 07:35 <REP> d-------- C:\WINDOWS\system32\aqVreo01
    2008-03-19 07:22 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-03-19 07:16 . 2008-03-27 19:22 164,081 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-03-19 07:16 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-03-15 13:43 . 2008-03-15 13:43 32,768 --a------ C:\WINDOWS\system32\aqVreo01\aqVreo011065.exe
    2008-03-14 17:29 . 2008-03-14 17:29 <REP> d-------- C:\Program Files\RADVideo
    2008-03-10 08:49 . 2008-03-27 19:18 <REP> d-------- C:\WINDOWS\nview
    2008-03-10 08:13 . 2008-03-10 08:46 <REP> d-------- C:\WINDOWS\NV22842288.TMP
    2008-03-03 20:01 . 2008-03-03 20:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-27 19:27 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
    2008-03-27 19:27 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\uTorrent
    2008-03-21 18:33 --------- d-----w C:\Program Files\Steam
    2008-03-19 18:26 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Notepad++
    2008-03-19 18:25 --------- d-----w C:\Program Files\Notepad++
    2008-03-08 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-03 19:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-03-03 19:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-03-03 19:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    2008-03-03 18:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
    2008-03-03 18:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
    2008-03-03 18:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
    2008-03-03 18:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
    2008-03-03 18:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
    2008-03-03 18:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    2008-03-03 18:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    2008-03-03 18:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
    2008-02-26 11:06 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\gtk-2.0
    2008-02-25 19:11 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter
    2008-02-22 22:37 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-02-22 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-22 22:25 --------- d-----w C:\Program Files\Fichiers communs\Merge Modules
    2008-02-22 21:57 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
    2008-02-22 21:56 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-22 21:54 --------- d-----w C:\Program Files\Microsoft SDKs
    2008-02-22 16:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
    2008-02-22 15:38 --------- d-----w C:\Program Files\GamesBar
    2008-02-20 15:25 --------- d-----w C:\Program Files\GCFScape
    2008-02-20 06:57 --------- d-----w C:\Program Files\QuickTime
    2008-02-20 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-14 19:51 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
    2008-02-13 12:25 --------- d-----w C:\Program Files\ToniArts
    2008-02-07 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-07 09:26 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-02-02 19:20 2,163 ----a-w C:\Program Files\Craftyov.ini
    2008-01-30 13:06 --------- d-----w C:\Program Files\Real Alternative
    2008-01-30 12:59 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Media Player Classic
    2008-01-11 10:35 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
    2008-01-11 10:35 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
    2008-01-11 10:35 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
    2007-03-03 15:21 29,664 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
    2005-06-03 07:46 588,800 ----a-w C:\Program Files\ssc.exe
    2000-07-25 12:59 233,472 ----a-w C:\Program Files\PakScape.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-26_17.20.54.79 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-05 00:41:00 425,984 ----a-w C:\WINDOWS\NV30523056.TMP\keystone.exe
    + 2007-12-05 00:41:00 442,368 ----a-w C:\WINDOWS\NV30523056.TMP\nvappbar.exe
    + 2007-12-05 00:41:00 147,456 ----a-w C:\WINDOWS\NV30523056.TMP\nvcolor.exe
    + 2007-12-05 00:41:00 753,664 ----a-w C:\WINDOWS\NV30523056.TMP\nvcplui.exe
    + 2007-12-05 00:41:00 1,073,152 ----a-w C:\WINDOWS\NV30523056.TMP\nvcpluir.dll
    + 2007-12-05 00:41:00 1,339,392 ----a-w C:\WINDOWS\NV30523056.TMP\nvdspsch.exe
    + 2007-12-05 00:41:00 307,200 ----a-w C:\WINDOWS\NV30523056.TMP\nvexpbar.dll
    + 2007-12-05 00:41:00 1,474,560 ----a-w C:\WINDOWS\NV30523056.TMP\nview.dll
    + 2007-12-05 00:41:00 45,056 ----a-w C:\WINDOWS\NV30523056.TMP\nvmccsrs.dll
    + 2007-12-05 00:41:00 327,680 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsar.dll
    + 2007-12-05 00:41:00 249,856 ----a-w C:\WINDOWS\NV30523056.TMP\nvrscs.dll
    + 2007-12-05 00:41:00 253,952 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsda.dll
    + 2007-12-05 00:41:00 278,528 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsde.dll
    + 2007-12-05 00:41:00 282,624 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsel.dll
    + 2007-12-05 00:41:00 245,760 ----a-w C:\WINDOWS\NV30523056.TMP\nvrseng.dll
    + 2007-12-05 00:41:00 282,624 ----a-w C:\WINDOWS\NV30523056.TMP\nvrses.dll
    + 2007-12-05 00:41:00 274,432 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsesm.dll
    + 2007-12-05 00:41:00 249,856 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsfi.dll
    + 2007-12-05 00:41:00 282,624 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsfr.dll
    + 2007-12-05 00:41:00 327,680 ----a-w C:\WINDOWS\NV30523056.TMP\nvrshe.dll
    + 2007-12-05 00:41:00 258,048 ----a-w C:\WINDOWS\NV30523056.TMP\nvrshu.dll
    + 2007-12-05 00:41:00 278,528 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsit.dll
    + 2007-12-05 00:41:00 266,240 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsja.dll
    + 2007-12-05 00:41:00 258,048 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsko.dll
    + 2007-12-05 00:41:00 274,432 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsnl.dll
    + 2007-12-05 00:41:00 253,952 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsno.dll
    + 2007-12-05 00:41:00 253,952 ----a-w C:\WINDOWS\NV30523056.TMP\nvrspl.dll
    + 2007-12-05 00:41:00 274,432 ----a-w C:\WINDOWS\NV30523056.TMP\nvrspt.dll
    + 2007-12-05 00:41:00 266,240 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsptb.dll
    + 2007-12-05 00:41:00 270,336 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsru.dll
    + 2007-12-05 00:41:00 258,048 ----a-w C:\WINDOWS\NV30523056.TMP\nvrssk.dll
    + 2007-12-05 00:41:00 258,048 ----a-w C:\WINDOWS\NV30523056.TMP\nvrssl.dll
    + 2007-12-05 00:41:00 253,952 ----a-w C:\WINDOWS\NV30523056.TMP\nvrssv.dll
    + 2007-12-05 00:41:00 253,952 ----a-w C:\WINDOWS\NV30523056.TMP\nvrsth.dll
    + 2007-12-05 00:41:00 258,048 ----a-w C:\WINDOWS\NV30523056.TMP\nvrstr.dll
    + 2007-12-05 00:41:00 225,280 ----a-w C:\WINDOWS\NV30523056.TMP\nvrszhc.dll
    + 2007-12-05 00:41:00 126,976 ----a-w C:\WINDOWS\NV30523056.TMP\nvrszht.dll
    + 2007-12-05 00:41:00 466,944 ----a-w C:\WINDOWS\NV30523056.TMP\nvshell.dll
    + 2007-12-05 00:41:00 1,703,936 ----a-w C:\WINDOWS\NV30523056.TMP\nvwdmcpl.dll
    + 2007-12-05 00:41:00 1,019,904 ----a-w C:\WINDOWS\NV30523056.TMP\nvwimg.dll
    + 2007-12-05 00:41:00 282,624 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsar.dll
    + 2007-12-05 00:41:00 286,720 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrscs.dll
    + 2007-12-05 00:41:00 294,912 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsda.dll
    + 2007-12-05 00:41:00 311,296 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsde.dll
    + 2007-12-05 00:41:00 335,872 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsel.dll
    + 2007-12-05 00:41:00 286,720 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrseng.dll
    + 2007-12-05 00:41:00 335,872 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrses.dll
    + 2007-12-05 00:41:00 327,680 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsesm.dll
    + 2007-12-05 00:41:00 303,104 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsfi.dll
    + 2007-12-05 00:41:00 327,680 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsfr.dll
    + 2007-12-05 00:41:00 278,528 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrshe.dll
    + 2007-12-05 00:41:00 315,392 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrshu.dll
    + 2007-12-05 00:41:00 323,584 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsit.dll
    + 2007-12-05 00:41:00 212,992 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsja.dll
    + 2007-12-05 00:41:00 196,608 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsko.dll
    + 2007-12-05 00:41:00 319,488 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsnl.dll
    + 2007-12-05 00:41:00 299,008 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsno.dll
    + 2007-12-05 00:41:00 294,912 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrspl.dll
    + 2007-12-05 00:41:00 323,584 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrspt.dll
    + 2007-12-05 00:41:00 319,488 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsptb.dll
    + 2007-12-05 00:41:00 315,392 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsru.dll
    + 2007-12-05 00:41:00 299,008 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrssk.dll
    + 2007-12-05 00:41:00 303,104 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrssl.dll
    + 2007-12-05 00:41:00 294,912 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrssv.dll
    + 2007-12-05 00:41:00 290,816 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrsth.dll
    + 2007-12-05 00:41:00 303,104 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrstr.dll
    + 2007-12-05 00:41:00 163,840 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrszhc.dll
    + 2007-12-05 00:41:00 167,936 ----a-w C:\WINDOWS\NV30523056.TMP\nvwrszht.dll
    + 2007-12-05 00:41:00 1,626,112 ----a-w C:\WINDOWS\NV30523056.TMP\nwiz.exe
    + 2008-03-27 18:18:51 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_7f8.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
    "StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
    "VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 03:28 81920]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life\\hl.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Starcraft\\starcraft.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life 2\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life 2 deathmatch\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\source sdk base\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Red Swoosh
    "5000:UDP"= 5000:UDP:Red Swoosh

    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-04-29 15:29]
    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
    S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
    S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
    S3 kbeepm;kbeepm;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\kbeepm.sys []
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-06-01 17:46]
    S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-03-18 18:16]
    S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-06-29 18:57]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-26 06:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-27 20:40:40
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-27 20:41:43
    ComboFix-quarantined-files.txt 2008-03-27 19:41:23
    ComboFix2.txt 2008-03-26 16:21:08
    .
    2008-03-11 22:13:34 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:47:48, on 27/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\ps2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 8204 bytes

    27 Mars 2008 20:50:02

    Re,

    La manip n'a pas marché :)  Suis bien les indications suivantes :

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
  • Tutorial ici :

    2) Retélécharge Combofix et enregistre-le à la racine de ton disque dur, c'est à dire ici : C:\Combofix.exe >>> Ceci est très important !!!

    3) Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    Driver::
    oreans32
    kbeepm

    File::
    C:\WINDOWS\system32\drivers\oreans32.sys

    Folder::
    C:\Program Files\GamesBar


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt et enregistre-le à la racine de ton disque dur, soit sur C:\CFScript.txt >>> Très important là aussi !!!

    4) Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    ;) 
    Anonyme
    27 Mars 2008 21:30:44

    :hello: 

    Si la manip n'avait pas marché, c'est parce qu'il y avait un "é" dans le nom de la session... ce qui n'est pas géré par la console de windows =D.
    Ca a marché cette fois je crois.

    Log T-Cleaner :

    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\Propriétaire\Bureau\vundoFix.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\Propriétaire\Bureau\vundoFix.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Log combofix :

    ComboFix 08-03-26.3 - Propriétaire 2008-03-27 21:00:17.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.173 [GMT 1:00]
    Endroit: C:\ComboFix.exe
    Command switches used :: C:\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\system32\drivers\oreans32.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\GamesBar
    C:\Program Files\GamesBar\Localization-French.ini
    C:\WINDOWS\system32\drivers\oreans32.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_KBEEPM
    -------\Legacy_OREANS32
    -------\Service_kbeepm
    -------\Service_oreans32


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-27 20:57 . 2008-03-27 20:58 1,600,994 --a------ C:\ComboFix.exe
    2008-03-25 19:42 . 2008-03-27 20:55 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-22 07:38 . 2008-03-22 07:38 <REP> d-------- C:\WINDOWS\system32\xir
    2008-03-22 07:38 . 2008-03-22 07:38 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
    2008-03-22 07:37 . 2008-03-22 07:38 <REP> d-------- C:\WINDOWS\system32\pex3
    2008-03-22 07:35 . 2008-03-22 07:37 <REP> d-------- C:\WINDOWS\system32\imd4
    2008-03-22 07:35 . 2008-03-22 07:35 <REP> d-------- C:\WINDOWS\system32\aqVreo01
    2008-03-19 07:22 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
    2008-03-19 07:16 . 2008-03-27 19:22 164,081 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-03-19 07:16 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-03-15 13:43 . 2008-03-15 13:43 32,768 --a------ C:\WINDOWS\system32\aqVreo01\aqVreo011065.exe
    2008-03-14 17:29 . 2008-03-14 17:29 <REP> d-------- C:\Program Files\RADVideo
    2008-03-10 08:49 . 2008-03-27 21:04 <REP> d-------- C:\WINDOWS\nview
    2008-03-10 08:13 . 2008-03-10 08:46 <REP> d-------- C:\WINDOWS\NV22842288.TMP
    2008-03-03 20:01 . 2008-03-03 20:01 142,848 --------- C:\WINDOWS\system32\IESetting.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-27 19:27 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
    2008-03-21 18:33 --------- d-----w C:\Program Files\Steam
    2008-03-19 18:25 --------- d-----w C:\Program Files\Notepad++
    2008-03-08 19:22 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-02-25 19:11 --------- d-----w C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter
    2008-02-22 22:37 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-02-22 22:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-22 22:25 --------- d-----w C:\Program Files\Fichiers communs\Merge Modules
    2008-02-22 21:57 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
    2008-02-22 21:56 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-22 21:54 --------- d-----w C:\Program Files\Microsoft SDKs
    2008-02-22 16:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\NannyMania
    2008-02-20 15:25 --------- d-----w C:\Program Files\GCFScape
    2008-02-20 06:57 --------- d-----w C:\Program Files\QuickTime
    2008-02-20 06:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-14 19:51 --------- d---a-w C:\Program Files\Fichiers communs\Adobe
    2008-02-13 12:25 --------- d-----w C:\Program Files\ToniArts
    2008-02-07 09:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-07 09:26 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-02-02 19:20 2,163 ----a-w C:\Program Files\Craftyov.ini
    2008-01-30 13:06 --------- d-----w C:\Program Files\Real Alternative
    2005-06-03 07:46 588,800 ----a-w C:\Program Files\ssc.exe
    2000-07-25 12:59 233,472 ----a-w C:\Program Files\PakScape.exe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
    "StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
    "VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 03:28 81920]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51 131072]
    "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42 1519616]
    "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 03:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life\\hl.exe"=
    "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\dedicated server\\hlds.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Starcraft\\starcraft.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\condition zero\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\condition zero deleted scenes\\hl.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life 2\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\half-life 2 deathmatch\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\master-poda\\source sdk base\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9420:TCP"= 9420:TCP:Red Swoosh
    "5000:UDP"= 5000:UDP:Red Swoosh

    S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
    S3 ids0004C;ids0004C;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys []
    S3 ids0005c;ids0005c;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys []
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-06-01 17:46]
    S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-03-18 18:16]
    S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-06-29 18:57]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
    S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-26 06:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-27 21:04:45
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-27 21:08:37 - machine was rebooted [Propri‚taire]
    ComboFix-quarantined-files.txt 2008-03-27 20:08:33
    Pre-Run: 14,255,693,824 octets libres
    Post-Run: 14,256,406,528 octets libres
    .
    2008-03-11 22:13:34 --- E O F ---

    Et le log hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:30:48, on 27/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\ps2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 8151 bytes

    ^^
    27 Mars 2008 21:43:04

    Re,

    Oui elle a marché :super:

    Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

    Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
    Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

    Télécharge et installe Antivir. (tuto)
    Pourquoi changer ? Avast vs Antivir
    Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

    Bonne nuit et à demain :hello: 
    Anonyme
    27 Mars 2008 21:51:53

    Oui j'étais justement en train de télécharger antivir :) 

    Le mode sans échec est il nécessaire pour chaque analyse ? Je me suis toujours posé la question. Faut-il aussi faire toutes les opérations anti-virus/spyware/defrag en mode sans échec ?

    L'analyse sera longue, je posterai le rapport demain.

    Merci de m'aider, bonne nuit :) 
    27 Mars 2008 21:56:35

    Re,

    Et bien disons qu'en mode sans échec l'efficacité des scans est supérieure :p 

    Mais bon en mode normal ça marche aussi, juste moins efficace ;) 

    A demain :hello: 

    ;) 
    Anonyme
    28 Mars 2008 17:38:11

    :salut:

    Voici le rapport :



    AntiVir PersonalEdition Classic
    Report file date: vendredi 28 mars 2008 08:56

    Scanning for 1168873 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Propriétaire
    Computer name: MASTER-PODA

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:58:25
    ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 20:58:25
    ANTIVIR3.VDF : 7.0.3.87 5632 Bytes 28/03/2008 07:55:30
    AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 20:58:25
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 20:58:25
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 28 mars 2008 08:56

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'DKService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'ANIWZCSdS.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'CTSyncU.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'QTTask.exe' - '1' Module(s) have been scanned
    Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
    Scan process 'AirGCFG.exe' - '1' Module(s) have been scanned
    Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned
    Scan process 'ps2.EXE' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    37 processes with 37 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '61' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Disque dur>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB824141$\user32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826942$\ndis.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826942$\netshell.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB833987$\sxs.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB833998$\shell32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB833998$\sxs.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\dao360.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB839645$\shell32.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB839645$\sxs.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallQ828026$\wmp.dll
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <DISQUE DUR2>
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: vendredi 28 mars 2008 10:10
    Used time: 1:14:43 min

    The scan has been done completely.

    9785 Scanning directories
    451303 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    42 Files cannot be scanned
    451303 Files not concerned
    19559 Archives were scanned
    42 Warnings
    0 Notes

    :) 
    28 Mars 2008 18:54:51

    Re,

    Dernière vérification :) 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    ;) 
    Anonyme
    29 Mars 2008 13:33:39

    :salut:

    En ce qui concerne mbam, je peux le garder pour l'usage quotidien ?

    Voici le log, il y aait encore des traces !

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 560

    Type de recherche: Examen complet (A:\|C:\|D:\|)
    Eléments examinés: 156395
    Temps écoulé: 53 minute(s), 33 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    29 Mars 2008 14:29:37

    Re,

    Oui tu peux le garder pour usage quotidient ;) 

    Poste un nouveau rapport hijackthis, qu'on finalise la désinfection.

    ;) 
    Anonyme
    29 Mars 2008 14:35:31

    ^^

    Le log est de plus en plus petit =D

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:35:08, on 29/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.17184)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: nTune Service (nTuneService) - Unknown owner - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 8055 bytes
    29 Mars 2008 14:46:54

    :D 

    Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')


    *********************************************************

    C’est OK, tu n’es plus infecté(e) :p 

    1) Télécharge ToolsCleaner sur ton bureau.
    http://www.commentcamarche.net/telecharger/toolscleaner...

    Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

  • Clique sur Recherche et laisse le scan agir ...
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2) Télécharge et installe Ccleaner :
    http://www.01net.com/telecharger/windows/Utilitaire/net...
  • Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
  • Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
  • Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
    3)
  • Désactive ta restauration systeme

  • Réactive ta restauration systeme

  • Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
    ********************************************************************************

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

    - Règles du forum <- ici
    - Poster un message <- ici ( par Malekal )

    Pour t'enregistrer clique sur le bouton register ( en haut )
    Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
    Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

    Tu auras une liste par type d'infection
    Si ton infection n'est pas dans la liste crée un message dans Autres infections

    a+ et bon surf :hello: 


    Quelques liens intéressants :

    http://mickael.barroux.free.fr/securite/
    http://www.malekal.com/
    http://www.infos-du-net.com/forum/275481-11-dossier-pre...
    Anonyme
    29 Mars 2008 20:18:55

    Merci beaucoup de m'avoir aidé ! :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS