Se connecter / S'enregistrer
Votre question

Aidez-moi pour supprimer un cheval de troie

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Mars 2008 11:31:16

Slut tout le monde! Je voudrais savoir comment supprimer un cheval de troie. J ai fit ce qu avait dit Angeldark avec hijackthis mais aprüs je sais pas comment faire. Aidez-moi svp!

J ai copie le resultat de l analyse de hijackthis et je vous donne mes données. Svp trouvez l erreur la-dedans car je sais pas c est laquelle!

Logfile of HijackThis v1.99.1
Scan saved at 07:53:58, on 25.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
C:\windows\system32\qkvadkz.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alejandro\Local Settings\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.carrefour.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
O2 - BHO: (no name) - {43987D15-BB2B-4ADB-A60F-7A89E03CE8F7} - C:\WINDOWS\system32\ntsdexus.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "C:\Documents and Settings\Alejandro\Bureau\ErrorSafeFrenchNewReleaseInstall.exe" -nag
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [qkvadkz] c:\windows\system32\qkvadkz.exe qkvadkz
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jh...
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0112acfcaf3a0d92e206/netzip...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

merci

Autres pages sur : aidez supprimer cheval troie

a b 8 Sécurité
25 Mars 2008 12:53:25

Bonjour,

Télécharge BTFix ([#ff0000]Bibi26[/#f]).
Dézippe l'archive sur ton Bureau.
  • Ouvre le dossier BTFix.
  • Double clique sur BTFix.exe.
  • Clique sur Rechercher.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    25 Mars 2008 13:20:09

    Salut.J'ai trouvé ceci:

    BTFix 1.090 (par bibi26) - 25/03/2008 13:19:57 - Analyse
    Lancé depuis C:\Documents and Settings\Alejandro\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvés

    - C:\WINDOWS\system32\f3PSSavr.scr
    - C:\Program Files\MyWebSearch\
    - C:\Program Files\MySearch\
    - C:\Program Files\daemontools_whenusave_installer\
    - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    - C:\Program Files\Internet Explorer\msimg32.dll
    - C:\Program Files\MSN Messenger\RICHED20.dll
    - C:\Documents and Settings\Alejandro\Application Data\FunWebProducts\

    ---> Analyse terminée
    Contenus similaires
    a b 8 Sécurité
    25 Mars 2008 20:01:40

    Re,

  • Ouvre à nouveau BTFix.
  • Clique sur Nettoyer.
  • Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    25 Mars 2008 20:35:01

    Cela m'a donné ceci

    BTFix 1.090 (par bibi26) - 25/03/2008 20:25:10 - Nettoyage - Mode normal
    Lancé depuis C:\Documents and Settings\Alejandro\Mes documents\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimés (Première passe)

    - Fichiers temporaires effacés
    - C:\WINDOWS\system32\f3PSSavr.scr
    - C:\Program Files\MyWebSearch\bar\5.bin\
    - C:\Program Files\MyWebSearch\bar\Avatar\
    - C:\Program Files\MyWebSearch\bar\Cache\
    - C:\Program Files\MyWebSearch\bar\Game\
    - C:\Program Files\MyWebSearch\bar\History\
    - C:\Program Files\MyWebSearch\bar\icons\
    - C:\Program Files\MyWebSearch\bar\Message\
    - C:\Program Files\MyWebSearch\bar\Notifier\
    - C:\Program Files\MyWebSearch\bar\Settings\
    - C:\Program Files\MyWebSearch\bar\
    - C:\Program Files\MyWebSearch\SrchAstt\5.bin\
    - C:\Program Files\MyWebSearch\SrchAstt\
    - C:\Program Files\MyWebSearch\
    - C:\Program Files\MySearch\bar\1.bin\
    - C:\Program Files\MySearch\bar\
    - C:\Program Files\MySearch\
    - C:\Program Files\daemontools_whenusave_installer\
    - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    - C:\Program Files\Internet Explorer\msimg32.dll
    - C:\Program Files\MSN Messenger\RICHED20.dll
    - C:\Documents and Settings\Alejandro\Application Data\FunWebProducts\Data\Alejandro\
    - C:\Documents and Settings\Alejandro\Application Data\FunWebProducts\Data\
    - C:\Documents and Settings\Alejandro\Application Data\FunWebProducts\

    ---> Nettoyage terminé
    a b 8 Sécurité
    25 Mars 2008 21:51:46

    Reposte un rapport Hijackthis.
    25 Mars 2008 22:41:40

    Voilà.

    Logfile of HijackThis v1.99.1
    Scan saved at 22:41:11, on 25.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system32\qkvadkz.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\RamBooster 2.0\Rambooster.exe
    C:\Program Files\MzRam\MzRamBooster.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alejandro\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: (no name) - {43987D15-BB2B-4ADB-A60F-7A89E03CE8F7} - C:\WINDOWS\system32\ntsdexus.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "C:\Documents and Settings\Alejandro\Bureau\ErrorSafeFrenchNewReleaseInstall.exe" -nag
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [qkvadkz] c:\windows\system32\qkvadkz.exe qkvadkz
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0112acfcaf3a0d92e206/netzip...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    a b 8 Sécurité
    26 Mars 2008 14:26:44

    Re,
    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 4 puis valide.

    Il va te demander de saisir le nom de fichier. Saisie ce qui est en gras ci-dessous et rien d'autre puis valide :
    qkvadkz
    Retape le nom de fichier quand cela te sera demandé.

    L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
    [#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
    Appuie maintenant sur une touche, comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais-le manuellement)

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
    Ainsi qu'un nouveau rapport Hijackthis.

    Ferme Internet Explorer puis Démarrer/Panneau de Configuration/Options Internet.
    Choisis l'onglet Contenu puis onglet Certificats.
    Regarde si tu trouves les programmes suivant (en particulier dans Editeurs approuvés):

    Montorgueil
    VIP


    Si tu les trouves, fais ceci :
    * Sélectionne chacun de ces certificats et clique sur exporter. Enregistre le/les sur ton bureau.
    * Supprime ensuite ceux présents dans l'onglet "certificats" des options de ton naviguateur.

    Ensuite pour chacun des certificats présents sur ton bureau :
    * Va sur le site Web :
    http://www.bleepingcomputer.com/submit-malware.php?chan...
    * Copie/colle ceci dans la case 'Link to Topic' :
    le nom du certificat (Montorgueil ,......)
    * Copie/colle ceci dans la case 'Browse to the File' :
    Le certificat correspondant que tu avais exportés vers ton bureau

    Si c'est fait, supprime enfin le certificat présent sur ton bureau.
    26 Mars 2008 21:25:37

    Voici le rapport sauvegardé:

    Clean Navipromo version 3.5.1 commencé le 26.03.2008 à 21:08:04.43

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Alejandro"
    Actual User Account : "Alejandro"

    Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS


    Mode suppression par méthode manuelle

    Nom du fichier saisi : qkvadkz

    *** Recherche, création sauvegardes et suppression ***

    * Suppression dans C:\WINDOWS\system32 *

    qkvadkz.exe trouvé !
    Copie qkvadkz.exe réalisée avec succès !
    qkvadkz.exe supprimé !

    qkvadkz.dat trouvé !
    Copie qkvadkz.dat réalisée avec succès !
    qkvadkz.dat supprimé !

    qkvadkz_nav.dat trouvé !
    Copie qkvadkz_nav.dat réalisée avec succès !
    qkvadkz_nav.dat supprimé !

    qkvadkz_navps.dat trouvé !
    Copie qkvadkz_navps.dat réalisée avec succès !
    qkvadkz_navps.dat supprimé !

    * Suppression dans "C:\Documents and Settings\Alejandro\locals~1\applic~1" *


    *** Suppression dossiers dans C:\WINDOWS ***


    *** Suppression dossiers dans C:\Program Files ***


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


    *** Suppression dossiers dans "C:\Documents and Settings\Alejandro\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\Alejandro\locals~1\applic~1" ***


    *** Suppression dossiers dans "C:\Documents and Settings\Alejandro\menudm~1\progra~1" ***


    *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



    *** Suppression fichiers ***

    C:\WINDOWS\pack.epk supprimé !
    C:\WINDOWS\system32\nvs2.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Alejandro\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :


    * Dans C:\WINDOWS\system32 *


    * Dans "C:\Documents and Settings\Alejandro\locals~1\applic~1" *


    * Dans "C:\docume~1\Propriétaire\locals~1\applic~1" *


    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok


    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Nettoyage terminé le 26.03.2008 à 21:20:16.82 ***


    Et le rapport de Hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:24:29, on 26.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alejandro\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: (no name) - {43987D15-BB2B-4ADB-A60F-7A89E03CE8F7} - C:\WINDOWS\system32\ntsdexus.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "C:\Documents and Settings\Alejandro\Bureau\ErrorSafeFrenchNewReleaseInstall.exe" -nag
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0112acfcaf3a0d92e206/netzip...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    26 Mars 2008 21:30:59

    Par contre, je n'ai malheureusement pas trouvé de "Montorgeuil" et de "VIP" dans éditeurs approuvés ni dans les autres :??:  :??:  :??: 
    a b 8 Sécurité
    26 Mars 2008 22:00:55

    Pas grave.

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    27 Mars 2008 17:57:06

    Voici le rapport:

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 552

    Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
    Eléments examinés: 135150
    Temps écoulé: 3 hour(s), 52 minute(s), 25 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 38

    Processus mémoire infecté(s):
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe (Rogue.DriveCleaner) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1} (Rogue.WinFixer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1} (Rogue.WinFixer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SDR6V_Check (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alejandro\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alejandro\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554009.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554010.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554011.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554012.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554013.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554014.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554015.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554016.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554017.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554018.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554019.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554020.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554021.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554022.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554023.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554024.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554026.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554027.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554028.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554029.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554031.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554032.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554033.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554034.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554035.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554036.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554037.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554038.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554039.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554040.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554041.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554049.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554050.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554051.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP529\A0554052.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alejandro\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    27 Mars 2008 20:44:21

    Reposte un rapport Hijackthis.
    27 Mars 2008 23:42:10

    Voici-voilà

    Logfile of HijackThis v1.99.1
    Scan saved at 23:41:10, on 27.03.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Documents and Settings\Alejandro\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll
    O2 - BHO: (no name) - {43987D15-BB2B-4ADB-A60F-7A89E03CE8F7} - C:\WINDOWS\system32\ntsdexus.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NI.UERSV_9999_N91S1912] "C:\Documents and Settings\Alejandro\Bureau\ErrorSafeFrenchNewReleaseInstall.exe" -nag
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0112acfcaf3a0d92e206/netzip...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildAppNonUS.cab
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    a b 8 Sécurité
    28 Mars 2008 12:18:28

    On continue :) 

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    29 Mars 2008 08:16:10

    Le voilà:

    ComboFix 08-03-27.1 - Alejandro 2008-03-28 23:33:28.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.224 [GMT 1:00]
    Endroit: C:\Documents and Settings\Alejandro\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .
    TimedOut: progfile.dat

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Alejandro\err.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWSAPAGENT
    -------\Service_NwSapAgent


    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-28 21:57 . 2008-03-28 21:57 <REP> d-------- C:\Program Files\WIZET
    2008-03-28 09:54 . 2008-03-28 09:54 <REP> d-------- C:\Program Files\Microsoft IntelliType Pro
    2008-03-27 10:03 . 2008-03-27 10:03 <REP> d-------- C:\Documents and Settings\Alejandro\Application Data\Malwarebytes
    2008-03-27 10:02 . 2008-03-27 10:03 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-27 10:02 . 2008-03-27 10:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-26 21:04 . 2008-03-26 21:20 <REP> d-------- C:\Program Files\Navilog1
    2008-03-26 18:27 . 2008-03-28 20:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-26 18:27 . 2008-03-26 18:27 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-24 09:32 . 2008-03-24 09:36 <REP> d-------- C:\Program Files\MzRam
    2008-03-24 09:14 . 2008-03-24 09:14 <REP> d-------- C:\Program Files\RamBooster 2.0
    2008-03-23 12:24 . 2008-03-26 08:10 <REP> d-------- C:\Program Files\Windows Live
    2008-03-23 12:24 . 2008-03-23 12:27 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-23 12:24 . 2008-03-23 12:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-23 11:28 . 2008-03-23 11:28 65,175 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-03-23 11:17 . 2008-03-23 11:17 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-03-23 10:49 . 2008-03-23 11:28 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-23 10:46 . 2008-03-23 10:46 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-03-22 21:52 . 2008-03-22 21:52 <REP> d-------- C:\Program Files\uTorrent
    2008-03-22 21:51 . 2008-03-22 21:51 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2008-03-22 21:51 . 2008-03-22 21:51 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2008-03-22 21:49 . 2008-03-28 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-03-22 21:49 . 2008-03-28 23:34 4,661,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-03-22 21:49 . 2008-03-28 23:35 241,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-03-22 21:49 . 2008-03-28 23:23 64,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-03-22 21:49 . 2008-03-28 23:23 24,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-03-22 21:40 . 2008-03-22 21:40 <REP> d-------- C:\kav
    2008-03-22 21:04 . 2008-03-27 00:54 <REP> d-------- C:\Documents and Settings\Alejandro\Application Data\ma-config.com
    2008-03-20 17:18 . 2008-03-20 17:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOMBZ Save Data
    2008-03-20 17:15 . 2008-03-20 17:15 <REP> d-------- C:\WINDOWS\system32\AGEIA
    2008-03-20 17:15 . 2008-03-20 17:15 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-03-20 17:15 . 2008-03-20 17:16 <REP> d-------- C:\Program Files\AGEIA Technologies
    2008-03-20 17:13 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
    2008-03-20 17:13 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
    2008-03-20 17:13 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
    2008-03-20 17:09 . 2008-03-20 17:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-03-09 13:53 . 2003-03-02 17:44 7,552 --a------ C:\WINDOWS\system32\drivers\enodpl.sys
    2008-03-09 13:53 . 2003-04-19 00:32 4,736 --a------ C:\WINDOWS\system32\drivers\tandpl.sys
    2008-02-29 19:36 . 2008-02-29 19:36 <REP> d-------- C:\Documents and Settings\Alejandro\Application Data\Nvu

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-28 22:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-28 14:40 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-27 17:50 --------- d-----w C:\Documents and Settings\Alejandro\Application Data\uTorrent
    2008-03-27 16:56 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-27 09:01 --------- d-----w C:\Program Files\Common Files
    2008-03-26 13:32 --------- d-----w C:\Program Files\Tales Of Pirates Online
    2008-03-23 10:28 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-09 18:20 --------- d-----w C:\Documents and Settings\Alejandro\Application Data\Uniblue
    2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
    2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
    2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
    2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-02-23 13:36 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-02-18 10:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-16 09:00 --------- d-----w C:\Program Files\Apple Software Update
    2008-02-16 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2008-02-10 18:13 --------- d-----w C:\Program Files\directx
    2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
    2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
    2008-02-06 07:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-02-05 22:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll
    2008-02-03 18:15 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-02-03 18:14 --------- d-----w C:\Program Files\Windows Live Favorites
    2008-02-03 16:45 --------- d-----w C:\Program Files\Java
    2008-02-03 16:31 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-02-03 16:30 --------- d-----w C:\Program Files\BitTorrent
    2005-06-13 15:15 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
    .

    ------- Sigcheck -------

    2005-05-02 21:58 663040 0996b57cc2abcb271872296e98a18db2 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
    2005-09-03 01:08 664576 031ca1310e4cb23e5a4f747d763d0b49 C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
    2005-07-03 03:10 663552 39846b1ac2b99349272ee6e075c3b8af C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
    2005-10-21 04:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
    2006-06-23 12:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
    2007-02-19 16:23 669696 1bde6d5dba35797eca8db8fcb80fc015 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
    2007-03-23 10:29 823296 375b58a68a016546535a84060092325c C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
    2005-02-18 16:36 596992 c962156514a22d35a08c041fe9bbbc2e C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
    2004-08-20 00:09 660480 4e958b97efc3d801f49283d1820f48b7 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
    2004-01-21 18:27 592896 4431d510f3db9747725a6014dfdcdfba C:\WINDOWS\$NtUninstallKB890923-IE6SP1-20050225.103456$\wininet.dll
    2005-07-03 03:16 662528 e994e704303f07f331b03ee9ed6d9e2d C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
    2005-05-02 21:57 662016 ffe3e6fb8d52955a2de4c6cc765b02bc C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
    2005-09-03 01:06 662528 a2dd7ec3ac1ead13f65e2898fcabbd1a C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
    2005-10-21 04:41 662528 e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
    2006-06-23 12:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
    2007-02-19 16:04 663040 129a4681b22150d08e35e144494240a2 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
    2007-04-18 13:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
    2007-06-26 15:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
    2007-10-11 06:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
    2007-12-07 01:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
    2007-01-04 15:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\SoftwareDistribution\Download\70ee9301296d09c5cfdd37a6f3d1ab20\sp2qfe\wininet.dll
    2007-08-22 13:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\SoftwareDistribution\Download\f2a336ec22c0f337f1cd52fa57716ebb\sp2qfe\wininet.dll
    2007-12-07 01:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
    2007-12-07 01:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
    2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2003-05-29 10:49 1000448 f5909963533d861d169b737a1a8e1ef8 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    2002-08-30 13:00 1008128 82fe0d400cb1ac937234467b927b867a C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
    2004-08-20 00:09 1036288 2a7bd330924252a2fd80344fc949bb72 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43987D15-BB2B-4ADB-A60F-7A89E03CE8F7}]
    C:\WINDOWS\system32\ntsdexus.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 20:05 344064]
    "Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 21:58 8704]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-06-16 01:27 568096]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19 4841472]
    "nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
    "NI.UERSV_9999_N91S1912"="C:\Documents and Settings\Alejandro\Bureau\ErrorSafeFrenchNewReleaseInstall.exe" [ ]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
    "QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-06-16 01:50 555816]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 14:19 49152]

    C:\Documents and Settings\Alejandro\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
    TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
    UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]
    Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
    --a--c--- 2002-07-23 11:09 477184 C:\WINDOWS\mHotkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    --a--c--- 2003-12-11 15:44 2453504 C:\WINDOWS\CMICNFG.CPL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
    --a--c--- 2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    --a--c--- 2003-11-10 16:06 406016 C:\WINDOWS\System32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    C:\Program Files\Valve\Steam\\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\prizer007\\counter-strike source\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\WINDOWS\\system32\\svchost.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "D:\\kav\\kav7.0\\english\\setup.exe"=
    "C:\\kav\\kav7.0\\english\\setup.exe"=
    "D:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
    "C:\\Documents and Settings\\Alejandro\\Worms World Party\\WWP\\wwp.exe"=
    "D:\\Ntreev\\Grand Chase\\main.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23430:TCP"= 23430:TCP:BitComet 23430 TCP
    "23430:UDP"= 23430:UDP:BitComet 23430 UDP

    R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 15:29]
    R3 ctxc51;ctxc51;C:\WINDOWS\system32\DRIVERS\ctxc51.sys [2004-01-20 22:51]
    R3 ctxc52;ctxc52;C:\WINDOWS\system32\DRIVERS\ctxc52.sys [2004-01-20 22:50]
    R3 ctxc53;ctxc53;C:\WINDOWS\system32\DRIVERS\ctxc53.sys [2004-01-20 22:52]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-09-30 17:51]
    S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 15:27]
    S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 15:41]
    S3 npkycryp;npkycryp;C:\Program Files\Gravity\RO\npkycryp.sys []
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
    S3 XDva008;XDva008;C:\WINDOWS\system32\XDva008.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-27 21:35:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-28 22:02:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-28 23:35:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwSapAgent]
    "ServiceDll"="%SystemRoot%\System32\ipxsap.dll"
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    .
    Temps d'accomplissement: 2008-03-28 23:37:16
    ComboFix-quarantined-files.txt 2008-03-28 22:36:21
    Pre-Run: 4,919,783,424 octets libres
    Post-Run: 4,905,091,072 octets libres
    .
    2008-03-27 09:08:33 --- E O F ---
    a b 8 Sécurité
    29 Mars 2008 12:51:18

    Reposte un rapport Hijackthis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS