Se connecter / S'enregistrer
Votre question

Message d 'erreur " C:\WINDOWS\eksplorasi.exe

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Février 2008 17:17:41

voila mon probleme le Message d 'erreur " C:\WINDOWS\eksplorasi.exe
s'afiche a chaque demarage, que dois je faire pour que cela s'arete?

Autres pages sur : message erreur windows eksplorasi exe

a b 8 Sécurité
16 Février 2008 18:53:04

Un bonjour ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
16 Février 2008 21:44:48

bonjour ^^,merci pour cette aide et cette reponse
voici le fameux rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:36, on 17/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\d3e2cd1aa350dfdef90c91dfc8e90f2d\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr3.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nouveau dossier
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Principal AntiVirus (RspAVService) - Unknown owner - C:\WINDOWS\system32\rspavsvc.exe (file missing)
O23 - Service: RTT CRC Service (RTT_CRC_Service) - Unknown owner - C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe

--
End of file - 8579 bytes


j'espere qu'un pro comme toi poura m'aider!!!!
Contenus similaires
17 Février 2008 12:17:40

alors personne ne peut m'aider?:s
a b 8 Sécurité
17 Février 2008 13:18:13

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    17 Février 2008 14:55:31

    merci pour combofix!
    voila son raport:
    ComboFix 08-02-17.2 - Propriétaire 2008-02-18 14:27:54.1 - NTFSx86
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-18 14:22 . 2008-02-18 14:22 6,736 --a------ C:\WINDOWS\SYSTEM32\drivers\PROCEXP90.SYS
    2008-02-18 00:13 . 2008-02-18 00:13 <REP> d-------- C:\WINDOWS\Sun
    2008-02-17 22:28 . 2008-02-17 22:28 <REP> d-------- C:\Program Files\Lavalys
    2008-02-17 22:03 . 2008-02-17 22:16 <REP> d-------- C:\Program Files\Jetico
    2008-02-17 21:40 . 2008-02-17 21:40 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-02-17 21:02 . 2008-02-17 21:10 <REP> d-------- C:\Program Files\Navilog1
    2008-02-17 20:17 . 2008-02-17 20:17 0 --a------ C:\WINDOWS\nsreg.dat
    2008-02-17 17:55 . 2008-02-17 17:55 <REP> d-------- C:\Program Files\Avira
    2008-02-17 17:55 . 2008-02-17 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-17 17:07 . 2008-02-17 17:07 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-17 14:04 . 2008-02-17 14:04 170 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
    2008-02-16 01:47 . 2008-02-16 01:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
    2008-02-16 01:42 . 2008-02-16 01:42 <REP> d-------- C:\Program Files\VideoLAN
    2008-02-16 00:37 . 2008-02-16 00:37 <REP> d-------- C:\WINDOWS\SYSTEM32\bits
    2008-02-15 23:48 . 2008-02-15 23:48 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-02-15 23:42 . 2002-08-29 11:45 4,331,008 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
    2008-02-15 23:42 . 2002-08-29 11:45 2,150,912 --a------ C:\WINDOWS\SYSTEM32\zipfldr.dll
    2008-02-15 23:40 . 2002-08-29 11:45 2,290,176 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
    2008-02-15 23:40 . 2002-08-29 11:45 894,976 --a------ C:\WINDOWS\SYSTEM32\sysdm.cpl
    2008-02-15 23:40 . 2001-08-24 01:47 875,008 --a------ C:\WINDOWS\SYSTEM32\sysocmgr.exe
    2008-02-15 23:40 . 2002-08-29 11:45 677,376 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
    2008-02-15 23:40 . 2001-08-24 01:47 601,088 --a------ C:\WINDOWS\SYSTEM32\sndvol32.exe
    2008-02-15 23:40 . 2001-08-24 01:47 408,576 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
    2008-02-15 23:36 . 2002-08-29 11:45 2,686,976 --a------ C:\WINDOWS\explorer.exe
    2008-02-15 23:36 . 2001-08-24 01:47 1,383,936 --a------ C:\WINDOWS\SYSTEM32\fontext.dll
    2008-02-15 23:36 . 2002-08-29 11:45 1,123,328 --a------ C:\WINDOWS\SYSTEM32\appwiz.cpl
    2008-02-15 23:36 . 2001-08-24 01:47 1,035,264 --a------ C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    2008-02-15 23:36 . 2001-08-24 01:47 548,864 --a------ C:\WINDOWS\SYSTEM32\cleanmgr.exe
    2008-02-15 23:36 . 2001-08-24 01:47 537,088 --a------ C:\WINDOWS\SYSTEM32\cmd.exe
    2008-02-15 23:36 . 2002-08-29 11:45 420,352 --a------ C:\WINDOWS\SYSTEM32\desk.cpl
    2008-02-15 23:36 . 2002-08-29 11:44 331,776 --a------ C:\WINDOWS\SYSTEM32\credui.dll
    2008-02-15 23:36 . 2001-08-24 01:47 266,240 --a------ C:\WINDOWS\SYSTEM32\calc.exe
    2008-02-15 23:36 . 2001-08-24 01:47 218,112 --a------ C:\WINDOWS\SYSTEM32\console.dll
    2008-02-15 23:36 . 2001-08-24 01:47 205,824 --a------ C:\WINDOWS\SYSTEM32\access.cpl
    2008-02-15 23:10 . 2008-02-15 23:13 <REP> d-------- C:\WINDOWS\Packs
    2008-02-15 22:43 . 2005-03-02 19:17 2,044,416 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
    2008-02-15 22:43 . 2005-03-02 19:17 1,959,424 --a------ C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
    2008-02-15 22:41 . 2004-07-09 03:27 974,848 --a------ C:\WINDOWS\SYSTEM32\dxdiag.exe
    2008-02-15 22:40 . 2005-07-26 05:38 1,190,400 --a------ C:\WINDOWS\SYSTEM32\ole32.dll
    2008-02-15 22:39 . 2006-08-25 16:54 561,664 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
    2008-02-15 22:39 . 2001-08-24 01:47 446,976 --a------ C:\WINDOWS\SYSTEM32\certmgr.dll
    2008-02-15 22:39 . 2001-08-24 01:47 359,936 --a------ C:\WINDOWS\SYSTEM32\cards.dll
    2008-02-15 22:39 . 2002-08-29 11:44 333,824 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
    2008-02-15 22:39 . 2001-08-24 01:47 166,400 --a------ C:\WINDOWS\SYSTEM32\ciadmin.dll
    2008-02-15 22:39 . 2001-08-24 01:44 72,192 --a------ C:\WINDOWS\SYSTEM32\acctres.dll
    2008-02-15 22:39 . 2001-08-24 01:47 36,864 --a------ C:\WINDOWS\SYSTEM32\odbccp32.cpl
    2008-02-15 22:39 . 2001-08-24 01:46 27,136 --a------ C:\WINDOWS\SYSTEM32\batmeter.dll
    2008-02-15 22:39 . 2002-08-29 11:44 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
    2008-02-15 22:19 . 2008-02-15 22:19 268 --ah----- C:\sqmdata04.sqm
    2008-02-15 22:19 . 2008-02-15 22:19 244 --ah----- C:\sqmnoopt04.sqm
    2008-02-15 21:17 . 2002-08-29 11:45 204,288 --a------ C:\WINDOWS\SYSTEM32\uxtheme.backup
    2008-02-15 20:08 . 2008-02-15 20:08 <REP> d-------- C:\toto
    2008-02-15 18:57 . 2008-02-15 18:57 <REP> d-------- C:\Program Files\Alwil Software
    2008-02-15 17:48 . 2008-02-15 17:48 479 --a------ C:\WINDOWS\Raccourci vers VBS.lnk
    2008-02-15 16:32 . 2008-02-15 16:32 <REP> d-------- C:\WINDOWS\SYSTEM32\LogFiles
    2008-02-15 16:07 . 2008-02-15 16:49 <REP> d-------- C:\Program Files\Microsoft Bootvis
    2008-02-15 12:21 . 2008-02-15 11:41 368,640 --a------ C:\WINDOWS\VOBSUB.DLL
    2008-02-15 11:52 . 2008-02-15 11:52 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Uniblue
    2008-02-14 21:43 . 2008-02-14 21:43 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Search Settings
    2008-02-14 21:40 . 2008-02-14 21:40 <REP> d-------- C:\Program Files\Search Settings
    2008-02-14 21:37 . 2008-02-14 21:37 0 --ah----- C:\WINDOWS\SwSys2.bmp
    2008-02-14 21:37 . 2008-02-14 21:37 0 --ah----- C:\WINDOWS\SwSys1.bmp
    2008-02-14 21:34 . 2008-02-18 14:05 <REP> d-------- C:\Program Files\Piolet
    2008-02-14 17:56 . 2008-02-14 17:56 <REP> d-------- C:\Program Files\uTorrent
    2008-02-14 17:56 . 2008-02-18 14:46 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
    2008-02-13 17:15 . 2008-02-13 17:15 268 --ah----- C:\sqmdata03.sqm
    2008-02-13 17:15 . 2008-02-13 17:15 244 --ah----- C:\sqmnoopt03.sqm
    2008-02-13 17:04 . 2008-02-13 19:49 <REP> d-------- C:\Incomplete
    2008-02-13 01:18 . 2008-02-13 01:34 <REP> d-------- C:\e9f8cae94798bccf0267
    2008-02-12 18:09 . 2008-02-12 18:09 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-02-12 17:58 . 2008-02-17 20:39 <REP> d-------- C:\Program Files\Yahoo!
    2008-02-12 17:56 . 2008-02-12 18:01 <REP> d-------- C:\Program Files\CCleaner
    2008-02-12 13:06 . 2004-08-03 22:43 20,480 --a------ C:\WINDOWS\SYSTEM32\sprecovr.exe
    2008-02-12 12:50 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\003623_.tmp
    2008-02-12 12:37 . 2002-08-29 11:44 155,648 --a------ C:\WINDOWS\SYSTEM32\encdec.dll
    2008-02-12 12:37 . 2002-08-28 23:16 21,343 --a------ C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys
    2008-02-12 12:37 . 2002-08-28 23:16 12,047 --a------ C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys
    2008-02-12 12:37 . 2002-08-28 23:16 11,615 --a------ C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys
    2008-02-12 12:37 . 2002-08-29 11:30 3,584 --a------ C:\WINDOWS\SYSTEM32\dsprpres.dll
    2008-02-12 12:35 . 2002-08-29 12:04 844,675 --a------ C:\WINDOWS\SYSTEM32\ati3d1ag.dll
    2008-02-12 12:35 . 2002-08-29 11:24 450,432 --a------ C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys
    2008-02-12 12:35 . 2002-08-29 11:24 327,168 --a------ C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys
    2008-02-12 12:35 . 2002-08-29 11:44 172,032 --a------ C:\WINDOWS\SYSTEM32\mssap.dll
    2008-02-12 12:35 . 2002-08-28 23:16 56,591 --a------ C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys
    2008-02-12 12:35 . 2002-08-29 01:32 6,912 --a------ C:\WINDOWS\SYSTEM32\drivers\hidir.sys
    2008-02-12 12:34 . 2002-08-29 01:11 162,304 --a------ C:\WINDOWS\SYSTEM32\msctfime.ime
    2008-02-12 12:34 . 2002-08-28 23:16 36,463 --a------ C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys
    2008-02-12 12:34 . 2002-08-29 11:45 31,263 --a------ C:\WINDOWS\SYSTEM32\ativmvxx.ax
    2008-02-12 12:34 . 2002-08-28 23:16 29,455 --a------ C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys
    2008-02-12 12:34 . 2002-08-28 23:16 26,367 --a------ C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys
    2008-02-12 12:34 . 2002-08-29 01:32 19,328 --a------ C:\WINDOWS\SYSTEM32\drivers\usbehci.sys
    2008-02-12 12:34 . 2002-08-29 11:45 18,944 --a------ C:\WINDOWS\SYSTEM32\faxpatch.exe
    2008-02-12 12:34 . 2002-08-29 01:28 13,056 --a------ C:\WINDOWS\SYSTEM32\drivers\wacompen.sys
    2008-02-12 12:34 . 2002-08-29 01:28 11,904 --a------ C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys
    2008-02-12 12:34 . 2002-08-29 11:45 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
    2008-02-12 12:33 . 2004-03-10 19:01 608,256 --a------ C:\WINDOWS\SYSTEM32\dllcache\xpsp2res.dll
    2008-02-12 12:33 . 2002-08-29 11:23 115,712 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
    2008-02-12 12:33 . 2002-08-28 23:16 63,663 --a------ C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys
    2008-02-12 12:33 . 2002-08-29 01:08 27,648 --a------ C:\WINDOWS\SYSTEM32\pidgen.dll
    2008-02-12 12:32 . 2004-07-01 23:08 360,960 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 19:40 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
    2008-02-17 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-17 19:34 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-15 21:47 --------- d-----w C:\Program Files\Google
    2008-02-15 21:31 --------- d-----w C:\Program Files\Canon
    2008-02-15 20:17 204,288 ----a-w C:\WINDOWS\SYSTEM32\uxtheme.dll
    2008-02-13 16:49 3,545,425 ----a-w C:\Program Files\for my peace.mp3
    2008-02-13 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-12 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-12 17:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-10 14:58 --------- d-----w C:\Program Files\Services en ligne
    2008-02-10 09:34 --------- d-----w C:\Program Files\PCProtector
    2008-02-09 21:35 --------- d-----w C:\Program Files\Java
    2008-02-09 20:33 --------- d-----w C:\Program Files\QuickTime
    2008-02-09 20:29 --------- d-----w C:\Program Files\Vertrix 2
    2008-02-09 20:29 --------- d-----w C:\Program Files\Tcl
    2008-02-09 10:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
    2008-02-08 22:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-21 21:10 --------- d-----w C:\Program Files\DivXMachine II
    2008-01-16 13:02 24,626 ----a-w C:\WINDOWS\SYSTEM32\ScrrnES.dll
    2008-01-16 13:02 1,376,528 ----a-w C:\WINDOWS\SYSTEM32\msvbvm60.dll
    2008-01-12 15:26 --------- d-----w C:\Program Files\R-TT
    2008-01-12 13:34 118,784 ----a-w C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
    2008-01-12 12:05 --------- d-----w C:\Program Files\ewido
    2008-01-12 11:34 65,536 ----a-w C:\WINDOWS\VIPunins.exe
    2008-01-12 11:32 995,383 ----a-w C:\WINDOWS\SYSTEM32\MFCTB.DLL
    2008-01-12 11:32 290,869 ----a-w C:\WINDOWS\SYSTEM32\MSVCTB.DLL
    2008-01-11 20:50 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
    2008-01-11 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-11 19:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
    2007-12-30 15:52 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
    1998-09-29 12:56 10,000 -c--a-w C:\WINDOWS\INF\unregpn.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
    2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2000-07-19 08:00 180279]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-08 18:52 171448]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 08:04 52736]
    "KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 13:56 61440]
    "NvCplDaemon"="NvQTwk" []
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 16:25 143360]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 15:36 90112]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2001-07-03 13:13 81920]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 14:14 311350]
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 03:01 28739]
    "PCTVOICE"="pctspk.exe" [2001-08-01 17:37 155648 C:\WINDOWS\SYSTEM32\pctspk.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
    "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
    "JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe" [2008-02-01 10:41 418544]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]

    C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    Y'z Toolbar.lnk - C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2008-02-15 23:47:13 90112]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [2001-09-26 19:42:50 16384]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:56 65588]

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    R1 bc_hash_f;BC_HASH_Filter;C:\WINDOWS\System32\drivers\bc_hash_f.sys [2008-02-01 10:43]
    R3 BcfilterMP;BcfilterMP;C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2008-02-01 10:43]
    S1 RFW;R-Firewall Kernel Driver;C:\WINDOWS\System32\rfwnt.sys []
    S2 Jetico Personal Firewall server;Jetico Personal Firewall server;"C:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe" [2008-02-01 10:42]
    S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-01 17:37]
    S2 SetupNT;SetupNT;C:\WINDOWS\System32\SetupNT.sys []
    S3 ADBLOCK.DLL;R-Firewall Plugin(ADBLOCK.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\ADBLOCK.DLL [2005-01-13 17:09]
    S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2008-02-01 10:43]
    S3 CONTENT.DLL;R-Firewall Plugin(CONTENT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\CONTENT.DLL [2005-01-13 17:09]
    S3 DNSCACHE.DLL;R-Firewall Plugin(DNSCACHE.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\DNSCACHE.DLL [2005-01-13 17:08]
    S3 FTPFILT.DLL;R-Firewall Plugin(FTPFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\FTPFILT.DLL [2005-01-13 17:09]
    S3 HTMLFILT.DLL;R-Firewall Plugin(HTMLFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\HTMLFILT.DLL [2005-01-13 17:09]
    S3 httpfilt.dll;R-Firewall Plugin(httpfilt.dll);C:\Program Files\R-TT\R-Firewall\Kernel\httpfilt.dll [2005-01-13 17:09]
    S3 IMAPFILT.DLL;R-Firewall Plugin(IMAPFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\IMAPFILT.DLL [2005-01-13 17:09]
    S3 MAILFILT.DLL;R-Firewall Plugin(MAILFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\MAILFILT.DLL [2005-01-13 17:09]
    S3 NNTPFILT.DLL;R-Firewall Plugin(NNTPFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\NNTPFILT.DLL [2005-01-13 17:09]
    S3 POP3FILT.DLL;R-Firewall Plugin(POP3FILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\POP3FILT.DLL [2005-01-13 17:09]
    S3 PROTECT.DLL;R-Firewall Plugin(PROTECT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\PROTECT.DLL [2005-01-13 17:09]
    S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 20:28]
    S3 rspAV;rspAV;C:\WINDOWS\System32\rspav.sys []
    S3 RspAVService;Principal AntiVirus;"C:\WINDOWS\system32\rspavsvc.exe" []
    S3 RTT_CRC_Service;RTT CRC Service;C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe [2004-09-24 17:02]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\w300bus.sys [2006-03-13 15:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w300obex.sys [2006-03-13 15:50]

    *Newly Created Service* - BCFTDI
    *Newly Created Service* - BC_HASH_F
    *Newly Created Service* - BC_IP_F
    *Newly Created Service* - BC_NGN
    *Newly Created Service* - BC_PAT_F
    *Newly Created Service* - BC_PRT_F
    *Newly Created Service* - BC_TDI_F
    *Newly Created Service* - JETICO_PERSONAL_FIREWALL_SERVER
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2002-05-26 18:30:13 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2002-05-28 12:30:12 C:\WINDOWS\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2002-05-25 12:39:14 C:\WINDOWS\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2002-05-25 12:39:13 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2007-10-27 12:58:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    "2008-02-15 08:00:01 C:\WINDOWS\Tasks\XoftSpy.job"
    - C:\Program Files\XoftSpy\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-18 14:44:13
    Windows 5.1.2600 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-18 14:49:54
    .
    2008-02-17 21:10:34 --- E O F ---
    a b 8 Sécurité
    17 Février 2008 15:49:03

    On va faire un petit ménage avant de continuer.

    Télécharge ewido anti-spyware micro scanner sur ton bureau.
  • Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  • Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  • Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  • Clique sur Start Scan et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.

    Nb : ne clique pas tout de suite sur Remove infections; nous devons nous assurer que toutes les détections soient infectieuses car certains utilitaires légitimes pourraient apparaître dans le rapport.
    17 Février 2008 21:13:46

    bien ,j'ai suivi tes instructions a la lettre et voici le rapport:
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Adware.Generic
    Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\S-1-5-21-2969962186-3689853989-222395546-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.12:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.13:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.14:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.15:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.16:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.17:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.18:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.19:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Bluestreak
    Path: :mozilla.20:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    j'espere que tu pourra encore me donner un coup de pouce ^^
    a b 8 Sécurité
    17 Février 2008 21:20:45

    Re,

  • Clique sur Remove infections
  • Au message d'avertissement, clique sur Ok et laisse l'outil travailler.
  • Quand l'outil à fini, clique sur Save Report et sauvegarde le rapport sur ton bureau.
  • Poste le dans ta prochaine réponse.

    &

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Folder::
    C:\Program Files\Search Settings

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    18 Février 2008 14:02:31

    salut, voila donc le rapport d'ewido:
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Adware.Generic
    Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\S-1-5-21-2969962186-3689853989-222395546-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: Adware.Generic
    Path: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Risk: Medium

    Name: TrackingCookie.Mediaplex
    Path: :mozilla.18:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.22:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.23:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.24:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Smartadserver
    Path: :mozilla.25:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: :mozilla.27:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: :mozilla.28:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: :mozilla.29:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: :mozilla.30:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: :mozilla.31:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Adrevolver
    Path: :mozilla.32:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Bluestreak
    Path: :mozilla.33:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Atdmt
    Path: :mozilla.38:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.62:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.63:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.64:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Advertising
    Path: :mozilla.65:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Estat
    Path: :mozilla.83:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    Name: TrackingCookie.Overture
    Path: :mozilla.88:C:\Documents and Settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\aq7jkngh.default\cookies.txt
    Risk: Medium

    et le rapport de combofix:
    ComboFix 08-02-17.2 - Propriétaire 2008-02-19 13:07:08.2 - NTFSx86
    Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
    C:\Program Files\Search Settings\kb125\res\help.gif
    C:\Program Files\Search Settings\kb125\res\pixel.gif
    C:\Program Files\Search Settings\kb125\res\tab_icon.png
    C:\Program Files\Search Settings\kb125\res\tabdata.js
    C:\Program Files\Search Settings\kb125\res\tablib.js
    C:\Program Files\Search Settings\kb125\res\tabwelcome_en.html
    C:\Program Files\Search Settings\kb125\res\toolbar_background.gif
    C:\Program Files\Search Settings\kb125\res\vista_directions.png
    C:\Program Files\Search Settings\kb125\res\xp_directions.png
    C:\Program Files\Search Settings\kb125\res\yahoo_search.gif
    C:\Program Files\Search Settings\kb125\SearchSettings.dll
    C:\Program Files\Search Settings\SearchSettings.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-19 to 2008-02-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-18 00:13 . 2008-02-18 00:13 <REP> d-------- C:\WINDOWS\Sun
    2008-02-17 22:28 . 2008-02-17 22:28 <REP> d-------- C:\Program Files\Lavalys
    2008-02-17 22:03 . 2008-02-17 22:16 <REP> d-------- C:\Program Files\Jetico
    2008-02-17 21:40 . 2008-02-17 21:40 1,158 --a------ C:\WINDOWS\mozver.dat
    2008-02-17 21:02 . 2008-02-17 21:10 <REP> d-------- C:\Program Files\Navilog1
    2008-02-17 20:17 . 2008-02-17 20:17 0 --a------ C:\WINDOWS\nsreg.dat
    2008-02-17 17:55 . 2008-02-17 17:55 <REP> d-------- C:\Program Files\Avira
    2008-02-17 17:55 . 2008-02-17 17:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-02-17 17:07 . 2008-02-17 17:07 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-17 14:04 . 2008-02-17 14:04 170 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.inf
    2008-02-16 01:47 . 2008-02-16 01:47 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\vlc
    2008-02-16 01:42 . 2008-02-16 01:42 <REP> d-------- C:\Program Files\VideoLAN
    2008-02-16 00:37 . 2008-02-16 00:37 <REP> d-------- C:\WINDOWS\SYSTEM32\bits
    2008-02-15 23:48 . 2008-02-15 23:48 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-02-15 23:42 . 2002-08-29 11:45 4,331,008 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
    2008-02-15 23:42 . 2002-08-29 11:45 2,150,912 --a------ C:\WINDOWS\SYSTEM32\zipfldr.dll
    2008-02-15 23:40 . 2002-08-29 11:45 2,290,176 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
    2008-02-15 23:40 . 2002-08-29 11:45 894,976 --a------ C:\WINDOWS\SYSTEM32\sysdm.cpl
    2008-02-15 23:40 . 2001-08-24 01:47 875,008 --a------ C:\WINDOWS\SYSTEM32\sysocmgr.exe
    2008-02-15 23:40 . 2002-08-29 11:45 677,376 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
    2008-02-15 23:40 . 2001-08-24 01:47 601,088 --a------ C:\WINDOWS\SYSTEM32\sndvol32.exe
    2008-02-15 23:40 . 2001-08-24 01:47 408,576 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
    2008-02-15 23:36 . 2002-08-29 11:45 2,686,976 --a------ C:\WINDOWS\explorer.exe
    2008-02-15 23:36 . 2001-08-24 01:47 1,383,936 --a------ C:\WINDOWS\SYSTEM32\fontext.dll
    2008-02-15 23:36 . 2002-08-29 11:45 1,123,328 --a------ C:\WINDOWS\SYSTEM32\appwiz.cpl
    2008-02-15 23:36 . 2001-08-24 01:47 1,035,264 --a------ C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    2008-02-15 23:36 . 2001-08-24 01:47 548,864 --a------ C:\WINDOWS\SYSTEM32\cleanmgr.exe
    2008-02-15 23:36 . 2001-08-24 01:47 537,088 --a------ C:\WINDOWS\SYSTEM32\cmd.exe
    2008-02-15 23:36 . 2002-08-29 11:45 420,352 --a------ C:\WINDOWS\SYSTEM32\desk.cpl
    2008-02-15 23:36 . 2002-08-29 11:44 331,776 --a------ C:\WINDOWS\SYSTEM32\credui.dll
    2008-02-15 23:36 . 2001-08-24 01:47 266,240 --a------ C:\WINDOWS\SYSTEM32\calc.exe
    2008-02-15 23:36 . 2001-08-24 01:47 218,112 --a------ C:\WINDOWS\SYSTEM32\console.dll
    2008-02-15 23:36 . 2001-08-24 01:47 205,824 --a------ C:\WINDOWS\SYSTEM32\access.cpl
    2008-02-15 23:10 . 2008-02-15 23:13 <REP> d-------- C:\WINDOWS\Packs
    2008-02-15 22:43 . 2005-03-02 19:17 2,044,416 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
    2008-02-15 22:43 . 2005-03-02 19:17 1,959,424 --a------ C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
    2008-02-15 22:41 . 2004-07-09 03:27 974,848 --a------ C:\WINDOWS\SYSTEM32\dxdiag.exe
    2008-02-15 22:40 . 2005-07-26 05:38 1,190,400 --a------ C:\WINDOWS\SYSTEM32\ole32.dll
    2008-02-15 22:39 . 2006-08-25 16:54 561,664 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
    2008-02-15 22:39 . 2001-08-24 01:47 446,976 --a------ C:\WINDOWS\SYSTEM32\certmgr.dll
    2008-02-15 22:39 . 2001-08-24 01:47 359,936 --a------ C:\WINDOWS\SYSTEM32\cards.dll
    2008-02-15 22:39 . 2002-08-29 11:44 333,824 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
    2008-02-15 22:39 . 2001-08-24 01:47 166,400 --a------ C:\WINDOWS\SYSTEM32\ciadmin.dll
    2008-02-15 22:39 . 2001-08-24 01:44 72,192 --a------ C:\WINDOWS\SYSTEM32\acctres.dll
    2008-02-15 22:39 . 2001-08-24 01:47 36,864 --a------ C:\WINDOWS\SYSTEM32\odbccp32.cpl
    2008-02-15 22:39 . 2001-08-24 01:46 27,136 --a------ C:\WINDOWS\SYSTEM32\batmeter.dll
    2008-02-15 22:39 . 2002-08-29 11:44 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
    2008-02-15 22:19 . 2008-02-15 22:19 268 --ah----- C:\sqmdata04.sqm
    2008-02-15 22:19 . 2008-02-15 22:19 244 --ah----- C:\sqmnoopt04.sqm
    2008-02-15 21:17 . 2002-08-29 11:45 204,288 --a------ C:\WINDOWS\SYSTEM32\uxtheme.backup
    2008-02-15 20:08 . 2008-02-15 20:08 <REP> d-------- C:\toto
    2008-02-15 18:57 . 2008-02-15 18:57 <REP> d-------- C:\Program Files\Alwil Software
    2008-02-15 17:48 . 2008-02-15 17:48 479 --a------ C:\WINDOWS\Raccourci vers VBS.lnk
    2008-02-15 16:32 . 2008-02-15 16:32 <REP> d-------- C:\WINDOWS\SYSTEM32\LogFiles
    2008-02-15 16:07 . 2008-02-15 16:49 <REP> d-------- C:\Program Files\Microsoft Bootvis
    2008-02-15 12:21 . 2008-02-15 11:41 368,640 --a------ C:\WINDOWS\VOBSUB.DLL
    2008-02-15 11:52 . 2008-02-15 11:52 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Uniblue
    2008-02-14 21:43 . 2008-02-14 21:43 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\Search Settings
    2008-02-14 21:37 . 2008-02-14 21:37 0 --ah----- C:\WINDOWS\SwSys2.bmp
    2008-02-14 21:37 . 2008-02-14 21:37 0 --ah----- C:\WINDOWS\SwSys1.bmp
    2008-02-14 21:34 . 2008-02-18 14:05 <REP> d-------- C:\Program Files\Piolet
    2008-02-14 17:56 . 2008-02-14 17:56 <REP> d-------- C:\Program Files\uTorrent
    2008-02-14 17:56 . 2008-02-18 22:43 <REP> d-------- C:\Documents and Settings\Propriétaire\Application Data\uTorrent
    2008-02-13 17:15 . 2008-02-13 17:15 268 --ah----- C:\sqmdata03.sqm
    2008-02-13 17:15 . 2008-02-13 17:15 244 --ah----- C:\sqmnoopt03.sqm
    2008-02-13 17:04 . 2008-02-13 19:49 <REP> d-------- C:\Incomplete
    2008-02-13 01:18 . 2008-02-13 01:34 <REP> d-------- C:\e9f8cae94798bccf0267
    2008-02-12 18:09 . 2008-02-12 18:09 <REP> d-------- C:\Program Files\Kaspersky Lab
    2008-02-12 17:58 . 2008-02-17 20:39 <REP> d-------- C:\Program Files\Yahoo!
    2008-02-12 17:56 . 2008-02-12 18:01 <REP> d-------- C:\Program Files\CCleaner
    2008-02-12 13:06 . 2004-08-03 22:43 20,480 --a------ C:\WINDOWS\SYSTEM32\sprecovr.exe
    2008-02-12 12:50 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\003623_.tmp
    2008-02-12 12:37 . 2002-08-29 11:44 155,648 --a------ C:\WINDOWS\SYSTEM32\encdec.dll
    2008-02-12 12:37 . 2002-08-28 23:16 21,343 --a------ C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys
    2008-02-12 12:37 . 2002-08-28 23:16 12,047 --a------ C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys
    2008-02-12 12:37 . 2002-08-28 23:16 11,615 --a------ C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys
    2008-02-12 12:37 . 2002-08-29 11:30 3,584 --a------ C:\WINDOWS\SYSTEM32\dsprpres.dll
    2008-02-12 12:35 . 2002-08-29 12:04 844,675 --a------ C:\WINDOWS\SYSTEM32\ati3d1ag.dll
    2008-02-12 12:35 . 2002-08-29 11:24 450,432 --a------ C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys
    2008-02-12 12:35 . 2002-08-29 11:24 327,168 --a------ C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys
    2008-02-12 12:35 . 2002-08-29 11:44 172,032 --a------ C:\WINDOWS\SYSTEM32\mssap.dll
    2008-02-12 12:35 . 2002-08-28 23:16 56,591 --a------ C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys
    2008-02-12 12:35 . 2002-08-29 01:32 6,912 --a------ C:\WINDOWS\SYSTEM32\drivers\hidir.sys
    2008-02-12 12:34 . 2002-08-29 01:11 162,304 --a------ C:\WINDOWS\SYSTEM32\msctfime.ime
    2008-02-12 12:34 . 2002-08-28 23:16 36,463 --a------ C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys
    2008-02-12 12:34 . 2002-08-29 11:45 31,263 --a------ C:\WINDOWS\SYSTEM32\ativmvxx.ax
    2008-02-12 12:34 . 2002-08-28 23:16 29,455 --a------ C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys
    2008-02-12 12:34 . 2002-08-28 23:16 26,367 --a------ C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys
    2008-02-12 12:34 . 2002-08-29 01:32 19,328 --a------ C:\WINDOWS\SYSTEM32\drivers\usbehci.sys
    2008-02-12 12:34 . 2002-08-29 11:45 18,944 --a------ C:\WINDOWS\SYSTEM32\faxpatch.exe
    2008-02-12 12:34 . 2002-08-29 01:28 13,056 --a------ C:\WINDOWS\SYSTEM32\drivers\wacompen.sys
    2008-02-12 12:34 . 2002-08-29 01:28 11,904 --a------ C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys
    2008-02-12 12:34 . 2002-08-29 11:45 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
    2008-02-12 12:33 . 2004-03-10 19:01 608,256 --a------ C:\WINDOWS\SYSTEM32\dllcache\xpsp2res.dll
    2008-02-12 12:33 . 2002-08-29 11:23 115,712 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
    2008-02-12 12:33 . 2002-08-28 23:16 63,663 --a------ C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys
    2008-02-12 12:33 . 2002-08-29 01:08 27,648 --a------ C:\WINDOWS\SYSTEM32\pidgen.dll
    2008-02-12 12:32 . 2004-07-01 23:08 360,960 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
    2008-02-12 12:32 . 2008-02-10 10:18 166,912 --a------ C:\WINDOWS\SYSTEM32\iuengine.dll
    2008-02-12 12:32 . 2008-02-10 10:18 166,912 --a------ C:\WINDOWS\SYSTEM32\dllcache\iuengine.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-17 19:40 --------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
    2008-02-17 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-17 19:34 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-15 21:47 --------- d-----w C:\Program Files\Google
    2008-02-15 21:31 --------- d-----w C:\Program Files\Canon
    2008-02-15 20:17 204,288 ----a-w C:\WINDOWS\SYSTEM32\uxtheme.dll
    2008-02-13 16:49 3,545,425 ----a-w C:\Program Files\for my peace.mp3
    2008-02-13 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-12 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-12 17:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-10 14:58 --------- d-----w C:\Program Files\Services en ligne
    2008-02-10 09:34 --------- d-----w C:\Program Files\PCProtector
    2008-02-09 21:35 --------- d-----w C:\Program Files\Java
    2008-02-09 20:33 --------- d-----w C:\Program Files\QuickTime
    2008-02-09 20:29 --------- d-----w C:\Program Files\Vertrix 2
    2008-02-09 20:29 --------- d-----w C:\Program Files\Tcl
    2008-02-09 10:57 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AVG7
    2008-02-08 22:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-01-21 21:10 --------- d-----w C:\Program Files\DivXMachine II
    2008-01-16 13:02 24,626 ----a-w C:\WINDOWS\SYSTEM32\ScrrnES.dll
    2008-01-16 13:02 1,376,528 ----a-w C:\WINDOWS\SYSTEM32\msvbvm60.dll
    2008-01-12 15:26 --------- d-----w C:\Program Files\R-TT
    2008-01-12 13:34 118,784 ----a-w C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
    2008-01-12 12:05 --------- d-----w C:\Program Files\ewido
    2008-01-12 11:34 65,536 ----a-w C:\WINDOWS\VIPunins.exe
    2008-01-12 11:32 995,383 ----a-w C:\WINDOWS\SYSTEM32\MFCTB.DLL
    2008-01-12 11:32 290,869 ----a-w C:\WINDOWS\SYSTEM32\MSVCTB.DLL
    2008-01-11 20:50 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
    2008-01-11 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-01-11 19:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\AdobeUM
    2007-12-30 15:52 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\MSN6
    1998-09-29 12:56 10,000 -c--a-w C:\WINDOWS\INF\unregpn.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2000-07-19 08:00 180279]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-08 18:52 171448]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 08:04 52736]
    "KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 13:56 61440]
    "NvCplDaemon"="NvQTwk" []
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-08-07 16:25 143360]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-08-07 15:36 90112]
    "PS2"="C:\WINDOWS\system32\ps2.exe" [2001-07-03 13:13 81920]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 14:14 311350]
    "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 03:01 28739]
    "PCTVOICE"="pctspk.exe" [2001-08-01 17:37 155648 C:\WINDOWS\SYSTEM32\pctspk.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
    "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
    "JeticoPFStartup"="C:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe" [2008-02-01 10:41 418544]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]

    C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
    Y'z Toolbar.lnk - C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2008-02-15 23:47:13 90112]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    hp center.lnk - C:\Program Files\hp center\137903\Program\BackWeb-137903.exe [2001-09-26 19:42:50 16384]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 08:15:56 65588]

    R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
    R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
    R1 bc_hash_f;BC_HASH_Filter;C:\WINDOWS\System32\drivers\bc_hash_f.sys [2008-02-01 10:43]
    R2 Jetico Personal Firewall server;Jetico Personal Firewall server;"C:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe" [2008-02-01 10:42]
    R3 BcfilterMP;BcfilterMP;C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2008-02-01 10:43]
    S1 RFW;R-Firewall Kernel Driver;C:\WINDOWS\System32\rfwnt.sys []
    S2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-01 17:37]
    S2 SetupNT;SetupNT;C:\WINDOWS\System32\SetupNT.sys []
    S3 ADBLOCK.DLL;R-Firewall Plugin(ADBLOCK.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\ADBLOCK.DLL [2005-01-13 17:09]
    S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\System32\DRIVERS\bcfilter.sys [2008-02-01 10:43]
    S3 CONTENT.DLL;R-Firewall Plugin(CONTENT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\CONTENT.DLL [2005-01-13 17:09]
    S3 DNSCACHE.DLL;R-Firewall Plugin(DNSCACHE.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\DNSCACHE.DLL [2005-01-13 17:08]
    S3 FTPFILT.DLL;R-Firewall Plugin(FTPFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\FTPFILT.DLL [2005-01-13 17:09]
    S3 HTMLFILT.DLL;R-Firewall Plugin(HTMLFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\HTMLFILT.DLL [2005-01-13 17:09]
    S3 httpfilt.dll;R-Firewall Plugin(httpfilt.dll);C:\Program Files\R-TT\R-Firewall\Kernel\httpfilt.dll [2005-01-13 17:09]
    S3 IMAPFILT.DLL;R-Firewall Plugin(IMAPFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\IMAPFILT.DLL [2005-01-13 17:09]
    S3 MAILFILT.DLL;R-Firewall Plugin(MAILFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\MAILFILT.DLL [2005-01-13 17:09]
    S3 NNTPFILT.DLL;R-Firewall Plugin(NNTPFILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\NNTPFILT.DLL [2005-01-13 17:09]
    S3 POP3FILT.DLL;R-Firewall Plugin(POP3FILT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\POP3FILT.DLL [2005-01-13 17:09]
    S3 PROTECT.DLL;R-Firewall Plugin(PROTECT.DLL);C:\Program Files\R-TT\R-Firewall\Kernel\PROTECT.DLL [2005-01-13 17:09]
    S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 20:28]
    S3 rspAV;rspAV;C:\WINDOWS\System32\rspav.sys []
    S3 RspAVService;Principal AntiVirus;"C:\WINDOWS\system32\rspavsvc.exe" []
    S3 RTT_CRC_Service;RTT CRC Service;C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe [2004-09-24 17:02]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 01:32]
    S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\w300bus.sys [2006-03-13 15:49]
    S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
    S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
    S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
    S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\w300obex.sys [2006-03-13 15:50]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2002-05-26 18:30:13 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2002-05-28 12:30:12 C:\WINDOWS\Tasks\Rappel d'abonnement 2 auprès de l'ISP.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2002-05-25 12:39:14 C:\WINDOWS\Tasks\Rappel d'abonnement 3 auprès de l'ISP.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2002-05-25 12:39:13 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2007-10-27 12:58:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    "2008-02-15 08:00:01 C:\WINDOWS\Tasks\XoftSpy.job"
    - C:\Program Files\XoftSpy\XoftSpy.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-19 13:14:45
    Windows 5.1.2600 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-19 13:17:58
    ComboFix-quarantined-files.txt 2008-02-19 12:17:50
    ComboFix2.txt 2008-02-18 13:49:59
    .
    2008-02-18 15:51:08 --- E O F ---

    ja t'aporte aussi le rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:59:47, on 19/02/2008
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\jpf.exe"
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Nouveau dossier
    O4 - Startup: Y'z Toolbar.lnk = ?
    O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Jetico Personal Firewall server - Jetico, Inc. - C:\Program Files\Jetico\Jetico Personal Firewall\jpfsrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: Principal AntiVirus (RspAVService) - Unknown owner - C:\WINDOWS\system32\rspavsvc.exe (file missing)
    O23 - Service: RTT CRC Service (RTT_CRC_Service) - Unknown owner - C:\Program Files\R-TT\R-Firewall\Service\RTT_CRC_Service.exe

    --
    End of file - 7390 bytes

    je te remercie de ton aide,le message ne s'afiche plus et mon pc va plus vite
    mais j'ai une petite question que font tous ces cookies dans ces rapports ? ce sont des cookies spyware?
    a b 8 Sécurité
    18 Février 2008 18:43:55

    Analyse le fichier suivant sur VirusTotal puis poste le rapport :
    C:\WINDOWS\system32\rspavsvc.exe
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS