Votre question

Virus - Trojan ou je ne sais quoi que je ne trouve pas :(

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Mars 2008 22:56:11

Bonsoir à tous,

J'ai voulu il y a peu rejouer à HOMM III. Un bon vieux jeu comme on les aime. Problème : mon lecteur CD est mort (ordinateur portable, il a du se prendre des coups :s). J'ai récupérer par un ami le contenu du cd en me disant je pourrait l'installer sans le CD, c'est un vieux jeu. Je l'ai fait, mais je ne pouvait pas jouer. Je me suis dit, bon, je vais le craquer.

J'ai pas l'habitude, j'ai chopper un virus. Ou un Trojan, ou je ne sais quoi.

Depuis 3 jours, mon PC, quelque soit l'activité, fait des retours windows fréquemment, et parfois me lance un processus IExplorer.exe, qui aboutit à des pop-up, ou de la musique qui se lance etc ...

Autant dire que c'est pas cool. J'ai trouvé aucun virus ressemblant à ça dans mes recherches google. J'ai fait un Scan online trend micro, ca a trouvé un ou deux trucs mais le problème n'est pas reglé. J'ai fait un scan Avast (mon antivirus) ca a encore trouvé un ou deux trucs mais toujours pas réglé le problème. Scan Spybot S&D toujours rien.

En somme je me retrouve ici, après vous avoir expliqué mon problème, a vous demander humblement si quelqu'un pourrait m'aider à regler mon problème.
Je poste le rapport HiJack ci dessous.

Merci d'avance,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:53, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\sm56hlpr.exe
D:\LecteurMP3\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot S&D\TeaTimer.exe
D:\Divers\deamon tools\DAEMON Tools\daemon.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\LecteurMP3\winamp\winamp.exe
D:\Mozilla\Firefox\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
D:\Divers\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://televisionsurpc.neuf.fr/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.15.254:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\LecteurMP3\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\Hcontrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot S&D\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Divers\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
O21 - SSODL: WinChk - {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll
O21 - SSODL: zip - {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

--
End of file - 10381 bytes

Autres pages sur : virus trojan sais trouve

17 Mars 2008 12:32:02

Je me permet de faire un petit up.

Je sais que j'ai mis pas mal de texte et que ca peut être chiant à lire mais je pensais que c'était mieux d'expliquer le pourquoi du comment.

Si vous avez pas le temps pour tout lire, au moins une petite aide pour décrypter le log HiJack ?

a b 8 Sécurité
17 Mars 2008 13:27:55

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    Contenus similaires
    17 Mars 2008 13:47:38

    Merci pour la réponse,

    Voilà le rapport :

    ComboFix 08-03-14.4 - Gium 2008-03-17 13:38:37.1 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1522 [GMT 1:00]
    Endroit: C:\Documents and Settings\Gium\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Gium\Application Data\macromedia\Flash Player\#SharedObjects\W8F8LT83\www.broadcaster.com
    C:\Documents and Settings\Gium\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Gium\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Documents and Settings\Gium\ravmonlog
    C:\setup.exe
    C:\WINDOWS\system32\Packet.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-16 13:58 . 2008-03-16 13:58 <REP> d-------- C:\538c2bd377e3ae88732daf3e
    2008-03-16 13:48 . 2008-03-16 13:48 <REP> d-------- C:\WINDOWS\LastGood
    2008-03-16 13:15 . 2005-10-09 21:14 53,248 --a------ C:\WINDOWS\system32\SanCpl.cpl
    2008-03-13 16:21 . 2008-03-13 16:21 <REP> d-------- C:\Documents and Settings\Gium\.housecall6.6
    2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
    2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settings.sfm
    2008-03-12 08:02 . 2008-03-12 08:02 <REP> d--hs---- C:\FOUND.006
    2008-03-09 20:26 . 2008-03-09 20:26 1 --a------ C:\WINDOWS\system32\SI.bin
    2008-03-01 12:33 . 2008-03-01 12:33 <REP> d--hs---- C:\FOUND.005
    2008-02-27 22:14 . 2008-02-27 22:14 58,652 --a------ C:\Program Files\AMVapp-uninst.exe
    2008-02-24 19:14 . 2008-02-24 19:14 <REP> d-------- C:\Program Files\Morgan
    2008-02-24 19:14 . 2008-02-24 19:14 53,248 --a------ C:\WINDOWS\system32\DivXAF.ax
    2008-02-22 19:19 . 2008-03-12 20:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-22 19:19 . 2008-02-22 19:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-21 16:10 . 2008-02-21 16:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2008-02-21 15:56 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-02-21 15:56 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-02-21 15:46 . 2008-02-21 15:46 <REP> d-------- C:\Program Files\Bonjour
    2008-02-21 15:41 . 2008-02-21 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-19 10:45 . 2008-02-19 10:45 <REP> d-------- C:\Documents and Settings\Gium\Application Data\MAGIX
    2008-02-18 13:07 . 2008-02-18 13:07 <REP> d-------- C:\Program Files\ffdshow
    2008-02-18 13:07 . 2008-02-27 22:14 35,365 --a------ C:\WINDOWS\system32\uninstHelixYUV.exe
    2008-02-18 13:06 . 2008-02-18 13:06 275 --a------ C:\Disque local (D) (2).lnk
    2008-02-18 13:01 . 2008-02-18 13:01 <REP> d-------- C:\Program Files\AMVapp
    2008-02-17 20:26 . 2008-02-17 20:32 52 --a------ C:\WINDOWS\VideodeLuxe.INI
    2008-02-17 20:02 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
    2008-02-17 20:01 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2008-02-17 20:01 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
    2008-02-17 20:01 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
    2008-02-17 19:59 . 2008-02-17 19:59 <REP> d-------- C:\Program Files\Fichiers communs\MAGIX Shared
    2008-02-17 19:53 . 2008-02-17 19:53 <REP> d-------- C:\WINDOWS\system32\MAGIX
    2008-02-17 19:53 . 2002-09-21 00:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
    2008-02-17 19:53 . 1998-10-15 17:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
    2008-02-17 19:53 . 1999-01-28 14:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
    2008-02-17 19:52 . 2005-07-13 14:04 446,464 --a------ C:\WINDOWS\system32\mgxoschk.dll
    2008-02-17 19:52 . 2005-06-10 11:38 1,287 --a------ C:\WINDOWS\mgxoschk.ini
    2008-02-17 13:23 . 2008-02-17 13:23 <REP> d-------- C:\Documents and Settings\All Users\Bureau

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-09 19:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-03-05 09:54 102,400 ----a-w C:\WINDOWS\DUMP82dc.tmp
    2008-02-16 21:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin
    2008-02-16 20:17 --------- d-----w C:\Program Files\MSBuild
    2008-02-16 20:17 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-16 20:15 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-16 20:12 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-02-16 17:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin
    2008-02-16 17:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    2008-02-14 12:36 102,400 ----a-w C:\WINDOWS\DUMP96a3.tmp
    2008-02-10 13:47 102,400 ----a-w C:\WINDOWS\DUMP8193.tmp
    2008-02-06 19:40 --------- d-----w C:\Documents and Settings\Gium\Application Data\InstallShield
    2008-01-26 10:39 --------- d-----w C:\Documents and Settings\Gium\Application Data\.purple
    2008-01-25 23:19 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-01-25 19:35 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-01-20 15:36 --------- d-----w C:\Program Files\Common Files
    2008-01-09 18:43 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2006-05-24 09:46 21,552 ----a-w C:\WINDOWS\inf\usbstor.sys
    2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot S&D\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "DAEMON Tools"="D:\Divers\deamon tools\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 14850560 C:\WINDOWS\RTHDCPL.EXE]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945]
    "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
    "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
    "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
    "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440]
    "SMSERIAL"="sm56hlpr.exe" [2005-05-26 19:12 544768 C:\WINDOWS\sm56hlpr.exe]
    "iTunesHelper"="D:\LecteurMP3\iTunes\iTunesHelper.exe" [2006-09-12 00:58 229952]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
    "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
    "SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-01-30 09:03 46080]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
    "CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
    "CTPCMCIASBUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe" [2005-09-05 11:24 147456]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
    "CTHelper"="CTHELPER.EXE" [2005-12-08 05:06 16384 C:\WINDOWS\CTHELPER.EXE]
    "HControl"="C:\WINDOWS\Hcontrol.exe" [2002-01-08 15:22 53248]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\Gium\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2006-07-12 15:37:26 32768]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinChk"= {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll [2008-03-11 23:55 18702]
    "zip"= {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll [2008-03-11 23:55 23322]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "D:\\LecteurMP3\\iTunes\\iTunes.exe"=
    "D:\\Kraland\\mIRC\\mirc.exe"=
    "D:\\P2P\\Azureus\\Azureus.exe"=
    "D:\\Jeux\\Blobby volley\\volley.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "D:\\MicrosoftOffice\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15858:TCP"= 15858:TCP:NortonAV
    "17461:TCP"= 17461:TCP:NortonAV
    "16841:TCP"= 16841:TCP:NortonAV

    S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Gium\LOCALS~1\Temp\cdrmkaun.sys [2004-02-07 21:07]
    S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 PEEK5;PEEK5 Protocol Driver;D:\ADSL\Aircrack\AIRCRA~1.1\bin\PEEK5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5c8d20-575e-11db-9799-0013023ce91f}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dcaad08-bee3-11dc-9a2c-0013023ce91f}]
    \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72dc21e-6e69-11db-9812-0013023ce91f}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    *Newly Created Service* - EVERESTDRIVER
    *Newly Created Service* - SANDRA
    *Newly Created Service* - SANDRATHESRV
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-17 13:41:28
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-17 13:41:56
    ComboFix-quarantined-files.txt 2008-03-17 12:41:56
    a b 8 Sécurité
    17 Mars 2008 14:38:53

    Reposte un rapport Hijackthis.
    17 Mars 2008 22:26:52

    Encore une fois merci, le voici :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:26:05, on 17/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\WINDOWS\sm56hlpr.exe
    D:\LecteurMP3\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\Hcontrol.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Divers\deamon tools\DAEMON Tools\daemon.exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\WINDOWS\ATKOSD.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Spybot S&D\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\LecteurMP3\winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    D:\Mozilla\Firefox\Mozilla Firefox\firefox.exe
    D:\Divers\HiJack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://televisionsurpc.neuf.fr/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.15.254:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\LecteurMP3\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\Hcontrol.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot S&D\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Divers\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
    O21 - SSODL: WinChk - {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll
    O21 - SSODL: zip - {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

    --
    End of file - 10517 bytes
    19 Mars 2008 07:56:05

    Bonjour, et merci !

    Mon PC a l'air de mieux se comporter (mais je l'ai utiliser que deux heures, j'ai pas eu masse de temps hier). J'ai cependant suivi les instructions et installer AntiVir.
    Cependant, Spybot, au démarage, me demande d'autoriser une série de modification au registre. Et ca à chaque démarage, comme si ma réponse n'était pas prise en compte ... Une idée ? Je pense que ca bien de la désinstallation d'avast pour mettre AntiVir.

    J'ai fait un scan complet en mode sans échec comme conseillé sur le tuto.

    Voilà le rapport :



    AntiVir PersonalEdition Classic
    Report file date: mardi 18 mars 2008 22:45

    Scanning for 1157825 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Administrateur
    Computer name: TRIGIUM

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:35:00
    ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 21:35:00
    ANTIVIR3.VDF : 7.0.3.49 297472 Bytes 18/03/2008 21:35:00
    AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 18/03/2008 21:35:00
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 18/03/2008 21:35:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 18 mars 2008 22:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '52' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll
    [DETECTION] Is the Trojan horse TR/Shell.Eviell
    [INFO] The file was moved to '484e4136.qua'!
    C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll
    [DETECTION] Is the Trojan horse TR/Shell.Eviell
    [INFO] The file was moved to '48504137.qua'!
    C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066727.exe
    [DETECTION] Is the Trojan horse TR/Agent.fwi
    [INFO] The file was moved to '48104b42.qua'!
    C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066728.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
    [INFO] The file was moved to '496d2053.qua'!
    C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066729.exe
    [DETECTION] Is the Trojan horse TR/Agent.fwi
    [INFO] The file was moved to '48104b43.qua'!
    C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066730.exe
    [DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
    [INFO] The file was moved to '496d2054.qua'!
    C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP356\A0068027.dll
    [DETECTION] Is the Trojan horse TR/Shell.Eviell
    [INFO] The file was moved to '48104b73.qua'!
    C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP356\A0068028.dll
    [DETECTION] Is the Trojan horse TR/Shell.Eviell
    [INFO] The file was moved to '496d2064.qua'!
    Begin scan in 'D:\'


    End of the scan: mercredi 19 mars 2008 02:38
    Used time: 3:53:21 min

    The scan has been done completely.

    12652 Scanning directories
    402995 Files were scanned
    8 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    8 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    402987 Files not concerned
    7936 Archives were scanned
    2 Warnings
    7 Notes
    a b 8 Sécurité
    19 Mars 2008 16:27:25

    Reposte un rapport Hijackthis.
    19 Mars 2008 17:28:34

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:27:02, on 19/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Le voilà :

    (Paranthèse : Y-a-t-il un topic pour comprendre la succession de scan et l'utilité de chacun et leur fonction ? )


    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\sm56hlpr.exe
    D:\LecteurMP3\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\Hcontrol.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot S&D\TeaTimer.exe
    C:\WINDOWS\ATKOSD.exe
    D:\Divers\deamon tools\DAEMON Tools\daemon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Mozilla\Firefox\Mozilla Firefox\firefox.exe
    D:\Divers\HiJack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://televisionsurpc.neuf.fr/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.15.254:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\LecteurMP3\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\Hcontrol.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot S&D\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Divers\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
    O21 - SSODL: WinChk - {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll (file missing)
    O21 - SSODL: zip - {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

    --
    End of file - 10163 bytes
    a b 8 Sécurité
    19 Mars 2008 17:29:30

    Refais un scan Combofix.
    19 Mars 2008 22:13:53

    D'accord, voilà le rapport :

    ComboFix 08-03-14.4 - Gium 2008-03-19 22:08:28.2 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1516 [GMT 1:00]
    Endroit: D:\Divers\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-18 23:24 . 2008-03-18 23:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-03-18 22:40 . 2006-07-12 15:37 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-03-18 22:40 . 2006-07-12 15:13 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-03-18 22:40 . 2006-07-12 15:13 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-03-18 22:40 . 2006-07-12 15:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-03-18 22:40 . 2006-07-12 15:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
    2008-03-18 22:40 . 2006-07-12 15:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
    2008-03-18 22:33 . 2008-03-18 22:33 <REP> d-------- C:\Program Files\Avira
    2008-03-18 22:33 . 2008-03-18 22:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-03-16 13:15 . 2005-10-09 21:14 53,248 --a------ C:\WINDOWS\system32\SanCpl.cpl
    2008-03-13 16:21 . 2008-03-13 16:21 <REP> d-------- C:\Documents and Settings\Gium\.housecall6.6
    2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
    2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settings.sfm
    2008-03-12 08:02 . 2008-03-12 08:02 <REP> d--hs---- C:\FOUND.006
    2008-03-09 20:26 . 2008-03-09 20:26 1 --a------ C:\WINDOWS\system32\SI.bin
    2008-03-01 12:33 . 2008-03-01 12:33 <REP> d--hs---- C:\FOUND.005
    2008-02-27 22:14 . 2008-02-27 22:14 58,652 --a------ C:\Program Files\AMVapp-uninst.exe
    2008-02-24 19:14 . 2008-02-24 19:14 <REP> d-------- C:\Program Files\Morgan
    2008-02-24 19:14 . 2008-02-24 19:14 53,248 --a------ C:\WINDOWS\system32\DivXAF.ax
    2008-02-22 19:19 . 2008-03-12 20:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-22 19:19 . 2008-02-22 19:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-21 16:10 . 2008-02-21 16:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2008-02-21 15:56 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-02-21 15:56 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-02-21 15:46 . 2008-02-21 15:46 <REP> d-------- C:\Program Files\Bonjour
    2008-02-21 15:41 . 2008-02-21 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-19 10:45 . 2008-02-19 10:45 <REP> d-------- C:\Documents and Settings\Gium\Application Data\MAGIX

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-09 19:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-03-05 09:54 102,400 ----a-w C:\WINDOWS\DUMP82dc.tmp
    2008-02-27 21:14 35,365 ----a-w C:\WINDOWS\system32\uninstHelixYUV.exe
    2008-02-18 12:07 --------- d-----w C:\Program Files\ffdshow
    2008-02-18 12:01 --------- d-----w C:\Program Files\AMVapp
    2008-02-17 18:59 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared
    2008-02-16 21:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin
    2008-02-16 20:17 --------- d-----w C:\Program Files\MSBuild
    2008-02-16 20:17 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-16 20:15 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-16 20:12 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-02-16 17:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin
    2008-02-16 17:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    2008-02-14 12:36 102,400 ----a-w C:\WINDOWS\DUMP96a3.tmp
    2008-02-10 13:47 102,400 ----a-w C:\WINDOWS\DUMP8193.tmp
    2008-02-06 19:40 --------- d-----w C:\Documents and Settings\Gium\Application Data\InstallShield
    2008-01-26 10:39 --------- d-----w C:\Documents and Settings\Gium\Application Data\.purple
    2008-01-25 23:19 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-01-25 19:35 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-01-20 15:36 --------- d-----w C:\Program Files\Common Files
    2008-01-09 18:43 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2006-05-24 09:46 21,552 ----a-w C:\WINDOWS\inf\usbstor.sys
    2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-17_13.41.39,65 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-18 21:35:00 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot S&D\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "DAEMON Tools"="D:\Divers\deamon tools\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 14850560 C:\WINDOWS\RTHDCPL.EXE]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945]
    "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
    "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
    "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
    "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440]
    "SMSERIAL"="sm56hlpr.exe" [2005-05-26 19:12 544768 C:\WINDOWS\sm56hlpr.exe]
    "iTunesHelper"="D:\LecteurMP3\iTunes\iTunesHelper.exe" [2006-09-12 00:58 229952]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
    "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
    "SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-01-30 09:03 46080]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
    "CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
    "CTPCMCIASBUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe" [2005-09-05 11:24 147456]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
    "CTHelper"="CTHELPER.EXE" [2005-12-08 05:06 16384 C:\WINDOWS\CTHELPER.EXE]
    "HControl"="C:\WINDOWS\Hcontrol.exe" [2002-01-08 15:22 53248]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-18 22:35 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\Gium\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2006-07-12 15:37:26 32768]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinChk"= {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll [ ]
    "zip"= {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll [ ]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "D:\\LecteurMP3\\iTunes\\iTunes.exe"=
    "D:\\Kraland\\mIRC\\mirc.exe"=
    "D:\\P2P\\Azureus\\Azureus.exe"=
    "D:\\Jeux\\Blobby volley\\volley.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "D:\\MicrosoftOffice\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15858:TCP"= 15858:TCP:NortonAV
    "17461:TCP"= 17461:TCP:NortonAV
    "16841:TCP"= 16841:TCP:NortonAV

    S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Gium\LOCALS~1\Temp\cdrmkaun.sys []
    S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 PEEK5;PEEK5 Protocol Driver;D:\ADSL\Aircrack\AIRCRA~1.1\bin\PEEK5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5c8d20-575e-11db-9799-0013023ce91f}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dcaad08-bee3-11dc-9a2c-0013023ce91f}]
    \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72dc21e-6e69-11db-9812-0013023ce91f}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-19 22:11:14
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-19 22:11:50
    ComboFix-quarantined-files.txt 2008-03-19 21:11:48
    ComboFix2.txt 2008-03-17 12:41:58
    a b 8 Sécurité
    20 Mars 2008 16:10:47

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll
    C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "WinChk"=-
    "zip"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    20 Mars 2008 16:43:13

    Voilà les rapports (en quote pour plus de lisibilité) :

    ComboFix :
    Citation :
    ComboFix 08-03-14.4 - Gium 2008-03-20 16:36:54.3 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1518 [GMT 1:00]
    Endroit: D:\Divers\ComboFix.exe
    Command switches used :: D:\Divers\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll
    C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-18 23:24 . 2008-03-18 23:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
    2008-03-18 22:40 . 2006-07-12 15:37 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-03-18 22:40 . 2006-07-12 15:13 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-03-18 22:40 . 2006-07-12 15:13 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-03-18 22:40 . 2006-07-12 14:59 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-03-18 22:40 . 2006-07-12 15:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-03-18 22:40 . 2006-07-12 15:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
    2008-03-18 22:40 . 2006-07-12 15:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
    2008-03-18 22:33 . 2008-03-18 22:33 <REP> d-------- C:\Program Files\Avira
    2008-03-18 22:33 . 2008-03-18 22:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    2008-03-16 13:15 . 2005-10-09 21:14 53,248 --a------ C:\WINDOWS\system32\SanCpl.cpl
    2008-03-13 16:21 . 2008-03-13 16:21 <REP> d-------- C:\Documents and Settings\Gium\.housecall6.6
    2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
    2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settings.sfm
    2008-03-12 08:02 . 2008-03-12 08:02 <REP> d--hs---- C:\FOUND.006
    2008-03-09 20:26 . 2008-03-09 20:26 1 --a------ C:\WINDOWS\system32\SI.bin
    2008-03-01 12:33 . 2008-03-01 12:33 <REP> d--hs---- C:\FOUND.005
    2008-02-27 22:14 . 2008-02-27 22:14 58,652 --a------ C:\Program Files\AMVapp-uninst.exe
    2008-02-24 19:14 . 2008-02-24 19:14 <REP> d-------- C:\Program Files\Morgan
    2008-02-24 19:14 . 2008-02-24 19:14 53,248 --a------ C:\WINDOWS\system32\DivXAF.ax
    2008-02-22 19:19 . 2008-03-19 22:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-22 19:19 . 2008-02-22 19:19 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-21 16:10 . 2008-02-21 16:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
    2008-02-21 15:56 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-02-21 15:56 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-02-21 15:46 . 2008-02-21 15:46 <REP> d-------- C:\Program Files\Bonjour
    2008-02-21 15:41 . 2008-02-21 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-09 19:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-03-05 09:54 102,400 ----a-w C:\WINDOWS\DUMP82dc.tmp
    2008-02-27 21:14 35,365 ----a-w C:\WINDOWS\system32\uninstHelixYUV.exe
    2008-02-19 09:45 --------- d-----w C:\Documents and Settings\Gium\Application Data\MAGIX
    2008-02-18 12:07 --------- d-----w C:\Program Files\ffdshow
    2008-02-18 12:01 --------- d-----w C:\Program Files\AMVapp
    2008-02-17 18:59 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared
    2008-02-16 21:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin
    2008-02-16 20:17 --------- d-----w C:\Program Files\MSBuild
    2008-02-16 20:17 --------- d-----w C:\Program Files\Microsoft Works
    2008-02-16 20:15 --------- d-----w C:\Program Files\Microsoft.NET
    2008-02-16 20:12 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-02-16 17:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin
    2008-02-16 17:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
    2008-02-14 12:36 102,400 ----a-w C:\WINDOWS\DUMP96a3.tmp
    2008-02-10 13:47 102,400 ----a-w C:\WINDOWS\DUMP8193.tmp
    2008-02-06 19:40 --------- d-----w C:\Documents and Settings\Gium\Application Data\InstallShield
    2008-01-26 10:39 --------- d-----w C:\Documents and Settings\Gium\Application Data\.purple
    2008-01-25 23:19 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    2008-01-25 19:35 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-01-20 15:36 --------- d-----w C:\Program Files\Common Files
    2008-01-09 18:43 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
    2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2006-05-24 09:46 21,552 ----a-w C:\WINDOWS\inf\usbstor.sys
    2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-17_13.41.39,65 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-18 21:35:00 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot S&D\TeaTimer.exe" [2005-05-31 01:04 1415824]
    "DAEMON Tools"="D:\Divers\deamon tools\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
    "RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 14850560 C:\WINDOWS\RTHDCPL.EXE]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945]
    "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
    "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
    "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
    "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440]
    "SMSERIAL"="sm56hlpr.exe" [2005-05-26 19:12 544768 C:\WINDOWS\sm56hlpr.exe]
    "iTunesHelper"="D:\LecteurMP3\iTunes\iTunesHelper.exe" [2006-09-12 00:58 229952]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
    "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
    "SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-01-30 09:03 46080]
    "CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
    "CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
    "CTPCMCIASBUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe" [2005-09-05 11:24 147456]
    "AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
    "CTHelper"="CTHELPER.EXE" [2005-12-08 05:06 16384 C:\WINDOWS\CTHELPER.EXE]
    "HControl"="C:\WINDOWS\Hcontrol.exe" [2002-01-08 15:22 53248]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-18 22:35 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\Gium\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

    C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
    ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2006-07-12 15:37:26 32768]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "D:\\LecteurMP3\\iTunes\\iTunes.exe"=
    "D:\\Kraland\\mIRC\\mirc.exe"=
    "D:\\P2P\\Azureus\\Azureus.exe"=
    "D:\\Jeux\\Blobby volley\\volley.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "D:\\MicrosoftOffice\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "15858:TCP"= 15858:TCP:NortonAV
    "17461:TCP"= 17461:TCP:NortonAV
    "16841:TCP"= 16841:TCP:NortonAV

    S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Gium\LOCALS~1\Temp\cdrmkaun.sys []
    S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 PEEK5;PEEK5 Protocol Driver;D:\ADSL\Aircrack\AIRCRA~1.1\bin\PEEK5.SYS []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5c8d20-575e-11db-9799-0013023ce91f}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dcaad08-bee3-11dc-9a2c-0013023ce91f}]
    \Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72dc21e-6e69-11db-9812-0013023ce91f}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-20 16:39:27
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-20 16:39:54
    ComboFix-quarantined-files.txt 2008-03-20 15:39:54
    ComboFix3.txt 2008-03-17 12:41:58
    ComboFix2.txt 2008-03-19 21:11:52


    HiJackThis:
    Citation :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:40:25, on 20/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\WINDOWS\sm56hlpr.exe
    D:\LecteurMP3\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\SMSC\Seticon.exe
    C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
    C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\WINDOWS\Hcontrol.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Divers\deamon tools\DAEMON Tools\daemon.exe
    C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\ATKOSD.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Mozilla\Firefox\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Spybot S&D\TeaTimer.exe
    C:\WINDOWS\system32\notepad.exe
    D:\Divers\HiJack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://televisionsurpc.neuf.fr/index.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.15.254:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\LecteurMP3\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\Hcontrol.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot S&D\TeaTimer.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "D:\Divers\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
    O21 - SSODL: zip - {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

    --
    End of file - 9999 bytes



    C'est en bonne voie ? Je suis pas trop infecté ? Je me rends pas bien compte ...
    a b 8 Sécurité
    20 Mars 2008 16:56:37

    Tu as le même problème ?
    21 Mars 2008 00:41:28

    Non, j'ai l'impression que c'est passé.

    Merci beaucoup :) 

    Pour ne pas revenir déranger, je (re) demande, il n'y a pas de topic explicatif sur les scans, leurs effets, les effets de comboFix, toussa, pour qu'on puisse essayer de se dépatouiller seul ?

    Y a t-il de bon site pour apprendre ca sinon ? Ou des tutoriaux ?

    a b 8 Sécurité
    21 Mars 2008 17:49:40

    Citation :
    Pour ne pas revenir déranger, je (re) demande, il n'y a pas de topic explicatif sur les scans, leurs effets, les effets de comboFix, toussa, pour qu'on puisse essayer de se dépatouiller seul ?

    Y a t-il de bon site pour apprendre ca sinon ? Ou des tutoriaux ?

    Non :/ 
    Faut lire, lire et lire.
    21 Mars 2008 19:06:18

    Oki .... Bon bah merci et puis je vais tenter de m'instruire :) 
    a b 8 Sécurité
    21 Mars 2008 19:06:56

    Bonne continuation.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS