Se connecter / S'enregistrer
Votre question

PUB Internet Explorer!

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Février 2008 10:29:49

Boujour
Voila depuis quelques jours j ai des pubs venant d internet explorer toute les 5 minutes.
Que doit je faire? Je navigue avec Firefox aucun problemes. Es ce que je peux desinstaller Internet Eplorer?
Sinon j ai Norton et il ne detecte rien.
Merci

Autres pages sur : pub internet explorer

20 Février 2008 11:02:51

Salut,

Installe spybot et ad adware, mets les a jour et effectue un scan ... :)  . Pour rajouter un filtre pour les pubs tu peux ajouter l'extension IE7Pro ; sinon je deconseille la desinstallation de IE mais tu peux toujours le faire via ajout/supp -> composants windows sous XP

20 Février 2008 11:08:28

ok donc je vais les telecharger et je te tien au courant
Contenus similaires
20 Février 2008 11:48:44

ok pas de problemes
sinon pour le scan j ai eu quelques problemes avec les mis a jours window et tout ca donc redemarage pc mais c est bon je te l ai envoi des que c est terminer. ;) 
20 Février 2008 12:14:26

voila il ma trouver 27 element dangereux et me les a tous suprilmer mai je vien encor d avoir une pub?
que doit je faire j ai vacciner aussi avec spybot les navigateurs.
20 Février 2008 12:17:28

je vais refaire un scan avec ad adware pour voir
20 Février 2008 12:26:53

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
20 Février 2008 12:32:43

ok pas de probleme la jsui en train de scan avec ad adware il me trouve deja 50 fichier infecte je t envoi le scan ossi des que c est fini
merci de m aider
20 Février 2008 12:35:21

voila le resultat de mon scan ad adware:


Ad-Aware 2007 Build
Log File Created on: 2008-02-20 12:31:58
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: ACER-DC6C4D74B4
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Memory Available: 58%
Total Physical Memory: 2146742272 Bytes
Available Physical Memory: 1226809344 Bytes
Total Page File Size: 4131065856 Bytes
Available On Page File: 3242983424 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1929306112 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 45
Build Number: 0
Build Date and Time: 2008/01/21 09:30:02

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 228160
Infections Detected: 57
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 9 9
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 1 1
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 47 47
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 1304 Name: Win32.Adware.OneStep Category: Adware TAI:3
Item Id: 300035763 Value: Root: HKU Path: .DEFAULT\software\microsoft\internet explorer\searchscopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409}
Item Id: 300035763 Value: Root: HKU Path: S-1-5-21-3630030018-2363494649-2681153098-1006\software\microsoft\internet explorer\searchscopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409}
Item Id: 300035763 Value: Root: HKU Path: S-1-5-18\software\microsoft\internet explorer\searchscopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409}
Item Id: 300035751 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\onestepsearch
Item Id: 300035752 Value: Root: HKLM Path: software\onestepsearch
Item Id: 300035753 Value: Root: HKLM Path: system\controlset001\enum\root\legacy_onestep_search_service
Item Id: 300035754 Value: Root: HKLM Path: system\controlset001\services\onestep search service
Item Id: 300035755 Value: Root: HKLM Path: system\currentcontrolset\enum\root\legacy_onestep_search_service
Item Id: 300035756 Value: Root: HKLM Path: system\currentcontrolset\services\onestep search service
Item Id: 400002344 Value: Folder: C:\Program Files\OneStepSearch
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat 2o7.net s_vi_dzgdlx7Bjfd /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat weborama.fr AFFICHE_W /
Item Id: 600000409 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat server.iad.liveperson.net HumanClickID /
Item Id: 600000409 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat server.iad.liveperson.net HumanClickACTIVE /
Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat atdmt.com AA002 /
Item Id: 600000050 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat tribalfusion.com ANON_ID /
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat int.sitestat.com s1 /cassava/888/
Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat int.sitestat.com c1 /cassava/
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat creative.adsrevenue.net flashInstalled /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[0][0] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[0][1] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[0][2] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[0][3] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[0][4] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[1][0] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[1][1] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[1][2] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[1][3] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[1][4] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[2][0] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[2][1] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[2][2] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[2][3] /
Item Id: 600000416 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adsrevenue.net popsite[2][4] /
Item Id: 600000295 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\matthieu\Cookies\index.dat adtech.de JEB2 /
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat doubleclick.net id /
Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1067730368/
Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1068632757/
Item Id: 600000173 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat bluestreak.com id /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat www.smartadserver.com TestIfCookieP /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat www.smartadserver.com pbw /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat www.smartadserver.com pid /
Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat www.smartadserver.com pbwmaj /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat weborama.fr AFFICHE_W /
Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\admin\Cookies\index.dat weborama.fr wbo_temps_reel /
Item Id: 600000179 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt atdmt.com AA002 /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt smartadserver.com pbw /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt smartadserver.com pid /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt smartadserver.com TestIfCookieP /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt smartadserver.com pbwmaj /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt advertising.com ROLL /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt advertising.com F1 /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt advertising.com ACID /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt advertising.com BASE /
Item Id: 600000225 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt weborama.fr wbo_temps_reel /
Item Id: 600000225 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt weborama.fr AFFICHE_W /
Item Id: 600000276 Value: Browser: Firefox Cookie: C:\Documents and Settings\matthieu\Application Data\Mozilla\Firefox\Profiles/1ewy1xyu.default\cookies.txt gametracker.com time_zone /

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\sxs.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\es.dll

c:\windows\system32\hidserv.dll

c:\windows\system32\hid.dll

c:\windows\system32\ersvc.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\msi.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\browser.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\advpack.dll

c:\windows\system32\wbem\wbemcons.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wudfsvc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wudfplatform.dll

c:\windows\system32\secur32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\secur32.dll

c:\windows\system32\regsvc.dll

C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
c:\program files\fichiers communs\symantec shared\ccsetmgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\fichiers communs\symantec shared\ccl40.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\secur32.dll

c:\program files\fichiers communs\symantec shared\ccvrtrst.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\program files\fichiers communs\symantec shared\ccsetevt.dll

C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
c:\program files\fichiers communs\symantec shared\ccevtmgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\shlwapi.dll

c:\program files\fichiers communs\symantec shared\ccl40.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\fichiers communs\symantec shared\ccvrtrst.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\fichiers communs\symantec shared\ccset.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\progra~1\fichie~1\symant~1\spbbc\spbbcevt.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\fichie~1\symant~1\cclogin.dll

c:\progra~1\fichie~1\symant~1\ccsetevt.dll

c:\progra~1\norton~1\hppevt32.dll

c:\progra~1\norton~1\hppres32.loc

c:\progra~1\norton~1\navevent.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\symneti.dll

C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\PIF\{B8E1DD85-8582-4C61-B58F-2F227FCA9A08}\PIFSVC.EXE
c:\program files\fichiers communs\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\fichiers communs\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifeng.dll

c:\windows\system32\userenv.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\msxml3.dll

c:\progra~1\fichie~1\symant~1\pif\{b8e1d~1\pollmgr.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\fichiers communs\symantec shared\ccl40.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SNDSRVC.EXE
c:\program files\fichiers communs\symantec shared\sndsrvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\symneti.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\userenv.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SPBBC\SPBBCSVC.EXE
c:\program files\fichiers communs\symantec shared\spbbc\spbbcsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\sxs.dll

c:\program files\fichiers communs\symantec shared\ccvrtrst.dll

c:\program files\fichiers communs\symantec shared\ccl40.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\fichiers communs\symantec shared\ccset.dll

c:\program files\fichiers communs\symantec shared\spbbc\spbbcevt.dll

c:\windows\system32\msxml3.dll

c:\program files\fichiers communs\symantec shared\spbbc\bbrgen.dll

C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
c:\program files\fichiers communs\symantec shared\ccpd-lc\symlcsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\program files\fichiers communs\symantec shared\ccpd-lc\symlcnet.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\e_flbbie.dll

c:\windows\system32\fxsmon.dll

c:\windows\system32\fxsevent.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\msonpmon.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\system32\msi.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\winsta.dll

c:\windows\system32\spool\drivers\w32x86\3\e_fuicbie.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\program files\microsoft office\office12\grooveshellextensions.dll

c:\program files\microsoft office\office12\grooveutil.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\program files\microsoft office\office12\groovenew.dll

c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\actxprxy.dll

c:\program files\microsoft office\office12\groovesystemservices.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\msxml3.dll

c:\progra~1\window~3\wmpband.dll

c:\windows\system32\mpr.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\mlang.dll

c:\windows\system32\mydocs.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\nview.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\nvwrsfr.dll

c:\program files\microsoft office\office12\groovemisc.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\rtutils.dll

c:\program files\onestepsearch\onestep.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\fxsst.dll

c:\windows\system32\winspool.drv

c:\windows\system32\fxsapi.dll

c:\windows\system32\msnchathook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\cryptoapi.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\mfc71u.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\sxs.dll

c:\program files\fichiers communs\nero\lib\nerodigitalext.dll

c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80fra.dll

c:\program files\openoffice.org 2.2\program\shlxthdl.dll

c:\program files\openoffice.org 2.2\program\uwinapi.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\program files\openoffice.org 2.2\program\stlport_vc7145.dll

c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

C:\WINDOWS\EHOME\EHTRAY.EXE
c:\windows\ehome\ehtray.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\atl.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\hid.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\winmm.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctf.dll

c:\windows\system32\nview.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\nvwrsfr.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\windows\ehome\ehproxy.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\msnchathook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cryptoapi.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\mfc71u.dll

c:\windows\system32\msvcp71.dll

C:\WINDOWS\RTHDCPL.EXE
c:\windows\rthdcpl.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\hhctrl.ocx

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\dsound.dll

c:\windows\system32\winmm.dll

c:\windows\system32\version.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winspool.drv

c:\windows\system32\comdlg32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\mui\000c\hhctrlui.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\ksuser.dll

c:\windows\system32\nview.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\nvwrsfr.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msnchathook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\cryptoapi.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\mfc71u.dll

c:\windows\system32\msvcp71.dll

C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE
c:\program files\java\jre1.6.0_03\bin\jusched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

C:\WINDOWS\SYSTEM32\SYSMONITOR.EXE
c:\windows\system32\sysmonitor.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorwks.dll

c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll

c:\windows\microsoft.net\framework\v1.1.4322\fusion.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll

c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_163312c1\mscorlib.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorsn.dll

c:\windows\system32\uxtheme.dll

c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll

c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_763c7497\system.windows.forms.dll

c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_9a30e6cd\system.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorjit.dll

c:\windows\microsoft.net\framework\v1.1.4322\diasymreader.dll

c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_f4610cf0\system.drawing.dll

c:\windows\system32\msctfime.ime

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\msctf.dll

c:\windows\system32\nview.dll

c:\windows\system32\psapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\version.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\nvwrsfr.dll

c:\windows\system32\msnchathook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cryptoapi.dll

c:\windows\system32\mfc71u.dll

c:\windows\system32\msvcp71.dll

C:\ACER\EMPOWERING TECHNOLOGY\ERECOVERY\ERAGENT.EXE
c:\acer\empowering technology\erecovery\eragent.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\acer\empowering technology\erecovery\it41.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\oledlg.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\acer\empowering technology\erecovery\imagefile.dll

c:\windows\system32\secur32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\nview.dll

c:\windows\system32\psapi.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\nvwrsfr.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msnchathook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\cryptoapi.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\mfc71u.dll

c:\windows\system32\msvcp71.dll

C:\ACER\EMPOWERING TECHNOLOGY\EDATASECURITY\EDSLOADER.EXE
c:\acer\empowering technology\edatasecurity\edsloader.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\keymanager.dll

c:\windows\system32\cryptoapi.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msnchathook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\version.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mfc71u.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\psdutil.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\showerrmsg.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\nview.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\nvwrsfr.dll

c:\windows\system32\msctf.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
c:\program files\fichiers communs\symantec shared\ccapp.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\program files\fichiers communs\symantec shared\ccl40.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\dbghelp.dll

c:\windows\system32\version.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\program files\fichiers communs\symantec shared\ccvrtrst.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wsock32.dll

c:\program files\fichiers communs\symantec shared\ccset.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

c:\windows\system32\sxs.dll

c:\progra~1\fichie~1\symant~1\ccalert.dll

c:\progra~1\fichie~1\symant~1\ccemlpxy.dll

c:\windows\system32\mswsock.dll

c:\progra~1\fichie~1\symant~1\pif\{b8e1d~1\alerteng.dll

c:\windows\system32\shell32.dll

c:\progra~1\fichie~1\symant~1\securi~1\nsctray.dll

c:\progra~1\fichie~1\symant~1\securi~1\nsctray.loc

c:\progra~1\norton~1\ccimscan.dll

c:\windows\system32\atl71.dll

c:\progra~1\norton~1\defalert.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\progra~1\norton~1\hpp32.dll

c:\windows\system32\symredir.dll

c:\program files\fichiers communs\symantec shared\ccsetevt.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\program files\fichiers communs\symantec shared\ccprosub.dll

c:\progra~1\fichie~1\symant~1\securi~1\nscuicor.dll

c:\windows\system32\msimg32.dll

c:\progra~1\fichie~1\symant~1\securi~1\nscuicor.loc

c:\progra~1\norton~1\hppres32.loc

c:\program files\fichiers communs\symantec shared\security console\nsc_hlpr.dll

c:\progra~1\norton~1\iwp\iwp.dll

c:\progra~1\norton~1\navapw32.dll

c:\progra~1\norton~1\apwutil.dll

c:\program files\norton antivirus\ccavmail.dll

c:\progra~1\norton~1\navapw32.loc

c:\windows\system32\dnsapi.dll

c:\progra~1\norton~1\navoptrf.dll

c:\program files\norton antivirus\hppevt32.dll

c:\windows\system32\winrnr.dll

c:\progra~1\norton~1\statushp.dll

c:\windows\system32\msctf.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\iphlpapi.dll

c:\progra~1\norton~1\apwutil.loc

c:\windows\system32\nview.dll

c:\windows\system32\psapi.dll

c:\windows\system32\winmm.dll

c:\windows\system32\nvwrsfr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\program files\norton antivirus\apwcmdnt.dll

c:\program files\norton antivirus\navlcom.dll

c:\windows\system32\wshtcpip.dll

c:\program files\norton antivirus\apwcmdnt.loc

c:\program files\norton antivirus\naverror.dll

c:\program files\norton antivirus\naverror.loc

c:\windows\system32\nvwddi.dll

c:\program files\fichiers communs\symantec shared\spbbc\spbbcevt.dll

c:\program files\norton antivirus\navevent.dll

c:\program files\norton antivirus\iwp\symfwagt.dll

c:\windows\system32\symneti.dll

c:\program files\fichiers communs\symantec shared\cclogin.dll

c:\program files\norton antivirus\iwp\ccfwsetg.dll

c:\program files\onestepsearch\onestep.dll

c:\windows\system32\mpr.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\progra~1\fichie~1\symant~1\securi~1\nscsrvps.dll

c:\progra~1\fichie~1\symant~1\securi~1\nscuibl.dll

c:\windows\system32\msnchathook.dll

c:\windows\system32\sysenv.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cryptoapi.dll

c:\windows\system32\mfc71u.dll

c:\program files\norton antivirus\navopts.dll

c:\program files\norton antivirus\navopts.loc

c:\program files\norton antivirus\navapscr.dll

c
20 Février 2008 12:37:28

que doit je faire les suprimer ou les mettre en quarantaine( les fichier du registrer win32)?
20 Février 2008 12:47:32

voila le rapport de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:31, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ptlg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/avcenter/fix_homepage...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 14688 bytes
20 Février 2008 12:48:46

Ce n'est pas ce que je t'ai demandé.
Peux-tu éditer ton message précédent en le remplaçant par un rapport HIjackthis.

de toute façon, la suite est illisible ^^
20 Février 2008 12:50:43

Re,

Télécharge SDFix (d’Andy Manchesta)

Enregistre le sur ton le bureau.

Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Lance SDFix.
Double clique sur RunThis.bat . (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.

Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished

Appuie sur une touche.

Un rapport est généré , poste le dans ta réponse.
Il se trouve également. dans le dossier SDFix >Report.txt<
20 Février 2008 12:55:48

alor attend je vais manger je reprend les affaire toute a leure
merci
20 Février 2008 13:07:49

re
le rapport plus haut est bien celui de hijackthis?
veut tu que je le recommence?
20 Février 2008 13:17:33

Fais seulement ce qu'il ya marqué :) 
20 Février 2008 13:40:18


voila le rapport SDFix:

SDFix: Version 1.144

Run by matthieu on 20/02/2008 at 13:26

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\matthieu\Bureau\SDFix

Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service asc3550p - Deleted after Reboot

Checking Files:

No Trojan Files Found






Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 13:34:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:ec,5f,c9,53,d6,f6,11,0c,39,fb,6e,5b,94,16,44,2c,10,83,fc,5f,9b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cc,2a,d0,3a,49,22,60,dd,6d,2f,9b,d7,0d,30,7c,a3,66,07,f6,38,ce,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3c,4b,e8,25,cd,b2,f3,99,9c,44,60,77,20,69,52,ce,52,..
"khjeh"=hex:39,47,9d,21,a4,23,e6,88,dd,9a,c0,c4,94,23,9c,69,e4,db,65,b0,cd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7f,f4,38,98,32,d1,72,1a,92,6f,97,8c,54,e6,db,68,dc,30,66,0c,90,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:ec,5f,c9,53,d6,f6,11,0c,39,fb,6e,5b,94,16,44,2c,10,83,fc,5f,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:cc,2a,d0,3a,49,22,60,dd,6d,2f,9b,d7,0d,30,7c,a3,66,07,f6,38,ce,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3c,4b,e8,25,cd,b2,f3,99,9c,44,60,77,20,69,52,ce,52,..
"khjeh"=hex:39,47,9d,21,a4,23,e6,88,dd,9a,c0,c4,94,23,9c,69,e4,db,65,b0,cd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:7f,f4,38,98,32,d1,72,1a,92,6f,97,8c,54,e6,db,68,dc,30,66,0c,90,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\n\21]
"DisplayName"="\x9c00\x31d\x9c00\x31d\1"
"DeviceDesc"="\x9c00\x31d\x9c00\x31d\1"
"ProviderName"="\x27d4\21\xee18\x7c91\x2844\21\b"
"MFG"="\x4dc"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xa14\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"c:\acernb\install\chipset\smbus\smbusati.inf"

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 254


Remaining Services:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"="C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe:*:D isabled:Adobe Photoshop Elements Media Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:



Files with Hidden Attributes:

Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
Tue 8 Jan 2008 88 ..SHR --- "C:\WINDOWS\system32\F78F811DCF.sys"
Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Tue 8 Jan 2008 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Fri 8 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Fri 8 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Fri 8 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Fri 8 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Fri 8 Sep 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Sun 1 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 29 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT1.tmp"
Wed 20 Feb 2008 5,686 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE3.tmp"
Wed 20 Feb 2008 5,940 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE4.tmp"

Finished!

20 Février 2008 14:16:14

voila que doit je faire avec çà?
je répette mon problème qui persiste: Apparition d' une pub internet explorer(toujours la même) elle reste afficher pendant 10 seconde et se ferme toute seule.
voila merci
20 Février 2008 14:34:14

Re,

  • Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK

  • Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK

    Peux-tu s'il te plaît zipper ce fichier si présent ? -> C:\WINDOWS\system\smvss.exe

    Et l'envoyer à cette adresse : AndyManchesta@hotmail.com

    ********

    Reposte un Hijackthis.
    20 Février 2008 14:53:40

    c est bon j ai envoyer le fichier compresser.
    20 Février 2008 14:55:19

    ca c est le raport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:54:21, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ptlg.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/avcenter/fix_homepage...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
    O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 14503 bytes
    20 Février 2008 15:04:25

    Re,

    Envoie aussi celui-là de la même manière stp : C:\WINDOWS\ptlg.exe

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/ [...] _homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
    O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

    Puis Fix Checked !

    *****

    Télécharge OTMoveIt > Tuto <

    Sauvegarde-le sur le Bureau

    Séléctionne l'encadré ci-dessous
    C:\WINDOWS\system\smvss.exe
    C:\WINDOWS\ptlg.exe

    Lance maintenant OTMoveIt .
    Assure toi que la case unregister dll’s and ocx’s soit cochée.
    Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
    Et clique sur Movelt !

    Si le programme te demande de redemarrer, accepte.

    Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

    NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

    *****

    Tu tiens à Norton ?
    20 Février 2008 15:20:48

    re
    voila j ai fais tout ce que tu ma dit de faire;)
    le probleme c est le rapport avec otmoveit, je n ai pas de rapprt(lorsque que j ai apuyer sur moveit! dans la colonne de droite etait marquer:
    "C:\WINDOWS\system\smvss.exe SUCCEFULY"
    "C:\WINDOWS\ptlg.exe SUCCEFULY"

    sinon je sais pas i cela a un rapport mais lors de la fermeture de windows il y a un massege avec "impossible de terminer l'aplication" "treminer maintenant" et ce programe est souvent "ptlg"

    en tout cas je vien de recevoir encore cette pub.
    20 Février 2008 15:22:15

    et pour la reponse"Tutient à Norton"
    Et bien je commence à douter...
    Que me conseil tu ? le probleme c est que je vien de renouveller l abonnement il me reste environs 200 jours.
    20 Février 2008 15:34:36

    Ok.

    Si tu le paies, je ne te fais pas changer.
    La prochaine fois ;) 

    Reposte un Hijackthis.

    Télécharge Gmer.
    Dézippe le dans un dossier ou sur ton bureau.

    Déconnecte toi d'Internet puis ferme tous les programmes.
    Double-clique sur Gmer.exe.

    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

    Clique sur l'onglet rootkit.
    A droite, coche seulement Files et Services.
    Clique maintenant sur Scan.

    Lorsque le scan est terminé, clique sur Copy.

    Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
    Le rapport doit alors apparaître.
    Enregistre le fichier sur ton bureau et poste le contenu ici.
    20 Février 2008 15:36:55

    Le rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:36:14, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ptlg.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\program files\steam\steam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/avcenter/fix_homepage...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
    O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ptlg - Unknown owner - C:\WINDOWS\system32\ptlg.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 14258 bytes
    20 Février 2008 15:59:07

    Il n'y a aucun resultat apre le scan: c est bien l onglet rootkit/malware?
    j ai beau faire copy et coller il me ressort l ancien scan d' Hijackthis donc il n' a rien copier
    20 Février 2008 16:09:11

    Re,

    Tu as coché les lignes ?

    Télécharge Combofix (de sUBs) sur ton Bureau.

    Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt
    20 Février 2008 16:18:20

    voila le rapport( ca ma foutu les boules:supression win32... :)  )
    ComboFix 08-02-20.2 - matthieu 2008-02-20 16:14:27.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1256 [GMT 1:00]
    Endroit: C:\Documents and Settings\matthieu\Mes documents\Mes fichiers reçus\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\matthieu\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    C:\Program Files\ShoppingReport\Uninst.exe
    C:\WINDOWS\system32\_000002_.tmp.dll
    C:\WINDOWS\system32\_000003_.tmp.dll
    C:\WINDOWS\system32\_000004_.tmp.dll
    C:\WINDOWS\system32\_000005_.tmp.dll
    C:\WINDOWS\system32\_000006_.tmp.dll
    C:\WINDOWS\system32\_000007_.tmp.dll
    C:\WINDOWS\system32\_000008_.tmp.dll
    C:\WINDOWS\system32\_000009_.tmp.dll
    C:\WINDOWS\system32\_000010_.tmp.dll
    C:\WINDOWS\system32\_000011_.tmp.dll
    C:\WINDOWS\system32\_000012_.tmp.dll
    D:\Autorun.inf

    ----- BITS: Possible sites infectés -----

    hxxp://au.download.windowsupd
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-20 15:40 . 2008-02-20 16:01 250 --a------ C:\WINDOWS\gmer.ini
    2008-02-20 15:19 . 2008-02-20 15:19 1,395,357 --a------ C:\WINDOWS\ptlg.exe
    2008-02-20 15:14 . 2008-02-20 15:14 <REP> d-------- C:\_OTMoveIt
    2008-02-20 13:23 . 2008-02-20 13:23 <REP> d-------- C:\WINDOWS\ERUNT
    2008-02-20 13:09 . 2008-02-20 13:09 238 --ah----- C:\aaw7boot.cmd
    2008-02-20 13:08 . 2008-02-19 23:41 <REP> d-------- C:\Program Files\SDFix
    2008-02-20 12:40 . 2008-02-20 12:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-20 12:20 . 2008-02-20 12:20 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-20 12:20 . 2008-02-20 12:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-20 12:20 . 2008-02-20 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-20 11:16 . 2008-02-20 11:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-20 11:16 . 2008-02-20 11:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-19 17:19 . 2008-02-19 17:19 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
    2008-02-19 14:21 . 2008-02-19 14:26 3,668,432 --a------ C:\WINDOWS\sprmvr.exe
    2008-02-19 14:08 . 2008-02-19 14:08 1,395,357 --a------ C:\WINDOWS\system32\ptlg.exe
    2008-02-19 14:08 . 2008-02-19 14:08 466,432 --a------ C:\WINDOWS\ IEXPLORE.EXE
    2008-02-19 13:06 . 2008-02-19 13:06 <REP> d-------- C:\Program Files\GUILD WARS
    2008-02-19 12:27 . 2008-02-19 12:27 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-02-19 11:53 . 2008-02-19 11:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-02-18 17:11 . 2008-02-19 17:26 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-18 17:11 . 2008-02-18 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-18 17:11 . 2008-02-19 17:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-18 16:54 . 2008-02-19 17:27 <REP> d-------- C:\Program Files\Wolfenstein - Enemy Territory
    2008-02-17 18:51 . 2008-02-19 13:16 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Abvent
    2008-02-17 18:51 . 2008-02-17 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Abvent
    2008-02-17 17:14 . 2007-08-21 15:21 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
    2008-02-17 13:32 . 2008-02-17 13:32 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
    2008-02-17 13:32 . 2008-02-17 13:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-02-17 13:30 . 2008-02-17 13:30 <REP> d-------- C:\Program Files\BoontyGames
    2008-02-17 13:30 . 2008-02-17 13:30 <REP> d-------- C:\Program Files\Boonty
    2008-02-15 21:52 . 2006-03-13 16:50 87,824 -ra------ C:\WINDOWS\system32\drivers\w300mgmt.sys
    2008-02-15 21:52 . 2006-03-13 16:50 85,696 -ra------ C:\WINDOWS\system32\drivers\w300obex.sys
    2008-02-15 21:51 . 2006-03-13 16:50 96,352 -ra------ C:\WINDOWS\system32\drivers\w300mdm.sys
    2008-02-15 21:51 . 2006-03-13 16:49 60,800 -ra------ C:\WINDOWS\system32\drivers\w300bus.sys
    2008-02-15 21:51 . 2006-03-13 16:50 9,264 -ra------ C:\WINDOWS\system32\drivers\w300mdfl.sys
    2008-02-15 21:51 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cmnt.sys
    2008-02-15 21:51 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cm.sys
    2008-02-15 21:51 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300whnt.sys
    2008-02-15 21:51 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300wh.sys
    2008-02-15 21:50 . 2008-02-15 21:50 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Teleca
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Program Files\Sony Ericsson
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-02-15 21:46 . 2008-02-15 21:47 <REP> d-------- C:\Program Files\Disc2Phone
    2008-02-07 17:40 . 2008-02-07 17:40 <REP> d-------- C:\Program Files\SiSoftware
    2008-02-04 20:05 . 2008-02-05 22:46 <REP> d-------- C:\Program Files\eMule Acceleration Patch
    2008-01-29 23:07 . 2008-01-29 23:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Nero
    2008-01-29 21:50 . 2008-02-20 13:34 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-29 21:45 . 2008-01-29 21:45 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Nero
    2008-01-29 21:43 . 2008-01-29 21:43 <REP> d-------- C:\Program Files\Nero
    2008-01-29 21:43 . 2008-02-17 12:08 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-01-29 21:43 . 2008-02-17 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-29 21:39 . 2008-02-02 11:59 <REP> d-------- C:\Program Files\AskTBar
    2008-01-27 14:49 . 1997-04-18 11:49 298,496 --a------ C:\WINDOWS\unin040c.exe
    2008-01-27 14:48 . 2008-01-27 14:48 <REP> d-------- C:\Documents and Settings\matthieu\WINDOWS
    2008-01-27 14:45 . 2008-01-27 14:45 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 15:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-02-20 15:00 --------- d-----w C:\Documents and Settings\matthieu\Application Data\teamspeak2
    2008-02-20 14:32 --------- d-----w C:\Program Files\Steam
    2008-02-20 12:39 --------- d-----w C:\Program Files\eMule
    2008-02-20 12:09 --------- d-----w C:\Program Files\OneStepSearch
    2008-02-20 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-19 11:46 74 ----a-w C:\Pos.sys
    2008-02-19 10:01 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-16 07:32 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-08 17:12 --------- d-----w C:\Documents and Settings\matthieu\Application Data\EPSON
    2008-02-05 16:55 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Symantec
    2008-02-03 12:07 --------- d-----w C:\Program Files\TomTom HOME
    2008-02-03 12:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-03 12:03 --------- d-----w C:\Program Files\Corel
    2008-02-03 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
    2008-02-01 15:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-02-01 15:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-02-01 15:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-02-01 15:38 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-02-01 15:38 --------- d-----w C:\Program Files\Symantec
    2008-01-27 13:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-26 17:55 --------- d-----w C:\Documents and Settings\matthieu\Application Data\LimeWire
    2008-01-22 16:40 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-01-22 15:48 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Audacity
    2008-01-15 15:35 --------- d-----w C:\Documents and Settings\matthieu\Application Data\GlobalSCAPE
    2008-01-05 17:44 --------- d-----w C:\Program Files\MeuhMeuhTV Alpha
    2008-01-02 20:29 --------- d-----w C:\Documents and Settings\matthieu\Application Data\DAEMON Tools
    2008-01-02 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
    2007-12-29 14:09 --------- d-----w C:\Documents and Settings\matthieu\Application Data\ImgBurn
    2007-12-27 14:05 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Hamachi
    2007-12-27 12:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-12-27 12:31 --------- d-----w C:\Program Files\Hamachi
    2007-12-27 12:08 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-27 11:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec
    2007-12-27 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-12-26 14:48 --------- d-----w C:\Documents and Settings\Invité\Application Data\Symantec
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
    2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2006-11-17 17:27 2,532,922 ----a-w C:\WINDOWS\inf\SET263.tmp
    2006-11-17 17:27 2,532,922 ------w C:\WINDOWS\inf\SETE1.tmp
    2004-08-10 20:00 1,568,358 ----a-w C:\WINDOWS\inf\SET2D6.tmp
    2004-08-10 20:00 1,568,358 ----a-w C:\WINDOWS\inf\SET160.tmp
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
    "Steam"="c:\program files\steam\steam.exe" [2007-12-13 20:08 1266936]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
    "LaunchApp"="Alaunch" []
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 17:48 16208384 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 21:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 21:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 21:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 18:54 49152]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 13:40 413696]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 14:00 345088]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [ ]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "devenv"="C:\WINDOWS\system\smvss.exe" [ ]
    "msptlg"="C:\WINDOWS\ptlg.exe" [2008-02-20 15:19 1395357]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "NoIE4StubProcessing"="C:\WINDOWS\system32\reg.exe" [2004-08-10 21:00 53248]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-02-14 00:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    --a------ 2007-05-14 11:40 5304320 C:\Program Files\eMule\emule.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Nero\Nero8\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-08-16 15:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    --a------ 2005-05-11 16:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-12 14:04 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-12-13 20:08 1266936 c:\program files\steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 18:14]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-31 08:05]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-31 08:05]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-31 08:06]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-31 09:17]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-31 08:04]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-31 08:04]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
    R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 19:17]
    R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 16:10]
    S2 ptlg;ptlg;C:\WINDOWS\system32\ptlg.exe [2008-02-19 14:08]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-02-17 13:32]
    S3 Hauppauge WinTV-HVR-1110;Hauppauge WinTV-HVR-1110 PCI Card;C:\WINDOWS\system32\DRIVERS\HVR1110.sys [2006-05-25 02:15]
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31886479-deda-11dc-85a1-001921433ee8}]
    \Shell\AutoRun\command - K:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93077527-27be-11dc-83ef-001921433ee8}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

    *Newly Created Service* - GMER
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-15 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - admin.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
    "2007-12-09 17:20:02 C:\WINDOWS\Tasks\SesamTVMC.job"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 16:15:41
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-20 16:16:09
    ComboFix-quarantined-files.txt 2008-02-20 15:16:07
    .
    2008-02-20 12:46:35 --- E O F ---
    20 Février 2008 16:28:11

    Re,

    Copie le texte se situant dans le cadre ci-dessous :

    Driver::
    ptlg
    Boonty Games

    File::
    C:\WINDOWS\system32\ptlg.exe
    C:\Pos.sys
    C:\WINDOWS\sprmvr.exe

    Folder::
    C:\Program Files\OneStepSearch
    C:\Program Files\AskTBar
    C:\Program Files\BoontyGames
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Documents and Settings\All Users\Application Data\BOONTY
    C:\Program Files\Boonty

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"=-
    "devenv"=-
    "msptlg"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    20 Février 2008 16:45:37

    c est fais mais je n ai pas eu de rapport avec combot?

    voila celui de hijackthis:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:44, on 2008-02-20
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\program files\steam\steam.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/avcenter/fix_homepage...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 12974 bytes
    20 Février 2008 16:52:50

    Re,

    Relance Combofix normalement sans mon script, poste le rapport final.
    20 Février 2008 16:57:11

    ok le voila:


    ComboFix 08-02-20.2 - matthieu 2008-02-20 16:54:31.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1404 [GMT 1:00]
    Endroit: C:\Documents and Settings\matthieu\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\All Users\Application Data\BOONTY
    C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B4F5C000.dat
    C:\Pos.sys
    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar\History\search2
    C:\Program Files\AskTBar\PopSwatr\History\allowed
    C:\Program Files\AskTBar\PopSwatr\History\notallow
    C:\Program Files\Boonty
    C:\Program Files\Boonty\Components\Architecte_d_interieur_3D_Edition_2007_Telecharger(fr_2693){231907}.exe
    C:\Program Files\Boonty\Components\BoontyBox_01net_setup.exe.download
    C:\Program Files\BoontyGames
    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\OneStepSearch
    C:\Program Files\OneStepSearch\onestep.dll
    C:\Program Files\OneStepSearch\onestep.exe
    C:\WINDOWS\sprmvr.exe
    C:\WINDOWS\system32\ptlg.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_BOONTY_GAMES
    -------\LEGACY_PTLG
    -------\Boonty Games
    -------\ptlg




    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-20 15:40 . 2008-02-20 16:01 250 --a------ C:\WINDOWS\gmer.ini
    2008-02-20 15:19 . 2008-02-20 15:19 1,395,357 --a------ C:\WINDOWS\ptlg.exe
    2008-02-20 15:14 . 2008-02-20 15:14 <REP> d-------- C:\_OTMoveIt
    2008-02-20 13:23 . 2008-02-20 13:23 <REP> d-------- C:\WINDOWS\ERUNT
    2008-02-20 13:09 . 2008-02-20 13:09 238 --ah----- C:\aaw7boot.cmd
    2008-02-20 13:08 . 2008-02-19 23:41 <REP> d-------- C:\Program Files\SDFix
    2008-02-20 12:40 . 2008-02-20 12:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-20 12:20 . 2008-02-20 12:20 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-20 12:20 . 2008-02-20 12:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-20 12:20 . 2008-02-20 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-20 11:16 . 2008-02-20 11:16 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-20 11:16 . 2008-02-20 11:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-19 17:19 . 2008-02-19 17:19 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
    2008-02-19 14:08 . 2008-02-19 14:08 466,432 --a------ C:\WINDOWS\ IEXPLORE.EXE
    2008-02-19 13:06 . 2008-02-19 13:06 <REP> d-------- C:\Program Files\GUILD WARS
    2008-02-19 12:27 . 2008-02-19 12:27 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-02-19 11:53 . 2008-02-19 11:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-02-18 17:11 . 2008-02-19 17:26 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-18 17:11 . 2008-02-18 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-18 17:11 . 2008-02-19 17:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-18 16:54 . 2008-02-19 17:27 <REP> d-------- C:\Program Files\Wolfenstein - Enemy Territory
    2008-02-17 18:51 . 2008-02-19 13:16 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Abvent
    2008-02-17 18:51 . 2008-02-17 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Abvent
    2008-02-17 17:14 . 2007-08-21 15:21 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
    2008-02-15 21:52 . 2006-03-13 16:50 87,824 -ra------ C:\WINDOWS\system32\drivers\w300mgmt.sys
    2008-02-15 21:52 . 2006-03-13 16:50 85,696 -ra------ C:\WINDOWS\system32\drivers\w300obex.sys
    2008-02-15 21:51 . 2006-03-13 16:50 96,352 -ra------ C:\WINDOWS\system32\drivers\w300mdm.sys
    2008-02-15 21:51 . 2006-03-13 16:49 60,800 -ra------ C:\WINDOWS\system32\drivers\w300bus.sys
    2008-02-15 21:51 . 2006-03-13 16:50 9,264 -ra------ C:\WINDOWS\system32\drivers\w300mdfl.sys
    2008-02-15 21:51 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cmnt.sys
    2008-02-15 21:51 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cm.sys
    2008-02-15 21:51 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300whnt.sys
    2008-02-15 21:51 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300wh.sys
    2008-02-15 21:50 . 2008-02-15 21:50 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Teleca
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Program Files\Sony Ericsson
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-02-15 21:46 . 2008-02-15 21:47 <REP> d-------- C:\Program Files\Disc2Phone
    2008-02-07 17:40 . 2008-02-07 17:40 <REP> d-------- C:\Program Files\SiSoftware
    2008-02-04 20:05 . 2008-02-05 22:46 <REP> d-------- C:\Program Files\eMule Acceleration Patch
    2008-01-29 23:07 . 2008-01-29 23:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Nero
    2008-01-29 21:50 . 2008-02-20 16:41 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-29 21:45 . 2008-01-29 21:45 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Nero
    2008-01-29 21:43 . 2008-01-29 21:43 <REP> d-------- C:\Program Files\Nero
    2008-01-29 21:43 . 2008-02-17 12:08 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-01-29 21:43 . 2008-02-17 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-27 14:49 . 1997-04-18 11:49 298,496 --a------ C:\WINDOWS\unin040c.exe
    2008-01-27 14:48 . 2008-01-27 14:48 <REP> d-------- C:\Documents and Settings\matthieu\WINDOWS
    2008-01-27 14:45 . 2008-01-27 14:45 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 15:52 --------- d-----w C:\Program Files\Steam
    2008-02-20 15:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-02-20 15:22 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Audacity
    2008-02-20 15:00 --------- d-----w C:\Documents and Settings\matthieu\Application Data\teamspeak2
    2008-02-20 12:39 --------- d-----w C:\Program Files\eMule
    2008-02-20 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-19 10:01 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-16 07:32 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-08 17:12 --------- d-----w C:\Documents and Settings\matthieu\Application Data\EPSON
    2008-02-05 16:55 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Symantec
    2008-02-03 12:07 --------- d-----w C:\Program Files\TomTom HOME
    2008-02-03 12:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-03 12:03 --------- d-----w C:\Program Files\Corel
    2008-02-03 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
    2008-02-01 15:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-02-01 15:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-02-01 15:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-02-01 15:38 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-02-01 15:38 --------- d-----w C:\Program Files\Symantec
    2008-01-27 13:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-26 17:55 --------- d-----w C:\Documents and Settings\matthieu\Application Data\LimeWire
    2008-01-22 16:40 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-01-15 15:35 --------- d-----w C:\Documents and Settings\matthieu\Application Data\GlobalSCAPE
    2008-01-05 17:44 --------- d-----w C:\Program Files\MeuhMeuhTV Alpha
    2008-01-02 20:29 --------- d-----w C:\Documents and Settings\matthieu\Application Data\DAEMON Tools
    2008-01-02 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
    2007-12-29 14:09 --------- d-----w C:\Documents and Settings\matthieu\Application Data\ImgBurn
    2007-12-27 14:05 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Hamachi
    2007-12-27 12:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-12-27 12:31 --------- d-----w C:\Program Files\Hamachi
    2007-12-27 12:08 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-27 11:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec
    2007-12-27 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-12-26 14:48 --------- d-----w C:\Documents and Settings\Invité\Application Data\Symantec
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
    2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2006-11-17 17:27 2,532,922 ----a-w C:\WINDOWS\inf\SET263.tmp
    2006-11-17 17:27 2,532,922 ------w C:\WINDOWS\inf\SETE1.tmp
    2004-08-10 20:00 1,568,358 ----a-w C:\WINDOWS\inf\SET2D6.tmp
    2004-08-10 20:00 1,568,358 ----a-w C:\WINDOWS\inf\SET160.tmp
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
    "Steam"="c:\program files\steam\steam.exe" [2007-12-13 20:08 1266936]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
    "LaunchApp"="Alaunch" []
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 17:48 16208384 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 21:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 21:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 21:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 18:54 49152]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 13:40 413696]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 14:00 345088]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [ ]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-02-14 00:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    --a------ 2007-05-14 11:40 5304320 C:\Program Files\eMule\emule.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Nero\Nero8\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-08-16 15:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    --a------ 2005-05-11 16:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-12 14:04 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-12-13 20:08 1266936 c:\program files\steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 18:14]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-31 08:05]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-31 08:05]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-31 08:06]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-31 09:17]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-31 08:04]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-31 08:04]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
    R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 19:17]
    R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 16:10]
    S3 Hauppauge WinTV-HVR-1110;Hauppauge WinTV-HVR-1110 PCI Card;C:\WINDOWS\system32\DRIVERS\HVR1110.sys [2006-05-25 02:15]
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31886479-deda-11dc-85a1-001921433ee8}]
    \Shell\AutoRun\command - K:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93077527-27be-11dc-83ef-001921433ee8}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-15 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - admin.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
    "2007-12-09 17:20:02 C:\WINDOWS\Tasks\SesamTVMC.job"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 16:55:37
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-20 16:56:06
    ComboFix-quarantined-files.txt 2008-02-20 15:56:04
    ComboFix2.txt 2008-02-20 15:16:10
    .
    2008-02-20 12:46:35 --- E O F ---
    20 Février 2008 17:01:28

    Re,

    Supprime C:\WINDOWS\ptlg.exe (en mode sans échec s'il le faut)

    Reposte un Hijack
    20 Février 2008 17:03:49

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:03:31, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\program files\steam\steam.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/avcenter/fix_homepage...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
    O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 13000 bytes
    20 Février 2008 17:05:16

    re
    je reste confiant apres tout ca car apres le redemarge je n ai toujours pas eu cette pub depuis 10 minutes:) 
    et encore merci a toi
    20 Février 2008 17:07:18

    Je ne comprends pas pourquoi certaines lignes sont encore présentes :o 

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/ [...] _homepage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
    O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

    Puis Fix Checked !

    ********

    Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
    Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
    Double-clic sur clean.cmd. (L%u2019extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
    Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.
    Le rapport se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
    20 Février 2008 17:12:01

    c est le rapport hijacktis apres avoir supprimer ces 8 fichiers:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:11:34, on 20/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\program files\steam\steam.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/region/fr/avcenter/fix_homepage...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 12292 bytes
    20 Février 2008 17:17:48

    Le meilleur antivirus est Kaspersky Internet Security 7.0.1.321 !
    Sinon si tu as toujours ces pubs télécharge un bloqueur de pop up pour le moment !

    Salut, et bonne chance !
    20 Février 2008 17:20:28

    en effet j ai ce fichier je l envoi au site...

    Sinon quel est le meilleur antivirus XmichouX?
    20 Février 2008 17:23:45

    le fichier upload_moi est tres long a envoyer...
    pourquoi faut il envoyer des fichiers comme ca?
    il contient un virus?
    20 Février 2008 20:07:54

    Re,

    Sélectionne l%u2019intégralité du cadre ci-dessous :
    REGEDIT4

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    "msptlg"=-

    Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Enregistre le sous sur ton bureau sous le nom de Correction.reg
    Double-clique dessus, accepte l%u2019inscription des données.

    J'attends le rapport Clean.
    C:\rapport_clean.txt
    Ne l'upload pas, ça ne marche pas.
    21 Février 2008 10:16:28

    c est le rapport Clean:

    21/02/2008 a 10:13:23,28

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    21 Février 2008 13:25:36

    Reposte un HIjackthis !
    21 Février 2008 14:13:21

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:13:10, on 21/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKLM\..\Run: [msptlg] C:\WINDOWS\ptlg.exe
    O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SBD.tmp" /EF "HKLM"
    O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
    O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvrol.dll,startup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 11913 bytes
    21 Février 2008 14:28:35

    j ai unn second probleme maintenant une alert windows d un spyware

    que doitje faire c est tres desagreable.

    sinon je ne recoit plus aucune pub.
    21 Février 2008 14:30:51

    j ai ensuite une seconde alerte:

    21 Février 2008 15:52:36

    Tout est revenu ...

    Télécharge Combofix (de sUBs) sur ton Bureau.

    Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : C:\Combofix.txt
    21 Février 2008 18:27:58

    rapport CombotFix:

    ComboFix 08-02-20.2 - matthieu 2008-02-21 18:25:30.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1415 [GMT 1:00]
    Endroit: C:\Documents and Settings\matthieu\Mes documents\Mes fichiers reçus\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\awtqpmm.dll
    C:\WINDOWS\system32\ssttu.dll
    C:\WINDOWS\system32\uttss.ini
    C:\WINDOWS\system32\uttss.ini2
    C:\WINDOWS\system32\winmty32.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-21 13:48 . 2008-02-21 13:48 17,408 --a------ C:\WINDOWS\system32\drvrol.dll
    2008-02-21 11:39 . 2008-02-21 11:38 34,816 --a------ C:\WINDOWS\system\smvss.exe
    2008-02-21 11:34 . 2008-02-21 11:33 22,528 --a------ C:\WINDOWS\system32\winzoa32.dll
    2008-02-21 10:13 . 2008-02-21 10:13 29,725,415 --a------ C:\upload_moi_ACER-DC6C4D74B4.tar.gz
    2008-02-20 15:40 . 2008-02-20 16:01 250 --a------ C:\WINDOWS\gmer.ini
    2008-02-20 15:14 . 2008-02-20 15:14 <REP> d-------- C:\_OTMoveIt
    2008-02-20 13:23 . 2008-02-20 13:23 <REP> d-------- C:\WINDOWS\ERUNT
    2008-02-20 13:09 . 2008-02-20 13:09 238 --ah----- C:\aaw7boot.cmd
    2008-02-20 13:08 . 2008-02-19 23:41 <REP> d-------- C:\Program Files\SDFix
    2008-02-20 12:40 . 2008-02-20 12:40 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-20 12:20 . 2008-02-20 12:20 <REP> d-------- C:\Program Files\Lavasoft
    2008-02-20 12:20 . 2008-02-20 12:20 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-20 12:20 . 2008-02-20 12:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-20 11:16 . 2008-02-20 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-19 17:19 . 2008-02-19 17:19 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
    2008-02-19 14:08 . 2008-02-19 14:08 466,432 --a------ C:\WINDOWS\ IEXPLORE.EXE
    2008-02-19 13:06 . 2008-02-19 13:06 <REP> d-------- C:\Program Files\GUILD WARS
    2008-02-19 12:27 . 2008-02-19 12:27 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-02-19 11:53 . 2008-02-19 11:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-02-18 17:11 . 2008-02-19 17:26 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2008-02-18 17:11 . 2008-02-18 17:11 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2008-02-18 17:11 . 2008-02-19 17:27 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-02-18 16:54 . 2008-02-19 17:27 <REP> d-------- C:\Program Files\Wolfenstein - Enemy Territory
    2008-02-17 18:51 . 2008-02-19 13:16 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Abvent
    2008-02-17 18:51 . 2008-02-17 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Abvent
    2008-02-17 17:14 . 2007-08-21 15:21 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
    2008-02-15 21:52 . 2006-03-13 16:50 87,824 -ra------ C:\WINDOWS\system32\drivers\w300mgmt.sys
    2008-02-15 21:52 . 2006-03-13 16:50 85,696 -ra------ C:\WINDOWS\system32\drivers\w300obex.sys
    2008-02-15 21:51 . 2006-03-13 16:50 96,352 -ra------ C:\WINDOWS\system32\drivers\w300mdm.sys
    2008-02-15 21:51 . 2006-03-13 16:49 60,800 -ra------ C:\WINDOWS\system32\drivers\w300bus.sys
    2008-02-15 21:51 . 2006-03-13 16:50 9,264 -ra------ C:\WINDOWS\system32\drivers\w300mdfl.sys
    2008-02-15 21:51 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cmnt.sys
    2008-02-15 21:51 . 2006-03-13 16:49 6,208 -ra------ C:\WINDOWS\system32\drivers\w300cm.sys
    2008-02-15 21:51 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300whnt.sys
    2008-02-15 21:51 . 2006-03-13 16:50 5,840 -ra------ C:\WINDOWS\system32\drivers\w300wh.sys
    2008-02-15 21:50 . 2008-02-15 21:50 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Teleca
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Program Files\Sony Ericsson
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
    2008-02-15 21:48 . 2008-02-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2008-02-15 21:46 . 2008-02-15 21:47 <REP> d-------- C:\Program Files\Disc2Phone
    2008-02-07 17:40 . 2008-02-07 17:40 <REP> d-------- C:\Program Files\SiSoftware
    2008-02-04 20:05 . 2008-02-05 22:46 <REP> d-------- C:\Program Files\eMule Acceleration Patch
    2008-01-29 23:07 . 2008-01-29 23:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Nero
    2008-01-29 21:50 . 2008-02-21 18:18 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-29 21:45 . 2008-01-29 21:45 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Nero
    2008-01-29 21:43 . 2008-01-29 21:43 <REP> d-------- C:\Program Files\Nero
    2008-01-29 21:43 . 2008-02-17 12:08 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-01-29 21:43 . 2008-02-17 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-27 14:49 . 1997-04-18 11:49 298,496 --a------ C:\WINDOWS\unin040c.exe
    2008-01-27 14:48 . 2008-01-27 14:48 <REP> d-------- C:\Documents and Settings\matthieu\WINDOWS
    2008-01-27 14:45 . 2008-01-27 14:45 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-21 17:17 --------- d-----w C:\Program Files\Steam
    2008-02-21 17:09 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-02-21 16:14 --------- d-----w C:\Program Files\eMule
    2008-02-20 15:22 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Audacity
    2008-02-20 15:00 --------- d-----w C:\Documents and Settings\matthieu\Application Data\teamspeak2
    2008-02-20 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-02-19 10:01 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-16 07:32 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-08 17:12 --------- d-----w C:\Documents and Settings\matthieu\Application Data\EPSON
    2008-02-05 16:55 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Symantec
    2008-02-03 12:07 --------- d-----w C:\Program Files\TomTom HOME
    2008-02-03 12:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-03 12:03 --------- d-----w C:\Program Files\Corel
    2008-02-03 12:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
    2008-02-01 15:38 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-02-01 15:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-02-01 15:38 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-02-01 15:38 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-02-01 15:38 --------- d-----w C:\Program Files\Symantec
    2008-01-27 13:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-26 17:55 --------- d-----w C:\Documents and Settings\matthieu\Application Data\LimeWire
    2008-01-22 16:40 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-01-15 15:35 --------- d-----w C:\Documents and Settings\matthieu\Application Data\GlobalSCAPE
    2008-01-05 17:44 --------- d-----w C:\Program Files\MeuhMeuhTV Alpha
    2008-01-02 20:29 --------- d-----w C:\Documents and Settings\matthieu\Application Data\DAEMON Tools
    2008-01-02 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
    2007-12-29 14:09 --------- d-----w C:\Documents and Settings\matthieu\Application Data\ImgBurn
    2007-12-27 14:05 --------- d-----w C:\Documents and Settings\matthieu\Application Data\Hamachi
    2007-12-27 12:31 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-12-27 12:31 --------- d-----w C:\Program Files\Hamachi
    2007-12-27 12:08 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-27 11:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec
    2007-12-27 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-12-26 14:48 --------- d-----w C:\Documents and Settings\Invité\Application Data\Symantec
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
    2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    2006-11-17 17:27 2,532,922 ----a-w C:\WINDOWS\inf\SET263.tmp
    2006-11-17 17:27 2,532,922 ------w C:\WINDOWS\inf\SETE1.tmp
    2004-08-10 20:00 1,568,358 ----a-w C:\WINDOWS\inf\SET2D6.tmp
    2004-08-10 20:00 1,568,358 ----a-w C:\WINDOWS\inf\SET160.tmp
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
    "Steam"="c:\program files\steam\steam.exe" [2007-12-13 20:08 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
    "LaunchApp"="Alaunch" []
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 17:48 16208384 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 21:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 21:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 21:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 18:54 49152]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 13:40 413696]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 14:00 345088]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08 52840]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
    "nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [ ]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
    "msptlg"="C:\WINDOWS\ptlg.exe" [ ]
    "devenv"="C:\WINDOWS\system\smvss.exe" [2008-02-21 11:38 34816]
    "MSDisp32"="C:\WINDOWS\system32\drvrol.dll" [2008-02-21 13:48 17408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{182C7ED7-E56D-4509-9D9B-AC49318D9895}"= C:\WINDOWS\system32\awtqpmm.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-02-14 00:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
    --a------ 2007-05-14 11:40 5304320 C:\Program Files\eMule\emule.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    C:\Program Files\Nero\Nero8\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-08-16 15:19 5728112 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    --a------ 2005-05-11 16:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-12 14:04 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-12-13 20:08 1266936 c:\program files\steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 15:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 18:14]
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys [2006-01-31 08:05]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2006-01-31 08:05]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys [2006-01-31 08:06]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys [2006-01-31 09:17]
    R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2006-01-31 08:04]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys [2006-01-31 08:04]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
    R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 19:17]
    R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 16:10]
    S3 Hauppauge WinTV-HVR-1110;Hauppauge WinTV-HVR-1110 PCI Card;C:\WINDOWS\system32\DRIVERS\HVR1110.sys [2006-05-25 02:15]
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31886479-deda-11dc-85a1-001921433ee8}]
    \Shell\AutoRun\command - K:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93077527-27be-11dc-83ef-001921433ee8}]
    \Shell\AutoRun\command - J:\InstallTomTomHOME.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-15 19:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - admin.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
    "2007-12-09 17:20:02 C:\WINDOWS\Tasks\SesamTVMC.job"
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-21 18:26:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-21 18:27:17
    ComboFix-quarantined-files.txt 2008-02-21 17:27:14
    ComboFix2.txt 2008-02-20 15:56:07
    ComboFix3.txt 2008-02-20 15:16:10
    .
    2008-02-21 12:51:21 --- E O F ---
    21 Février 2008 19:42:55

    Copie le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\drvrol.dll
    C:\WINDOWS\system\smvss.exe
    C:\WINDOWS\system32\winzoa32.dll
    C:\upload_moi_ACER-DC6C4D74B4.tar.gz
    C:\WINDOWS\unin040c.exe
    C:\WINDOWS\ptlg.exe
    C:\WINDOWS\system32\awtqpmm.dll

    Folder::
    C:\_OTMoveIt

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msptlg"=-
    "devenv"=-
    "MSDisp32"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{182C7ED7-E56D-4509-9D9B-AC49318D9895}"=-


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    S'il n'y a pas de rédémarrage, poste quand même les rapports.
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS