Se connecter / S'enregistrer
Votre question

fenêtres intempestives IE7 intitulées 'advertissement' + problème msn

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Mars 2008 13:18:54

Bonjour,

Alors voilà, je commence par le début:

Un jour on m'a envoyé sur Windows Live Messenger un message qui contenait un lien du style photo-album.isuisse...
Tel un boulet, j'ai téléchargé ce qu'il proposait. Là commencent les problèmes, WLM ouvrait et refermait des fenêtres de conversation sans explication et des fois le message:"ta tof fais koi sur ce site :p " se copie toute seule dans le presse-papier...

Seulement je ne sais pas si ça a un lien, mais depuis que j'ai eu ce problème, un autre est apparu: des fenêtre intempestives apparaissent toutes seules et contiennent des pubs pour e-bay, casino...
Ces fenêtre apparaissent sous IE7 alors que j'utilise Firefox 2.

Autre chose: le peu de fois où j'utilise IE7 (pour consulter mes messages), la fenêtre est sélectionnée (normal) mais au bout d'un moment elle se désélectionne alors qu'en bas à côté de 'démarrer' elle reste bien activée...
Aussi, quelque fois (mais c'est rare), la fenêtre se referme toute seule.

C'est peut-être deux problèmes sans aucun lien je ne sais pas.

Je met le rapport obtenu avec Hijackthis:

Citation :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:33, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
L:\WINDOWS1\System32\smss.exe
L:\WINDOWS1\system32\winlogon.exe
L:\WINDOWS1\system32\services.exe
L:\WINDOWS1\system32\lsass.exe
L:\WINDOWS1\system32\Ati2evxx.exe
L:\WINDOWS1\system32\svchost.exe
L:\WINDOWS1\System32\svchost.exe
L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
L:\WINDOWS1\system32\Ati2evxx.exe
L:\WINDOWS1\Explorer.EXE
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
L:\WINDOWS1\mrofinu1423.exe
L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
L:\WINDOWS1\system32\ctfmon.exe
L:\Program Files\nvcoi\nvcoi.exe
L:\WINDOWS1\SEMBLY~1\wucrtupd.exe
L:\WINDOWS1\system32\?dobe\w?auclt.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.exe
L:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
L:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
L:\WINDOWS1\system32\spoolsv.exe
L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
L:\Program Files\Bonjour\mDNSResponder.exe
L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
L:\WINDOWS1\system32\HPZipm12.exe
L:\WINDOWS1\system32\tcpsvcs.exe
L:\WINDOWS1\System32\snmp.exe
L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
L:\WINDOWS1\system32\svchost.exe
L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
L:\WINDOWS1\System32\svchost.exe
L:\Program Files\Windows Live\Messenger\usnsvc.exe
l:\program files\winamp toolbar\WinampTbServer.exe
L:\PROGRA~1\Mozilla Firefox\firefox.exe
L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\Installations\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=L:\WINDOWS1\system32\userinit.exe,L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - L:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82} - L:\Program Files\Outlook Express\nixecolat777444.dll
O2 - BHO: (no name) - {6641E994-2E0A-2E80-0467-5900CCCADFBB} - L:\WINDOWS1\system32\jybirmq.dll
O2 - BHO: 0 - {6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A} - L:\Program Files\NetMeeting\temaxipyg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96DB3454-0D6D-4552-B6A1-8821025A4C6E} - L:\Program Files\Outlook Express\nixecolat821058.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - L:\WINDOWS1\AutoUpdateWin31.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - L:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - L:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Flash Media] L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] L:\WINDOWS1\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [msnmsgr] "L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] L:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [nvcoi] L:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [Aspl] "L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [Oqxgfx] L:\WINDOWS1\system32\?dobe\w?auclt.exe
O4 - HKCU\..\Run: [MSNCleaner] L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = L:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Toolbar Search - L:\Documents and Settings\All Users.WINDOWS1\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/Mu...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS1\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS1\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - L:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPGService - Hauppauge Computer Works - L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - L:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - L:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS1\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Service de nom d'archive StuffIt (Stuffit Archive Name Service) - Smith Micro Software, Inc. - L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O24 - Desktop Component 0: (no name) - L:\Program Files\NetMeeting\xuvemejifs.html

--
End of file - 9676 bytes


Merci pour votre aide.

Autres pages sur : fenetres intempestives ie7 intitulees advertissement probleme msn

8 Mars 2008 13:31:57

Voici aussi le rapport obtenu avec MSNFix:

Citation :
MSNFix 1.674

L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNFix
Fix exécuté le 08/03/2008 - 13:24:11,50 By Najar
mode normal

************************ Recherche les fichiers présents

... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
... L:\WINDOWS1\mrofinu*.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
/!\ ... L:\WINDOWS1\mrofinu*.exe



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
/!\ ... L:\DOCUME~1\NAJAR~1.NAJ\LOCALS~1\Temp\services.exe
.. OK ... L:\WINDOWS1\mrofinu*.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[L:\HijackThis.exe] E8269245566BE948F6A219135B434160

==> SVP merci d'envoyer le fichier L:\DOCUME~1\NAJAR~1.NAJ\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08032008_13271923.zip



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

a b 8 Sécurité
8 Mars 2008 13:41:19

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    Contenus similaires
    8 Mars 2008 13:55:13

    Voila ce que j'obtiens:
    Citation :
    ComboFix 08-03-07.4 - Najar 2008-03-08 13:41:12.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1057 [GMT 1:00]
    Endroit: L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\inst.exe
    L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu Démarrer\Programmes\Outerinfo
    L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
    L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
    L:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
    L:\Program Files\NetMeeting\xuvemejifs.html
    L:\Program Files\outerinfo
    L:\Program Files\outerinfo\FF\chrome.manifest
    L:\Program Files\outerinfo\FF\components\FF.dll
    L:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
    L:\Program Files\outerinfo\FF\install.rdf
    L:\Program Files\outerinfo\Terms.rtf
    L:\WINDOWS1\mrofinu1423.exe
    L:\WINDOWS1\sembly~1
    L:\WINDOWS1\sembly~1\??sembly\
    L:\WINDOWS1\sembly~1\wucrtupd.exe
    L:\WINDOWS1\system32\dobe~1
    L:\WINDOWS1\system32\dobe~1\w?auclt.exe
    L:\WINDOWS1\system32\jybirmq.dll
    L:\WINDOWS1\tk58.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\LEGACY_IPRIP
    -------\Iprip


    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-08 13:48 . 0 L:\WINDOWS1\FILELOCK.TMP
    2008-03-08 12:34 . 2007-07-30 19:19 271,224 --a------ L:\WINDOWS1\system32\mucltui.dll
    2008-03-08 12:34 . 2007-07-30 19:19 207,736 --a------ L:\WINDOWS1\system32\muweb.dll
    2008-03-08 12:34 . 2007-07-30 19:18 30,072 --a------ L:\WINDOWS1\system32\mucltui.dll.mui
    2008-03-07 21:07 . 2008-03-07 21:07 <REP> d--hsc--- L:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-07 21:07 . 2008-03-07 21:07 <REP> d-------- L:\Documents and Settings\All Users.WINDOWS1\Application Data\WLInstaller
    2008-03-07 20:17 . 2008-03-07 20:17 149 --a------ L:\Delme.bat
    2008-03-07 20:12 . 2008-03-07 20:19 <REP> d-------- L:\Program Files\Navilog1
    2008-03-07 19:56 . 2008-03-07 19:56 <REP> d-------- L:\Program Files\CleanUp!
    2008-03-07 18:11 . 2008-03-07 18:11 82 --a------ L:\WINDOWS1\system32\DelReboot
    2008-03-07 15:41 . 2008-03-07 15:41 136,627 --a------ L:\WINDOWS1\POTA777444.exe
    2008-03-05 23:36 . 2008-03-07 20:33 15,086 --a------ L:\WINDOWS1\system32\FreePokerBonus.ico
    2008-03-05 23:36 . 2008-03-07 20:33 9,662 --a------ L:\WINDOWS1\system32\ZoneAlarmIconFR.ico
    2008-03-05 23:10 . 2008-03-05 23:10 <REP> d-------- L:\Program Files\nvcoi
    2008-03-05 21:21 . 2008-03-05 21:21 <REP> d-------- L:\BackUpMSNCleaner
    2008-03-05 15:16 . 2008-03-05 15:16 9,296 --a------ L:\WINDOWS1\system32\pjkrox.exe
    2008-03-04 22:43 . 2008-03-07 19:57 37,376 --a------ L:\WINDOWS1\mrofinu1423.MSNFix
    2008-03-04 22:43 . 2008-03-06 14:00 37,376 --a------ L:\WINDOWS1\mrofinu1423.exe.MSNFix
    2008-03-04 21:36 . 2008-03-06 15:24 <REP> d-------- L:\Program Files\StuffPlug3
    2008-03-04 19:47 . 2008-03-04 19:47 2,563 --a------ L:\WINDOWS1\image.jpg
    2008-03-01 12:37 . 2008-03-01 12:37 268 --ah----- L:\sqmdata07.sqm
    2008-03-01 12:37 . 2008-03-01 12:37 244 --ah----- L:\sqmnoopt07.sqm
    2008-02-19 17:01 . 2008-03-08 13:47 <REP> d-------- L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\OpenOffice.org2
    2008-02-19 16:57 . 2008-02-19 16:57 <REP> d-------- L:\Program Files\OpenOffice.org 2.3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-08 12:47 --------- d-----w L:\Program Files\WinTV
    2008-03-08 12:30 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\MEGAUPLOADTOOLBAR
    2008-03-08 11:47 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\Google Updater
    2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam12312
    2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam111
    2008-03-07 19:02 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\Vso
    2008-03-05 22:20 10 ----a-w L:\Program Files\.autoreg
    2008-03-04 20:36 --------- d-----w L:\Program Files\MSN Messenger
    2008-03-04 14:25 --------- d-----w L:\Program Files\MessengerDiscovery
    2008-03-03 13:43 --------- d-----w L:\Program Files\Windows Live Safety Center
    2008-02-29 20:35 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\uTorrent
    2008-02-17 11:36 --------- d-----w L:\Program Files\Everest Poker
    2008-02-09 08:45 --------- d-----w L:\Program Files\Messenger Plus! Live
    2008-02-01 14:27 --------- d-----w L:\Program Files\Realtek AC97
    2008-02-01 14:27 --------- d-----w L:\Program Files\RAR Password Cracker
    2008-01-27 20:10 --------- d-----w L:\Program Files\InterActual
    2008-01-27 17:23 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\FLEXnet
    2008-01-26 15:44 --------- d-----w L:\Program Files\ElcomSoft
    2007-09-08 19:05 37,704 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\GDIPFONTCACHEV1.DAT
    2007-08-23 21:38 47,360 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\pcouffin.sys
    2007-06-17 07:44 357 ----a-w L:\Documents and Settings\Najar\.cb_layout.bin
    1998-10-15 09:04 37,136 ----a-w L:\Documents and Settings\Najar\regsvr32.exe
    1998-10-15 09:04 222,976 ----a-w L:\Documents and Settings\Najar\mssce.exe
    1998-07-16 12:15 1,215,720 ----a-w L:\Documents and Settings\Najar\immc.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-10-04 21:06 1135968 --a------ L:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82}]
    2008-02-28 02:54 217088 --a------ L:\Program Files\Outlook Express\nixecolat777444.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A}]
    2008-03-07 15:41 70144 --a------ L:\Program Files\NetMeeting\temaxipyg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DB3454-0D6D-4552-B6A1-8821025A4C6E}]
    2008-02-08 02:07 217088 --a------ L:\Program Files\Outlook Express\nixecolat821058.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]
    L:\WINDOWS1\AutoUpdateWin31.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "L:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= L:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="L:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="L:\WINDOWS1\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "AdobeUpdater"="L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
    "nvcoi"="L:\Program Files\nvcoi\nvcoi.exe" [2008-03-05 23:10 57344]
    "Aspl"="L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" [ ]
    "Oqxgfx"="L:\WINDOWS1\system32\?dobe\w?auclt.exe" [ ]
    "MSNCleaner"="L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"="L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "TkBellExe"="L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-26 18:16 185632]
    "Adobe Photo Downloader"="L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]
    "QuickTime Task"="L:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="L:\WINDOWS1\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
    backup=L:\WINDOWS1\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\AutoStart IR.lnk
    backup=L:\WINDOWS1\pss\AutoStart IR.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=L:\WINDOWS1\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=L:\WINDOWS1\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=L:\WINDOWS1\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=L:\WINDOWS1\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=L:\WINDOWS1\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
    backup=L:\WINDOWS1\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 10:25 6731312 L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 L:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-03 17:43 69632 L:\WINDOWS1\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2005-06-29 12:26 2806272 L:\WINDOWS1\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antihost]
    L:\WINDOWS1\system32\ahr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    --a------ 2007-09-06 11:06 79224 L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 13:00 15360 L:\WINDOWS1\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
    --a------ 2006-11-28 15:07 688128 L:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 L:\WINDOWS1\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    --a------ 2000-07-12 13:14 311350 L:\Program Files\Microsoft Works\WksSb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2000-08-04 02:01 28739 L:\Program Files\Microsoft Works\WkDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    L:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-05 13:00 59392 L:\WINDOWS1\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    --a------ 2007-10-23 01:47 360448 L:\Program Files\Winamp Remote\bin\OrbTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 05:24 286720 L:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --------- 2005-01-07 16:07 61952 L:\WINDOWS1\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
    --a------ 2007-08-04 06:50 24576 L:\WINDOWS1\WindowsUpdates.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-06-21 14:09 90112 L:\WINDOWS1\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2006-11-10 11:35 90112 L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 03:00 132496 L:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-09-26 18:16 185632 L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2007-10-10 06:28 36352 L:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    --a------ 2000-07-12 11:59 24576 L:\Program Files\Microsoft Works\wkfud.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "L:\\WINDOWS1\\system32\\ftp.exe"=
    "L:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
    "C:\\Windows.old\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Windows.old\\Program Files\\BitComet\\BitComet.exe"=
    "G:\\SIERRA\\Half-Life\\hl.exe"=
    "C:\\Windows.old\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
    "L:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "L:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "L:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "L:\\Program Files\\uTorrent\\uTorrent.exe"=
    "L:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "L:\\DOCUME~1\\NAJAR~1.NAJ\\LOCALS~1\\Temp\\services.exe"=
    "L:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "L:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "11355:TCP"= 11355:TCP:BitComet 11355 TCP
    "11355:UDP"= 11355:UDP:BitComet 11355 UDP
    "3587:TCP"= 3587:TCP:Groupement homologue Windows
    "3540:UDP"= 3540:UDP:p rotocole PNRP (Peer Name Resolution Protocol)
    "9197:TCP"= 9197:TCP:BitComet 9197 TCP
    "9197:UDP"= 9197:UDP:BitComet 9197 UDP

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 EPGService;EPGService;L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 16:17]
    R2 Stuffit Archive Name Service;Service de nom d'archive StuffIt;"L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-10-08 10:07]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;L:\WINDOWS1\system32\drivers\hcw88bda.sys [2006-11-20 23:03]
    R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;L:\WINDOWS1\system32\Drivers\hcw88rc5.sys [2006-11-20 23:03]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;L:\WINDOWS1\system32\drivers\hcw88tse.sys [2006-11-20 23:03]
    R3 hcw88vid;Hauppauge WinTV 88x Video;L:\WINDOWS1\system32\drivers\hcw88vid.sys [2006-11-20 23:03]
    S3 HauppaugeTVServer;HauppaugeTVServer;L:\PROGRA~1\WinTV\HCWTVS~1.EXE [2006-12-01 13:41]
    S3 p2pgasvc;Authentification de groupe réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
    S3 p2psvc;Réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-20 07:37:01 L:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
    - L:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-07 19:00:00 L:\WINDOWS1\Tasks\HPpromotions journeysoftware.job"
    - L:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
    "2008-03-08 12:47:43 L:\WINDOWS1\Tasks\XoftSpySE 2.job"
    - L:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-26 09:23:22 L:\WINDOWS1\Tasks\XoftSpySE.job"
    - L:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-08 13:47:57
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    L:\WINDOWS1\system32\Ati2evxx.exe
    L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    L:\WINDOWS1\system32\Ati2evxx.exe
    L:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    L:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    L:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    L:\Program Files\Bonjour\mDNSResponder.exe
    L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    L:\WINDOWS1\system32\HPZipm12.exe
    L:\WINDOWS1\system32\tcpsvcs.exe
    L:\WINDOWS1\System32\snmp.exe
    L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-08 13:51:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-08 12:51:35
    .
    2008-02-13 11:25:56 --- E O F ---
    a b 8 Sécurité
    8 Mars 2008 21:24:45

    Reposte un rapport Hijackthis.
    10 Mars 2008 23:28:01

    Désolé pour ce retard mais j'ai eu des soucis avec internet... :??: 
    Voici le rapport hijackthis:
    Citation :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:26:29, on 10/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    L:\WINDOWS1\System32\smss.exe
    L:\WINDOWS1\system32\winlogon.exe
    L:\WINDOWS1\system32\services.exe
    L:\WINDOWS1\system32\lsass.exe
    L:\WINDOWS1\system32\Ati2evxx.exe
    L:\WINDOWS1\system32\svchost.exe
    L:\WINDOWS1\System32\svchost.exe
    L:\WINDOWS1\system32\Ati2evxx.exe
    L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    L:\WINDOWS1\system32\spoolsv.exe
    L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    L:\Program Files\Bonjour\mDNSResponder.exe
    L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    L:\WINDOWS1\system32\HPZipm12.exe
    L:\WINDOWS1\system32\tcpsvcs.exe
    L:\WINDOWS1\System32\snmp.exe
    L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    L:\WINDOWS1\system32\svchost.exe
    L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    L:\WINDOWS1\Explorer.EXE
    L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
    L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    L:\WINDOWS1\system32\ctfmon.exe
    L:\WINDOWS1\System32\svchost.exe
    L:\Program Files\nvcoi\nvcoi.exe
    L:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    L:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    L:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    L:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    L:\Program Files\Windows Live\Messenger\usnsvc.exe
    L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\Installations\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - L:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82} - L:\Program Files\Outlook Express\nixecolat777444.dll
    O2 - BHO: 0 - {6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A} - L:\Program Files\NetMeeting\temaxipyg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {96DB3454-0D6D-4552-B6A1-8821025A4C6E} - L:\Program Files\Outlook Express\nixecolat821058.dll
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - L:\WINDOWS1\AutoUpdateWin31.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - L:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - L:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TkBellExe] "L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] L:\WINDOWS1\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [nvcoi] L:\Program Files\nvcoi\nvcoi.exe
    O4 - HKCU\..\Run: [Aspl] "L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" -vt yazb
    O4 - HKCU\..\Run: [Oqxgfx] L:\WINDOWS1\system32\?dobe\w?auclt.exe
    O4 - HKCU\..\Run: [MSNCleaner] L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = L:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Winamp Toolbar Search - L:\Documents and Settings\All Users.WINDOWS1\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/Mu...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - L:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS1\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS1\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - L:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - L:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPGService - Hauppauge Computer Works - L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - L:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - L:\PROGRA~1\WinTV\HCWTVS~1.EXE
    O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS1\system32\HPZipm12.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Service de nom d'archive StuffIt (Stuffit Archive Name Service) - Smith Micro Software, Inc. - L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

    --
    End of file - 9040 bytes
    11 Mars 2008 15:38:25

    Voici le rapport obtenu avec Antivir:

    PS: Les fenêtres apparaissent de moins en moins fréquemment. En fait, j'ai l'impression qu'elles n'apparaissent que lorsque IE7 est ouvert... Peut-être qu'une désinstallation profonde d'IE7 (ce qui n'est pas une mince affaire) serait utile??

    Citation :


    AntiVir PersonalEdition Classic
    Report file date: mardi 11 mars 2008 15:31

    Scanning for 835736 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Najar
    Computer name: NAJAR-A214FC33B

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
    ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
    ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
    AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Windows System Directory
    Configuration file...............: L:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: L:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 11 mars 2008 15:31

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'ArcNameService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'EPGService.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'MessengerDiscovery Live.exe' - '1' Module(s) have been scanned
    Scan process 'soffice.bin' - '1' Module(s) have been scanned
    Scan process 'soffice.exe' - '1' Module(s) have been scanned
    Scan process 'nvcoi.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    43 processes with 43 modules were scanned

    Start scanning boot sectors:
    Boot sector 'L:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '26' files ).


    Starting the file scan:

    Begin scan in 'L:\WINDOWS1\system32'
    L:\WINDOWS1\system32\pjkrox.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '48419889.qua'!
    L:\WINDOWS1\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: mardi 11 mars 2008 15:34
    Used time: 02:37 min

    The scan has been done completely.

    181 Scanning directories
    7138 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    7137 Files not concerned
    9 Archives were scanned
    1 Warnings
    0 Notes

    a b 8 Sécurité
    11 Mars 2008 19:37:33

    Reposte un rapport Hijackthis.
    13 Mars 2008 19:35:03

    Voici le rapport:
    Citation :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:34:15, on 13/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    L:\WINDOWS1\System32\smss.exe
    L:\WINDOWS1\system32\winlogon.exe
    L:\WINDOWS1\system32\services.exe
    L:\WINDOWS1\system32\lsass.exe
    L:\WINDOWS1\system32\Ati2evxx.exe
    L:\WINDOWS1\system32\svchost.exe
    L:\WINDOWS1\System32\svchost.exe
    L:\WINDOWS1\system32\Ati2evxx.exe
    L:\WINDOWS1\system32\spoolsv.exe
    L:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    L:\WINDOWS1\Explorer.EXE
    L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe
    L:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    L:\WINDOWS1\system32\ctfmon.exe
    L:\Program Files\nvcoi\nvcoi.exe
    L:\Program Files\DAEMON Tools\daemon.exe
    L:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    L:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    L:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    L:\Program Files\Bonjour\mDNSResponder.exe
    L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    L:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    L:\WINDOWS1\system32\HPZipm12.exe
    L:\WINDOWS1\system32\tcpsvcs.exe
    L:\WINDOWS1\System32\snmp.exe
    L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    L:\WINDOWS1\system32\svchost.exe
    L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
    L:\WINDOWS1\System32\svchost.exe
    L:\Program Files\Windows Live\Messenger\usnsvc.exe
    L:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    L:\WINDOWS1\system32\wuauclt.exe
    L:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\Installations\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - L:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: (no name) - {6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82} - L:\Program Files\Outlook Express\nixecolat777444.dll
    O2 - BHO: 0 - {6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A} - L:\Program Files\NetMeeting\temaxipyg.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {96DB3454-0D6D-4552-B6A1-8821025A4C6E} - L:\Program Files\Outlook Express\nixecolat821058.dll
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - L:\WINDOWS1\AutoUpdateWin31.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - L:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - L:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - L:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [TkBellExe] "L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "L:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "L:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] L:\WINDOWS1\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AdobeUpdater] L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [nvcoi] L:\Program Files\nvcoi\nvcoi.exe
    O4 - HKCU\..\Run: [Aspl] "L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" -vt yazb
    O4 - HKCU\..\Run: [Oqxgfx] L:\WINDOWS1\system32\?dobe\w?auclt.exe
    O4 - HKCU\..\Run: [MSNCleaner] L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "L:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS1\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = L:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = L:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Winamp Toolbar Search - L:\Documents and Settings\All Users.WINDOWS1\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/Mu...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - L:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - L:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - L:\WINDOWS1\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - L:\WINDOWS1\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - L:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPGService - Hauppauge Computer Works - L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - L:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - L:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - L:\PROGRA~1\WinTV\HCWTVS~1.EXE
    O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS1\system32\HPZipm12.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - L:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Service de nom d'archive StuffIt (Stuffit Archive Name Service) - Smith Micro Software, Inc. - L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe

    --
    End of file - 9391 bytes
    a b 8 Sécurité
    13 Mars 2008 19:38:38

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: 0 - {6D9CAA02-2CC5-4A8C-F5B1-E519FE315B7A} - L:\Program Files\NetMeeting\temaxipyg.dll (file missing)
    O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - L:\WINDOWS1\AutoUpdateWin31.dll (file missing)
    O4 - HKCU\..\Run: [nvcoi] L:\Program Files\nvcoi\nvcoi.exe
    O4 - HKCU\..\Run: [Aspl] "L:\WINDOWS1\SEMBLY~1\wucrtupd.exe" -vt yazb
    O4 - HKCU\..\Run: [Oqxgfx] L:\WINDOWS1\system32\?dobe\w?auclt.exe
    O4 - HKCU\..\Run: [MSNCleaner] L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\MSNCleaner 1.5.6[www.msncreative.net]\MSNCleaner.exe


    Refais un scan Combofix.
    14 Mars 2008 19:53:18

    J'ai fait ce que vous m'avez demandé.

    Citation :
    ComboFix 08-03-07.4 - Najar 2008-03-14 19:47:21.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.942 [GMT 1:00]
    Endroit: L:\Documents and Settings\Najar.NAJAR-A214FC33B\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-11 15:31 . 2008-03-11 15:31 <REP> d-------- L:\Program Files\Avira
    2008-03-11 15:31 . 2008-03-11 15:31 <REP> d-------- L:\Documents and Settings\All Users.WINDOWS1\Application Data\Avira
    2008-03-08 23:36 . 2008-03-08 23:36 <REP> d-------- L:\Program Files\Windows Journal Viewer
    2008-03-08 12:34 . 2007-07-30 19:19 271,224 --a------ L:\WINDOWS1\system32\mucltui.dll
    2008-03-08 12:34 . 2007-07-30 19:19 207,736 --a------ L:\WINDOWS1\system32\muweb.dll
    2008-03-08 12:34 . 2007-07-30 19:18 30,072 --a------ L:\WINDOWS1\system32\mucltui.dll.mui
    2008-03-07 21:07 . 2008-03-07 21:07 <REP> d--hsc--- L:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-07 21:07 . 2008-03-07 21:07 <REP> d-------- L:\Documents and Settings\All Users.WINDOWS1\Application Data\WLInstaller
    2008-03-07 20:17 . 2008-03-07 20:17 149 --a------ L:\Delme.bat
    2008-03-07 20:12 . 2008-03-07 20:19 <REP> d-------- L:\Program Files\Navilog1
    2008-03-07 19:56 . 2008-03-07 19:56 <REP> d-------- L:\Program Files\CleanUp!
    2008-03-07 18:11 . 2008-03-07 18:11 82 --a------ L:\WINDOWS1\system32\DelReboot
    2008-03-07 15:41 . 2008-03-07 15:41 136,627 --a------ L:\WINDOWS1\POTA777444.exe
    2008-03-05 23:36 . 2008-03-07 20:33 15,086 --a------ L:\WINDOWS1\system32\FreePokerBonus.ico
    2008-03-05 23:36 . 2008-03-07 20:33 9,662 --a------ L:\WINDOWS1\system32\ZoneAlarmIconFR.ico
    2008-03-05 23:10 . 2008-03-05 23:10 <REP> d-------- L:\Program Files\nvcoi
    2008-03-05 21:21 . 2008-03-05 21:21 <REP> d-------- L:\BackUpMSNCleaner
    2008-03-04 22:43 . 2008-03-07 19:57 37,376 --a------ L:\WINDOWS1\mrofinu1423.MSNFix
    2008-03-04 22:43 . 2008-03-06 14:00 37,376 --a------ L:\WINDOWS1\mrofinu1423.exe.MSNFix
    2008-03-04 21:36 . 2008-03-06 15:24 <REP> d-------- L:\Program Files\StuffPlug3
    2008-03-04 19:47 . 2008-03-04 19:47 2,563 --a------ L:\WINDOWS1\image.jpg
    2008-03-01 12:37 . 2008-03-01 12:37 268 --ah----- L:\sqmdata07.sqm
    2008-03-01 12:37 . 2008-03-01 12:37 244 --ah----- L:\sqmnoopt07.sqm
    2008-02-19 17:01 . 2008-03-14 12:20 <REP> d-------- L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\OpenOffice.org2
    2008-02-19 16:57 . 2008-02-19 16:57 <REP> d-------- L:\Program Files\OpenOffice.org 2.3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-14 18:38 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\MEGAUPLOADTOOLBAR
    2008-03-14 17:47 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\Google Updater
    2008-03-14 11:20 --------- d-----w L:\Program Files\WinTV
    2008-03-13 19:43 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\uTorrent
    2008-03-12 19:13 --------- d-----w L:\Program Files\Windows Live Safety Center
    2008-03-12 07:46 --------- d-----w L:\Program Files\DAEMON Tools
    2008-03-12 07:43 682,232 ----a-w L:\WINDOWS1\system32\drivers\sptd.sys
    2008-03-12 07:42 --------- d-----w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\Vso
    2008-03-11 13:46 --------- d-----w L:\Program Files\Alwil Software
    2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam12312
    2008-03-07 19:02 --------- d-----w L:\Program Files\Fake Webcam111
    2008-03-05 22:20 10 ----a-w L:\Program Files\.autoreg
    2008-03-04 20:36 --------- d-----w L:\Program Files\MSN Messenger
    2008-03-04 14:25 --------- d-----w L:\Program Files\MessengerDiscovery
    2008-02-17 11:36 --------- d-----w L:\Program Files\Everest Poker
    2008-02-09 08:45 --------- d-----w L:\Program Files\Messenger Plus! Live
    2008-02-01 14:27 --------- d-----w L:\Program Files\Realtek AC97
    2008-02-01 14:27 --------- d-----w L:\Program Files\RAR Password Cracker
    2008-01-27 20:10 --------- d-----w L:\Program Files\InterActual
    2008-01-27 17:23 --------- d-----w L:\Documents and Settings\All Users.WINDOWS1\Application Data\FLEXnet
    2008-01-26 15:44 --------- d-----w L:\Program Files\ElcomSoft
    2007-09-08 19:05 37,704 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\GDIPFONTCACHEV1.DAT
    2007-08-23 21:38 47,360 ----a-w L:\Documents and Settings\Najar.NAJAR-A214FC33B\Application Data\pcouffin.sys
    2007-06-17 07:44 357 ----a-w L:\Documents and Settings\Najar\.cb_layout.bin
    1998-10-15 09:04 37,136 ----a-w L:\Documents and Settings\Najar\regsvr32.exe
    1998-10-15 09:04 222,976 ----a-w L:\Documents and Settings\Najar\mssce.exe
    1998-07-16 12:15 1,215,720 ----a-w L:\Documents and Settings\Najar\immc.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-08_13.51.22.67 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-03-08 22:36:47 65,536 ----a-r L:\WINDOWS1\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}\_C68C351F090F4EF39AFB6B7B54014C9E.exe
    + 2008-03-14 12:14:52 5,208 ----a-w L:\WINDOWS1\SoftwareDistribution\EventCache\{DAC869A7-EFD5-4FC2-8F56-38D3EA336CAB}.bin
    + 2007-08-09 12:04:11 40,768 ----a-w L:\WINDOWS1\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w L:\WINDOWS1\system32\drivers\avgntmgr.sys
    + 2008-03-12 07:49:31 61,632 ----a-w L:\WINDOWS1\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w L:\WINDOWS1\system32\drivers\ssmdrv.sys
    + 2004-08-03 23:56:44 207,360 ----a-w L:\WINDOWS1\system32\inked.dll
    + 2004-08-03 23:56:58 293,376 ----a-w L:\WINDOWS1\system32\wisptis.exe
    + 2008-03-14 11:20:49 16,384 ----atw L:\WINDOWS1\Temp\Perflib_Perfdata_88c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    2007-10-04 21:06 1135968 --a------ L:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82}]
    2008-02-28 02:54 217088 --a------ L:\Program Files\Outlook Express\nixecolat777444.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DB3454-0D6D-4552-B6A1-8821025A4C6E}]
    2008-02-08 02:07 217088 --a------ L:\Program Files\Outlook Express\nixecolat821058.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "L:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= L:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

    [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="L:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "ctfmon.exe"="L:\WINDOWS1\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "AdobeUpdater"="L:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
    "DAEMON Tools"="L:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"="L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
    "TkBellExe"="L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-26 18:16 185632]
    "Adobe Photo Downloader"="L:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 05:32 61440]
    "QuickTime Task"="L:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
    "avgnt"="L:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-12 08:49 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="L:\WINDOWS1\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    L:\Documents and Settings\Najar.NAJAR-A214FC33B\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.3.lnk - L:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
    backup=L:\WINDOWS1\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\AutoStart IR.lnk
    backup=L:\WINDOWS1\pss\AutoStart IR.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=L:\WINDOWS1\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=L:\WINDOWS1\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=L:\WINDOWS1\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=L:\WINDOWS1\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
    backup=L:\WINDOWS1\pss\Outil de mise à jour Google.lnkCommon Startup

    [HKLM\~\startupfolder\L:^Documents and Settings^All Users.WINDOWS1^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
    path=L:\Documents and Settings\All Users.WINDOWS1\Menu Démarrer\Programmes\Démarrage\Rappels du Calendrier Microsoft Works.lnk
    backup=L:\WINDOWS1\pss\Rappels du Calendrier Microsoft Works.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 10:25 6731312 L:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 L:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-03 17:43 69632 L:\WINDOWS1\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2005-06-29 12:26 2806272 L:\WINDOWS1\ALCWZRD.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antihost]
    L:\WINDOWS1\system32\ahr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
    L:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-05 13:00 15360 L:\WINDOWS1\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
    --a------ 2006-11-28 15:07 688128 L:\PROGRA~1\WinTV\EPGSER~1\System\EPGCLI~1.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-05 13:00 208952 L:\WINDOWS1\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
    --a------ 2000-07-12 13:14 311350 L:\Program Files\Microsoft Works\WksSb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
    --a------ 2000-08-04 02:01 28739 L:\Program Files\Microsoft Works\WkDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    L:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-05 13:00 59392 L:\WINDOWS1\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
    --a------ 2007-10-23 01:47 360448 L:\Program Files\Winamp Remote\bin\OrbTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-05 13:00 455168 L:\WINDOWS1\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-06-29 05:24 286720 L:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
    --------- 2005-01-07 16:07 61952 L:\WINDOWS1\system32\HdAShCut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Secure]
    --a------ 2007-08-04 06:50 24576 L:\WINDOWS1\WindowsUpdates.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-06-21 14:09 90112 L:\WINDOWS1\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    --a------ 2006-11-10 11:35 90112 L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 03:00 132496 L:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-09-26 18:16 185632 L:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2007-10-10 06:28 36352 L:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
    --a------ 2000-07-12 11:59 24576 L:\Program Files\Microsoft Works\wkfud.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "L:\\WINDOWS1\\system32\\ftp.exe"=
    "L:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
    "C:\\Windows.old\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Windows.old\\Program Files\\BitComet\\BitComet.exe"=
    "G:\\SIERRA\\Half-Life\\hl.exe"=
    "C:\\Windows.old\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
    "L:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
    "L:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
    "L:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "L:\\Program Files\\uTorrent\\uTorrent.exe"=
    "L:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "L:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "L:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "11355:TCP"= 11355:TCP:BitComet 11355 TCP
    "11355:UDP"= 11355:UDP:BitComet 11355 UDP
    "3587:TCP"= 3587:TCP:Groupement homologue Windows
    "3540:UDP"= 3540:UDP:p rotocole PNRP (Peer Name Resolution Protocol)
    "9197:TCP"= 9197:TCP:BitComet 9197 TCP
    "9197:UDP"= 9197:UDP:BitComet 9197 UDP

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R2 EPGService;EPGService;L:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 16:17]
    R2 Stuffit Archive Name Service;Service de nom d'archive StuffIt;"L:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe" [2007-10-08 10:07]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;L:\WINDOWS1\system32\drivers\hcw88bda.sys [2006-11-20 23:03]
    R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;L:\WINDOWS1\system32\Drivers\hcw88rc5.sys [2006-11-20 23:03]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;L:\WINDOWS1\system32\drivers\hcw88tse.sys [2006-11-20 23:03]
    R3 hcw88vid;Hauppauge WinTV 88x Video;L:\WINDOWS1\system32\drivers\hcw88vid.sys [2006-11-20 23:03]
    S3 HauppaugeTVServer;HauppaugeTVServer;L:\PROGRA~1\WinTV\HCWTVS~1.EXE [2006-12-01 13:41]
    S3 p2pgasvc;Authentification de groupe réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
    S3 p2psvc;Réseau homologue;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;L:\WINDOWS1\system32\svchost.exe [2004-08-05 13:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-20 07:37:01 L:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
    - L:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-14 15:00:00 L:\WINDOWS1\Tasks\HPpromotions journeysoftware.job"
    - L:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
    "2008-03-14 16:00:00 L:\WINDOWS1\Tasks\XoftSpySE 2.job"
    - L:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-01-26 09:23:22 L:\WINDOWS1\Tasks\XoftSpySE.job"
    - L:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-14 19:51:21
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-14 19:51:57
    ComboFix-quarantined-files.txt 2008-03-14 18:51:54
    ComboFix2.txt 2008-03-08 12:51:39
    .
    2008-02-13 11:25:56 --- E O F ---
    a b 8 Sécurité
    14 Mars 2008 21:17:37

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    L:\Program Files\Outlook Express\nixecolat777444.dll
    L:\Program Files\Outlook Express\nixecolat821058.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548F8F9-AF7D-4C01-A1C3-0B5B66A83F82}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96DB3454-0D6D-4552-B6A1-8821025A4C6E}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS