Se connecter / S'enregistrer
Votre question

Au secourrrrrrrrrrr Viiruuuuuuuus

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Février 2008 22:05:16

Coucou, j'ai un virus mais quand je lance mon antivirus avast
j'arive pas à les supprimer comment faire ?
merci de me REPONDRE

Autres pages sur : secourrrrrrrrrrr viiruuuuuuuus

2 Février 2008 23:34:27

bonsoir
tu as l'emplacement du virus?
quel est le chemin de la detection?
3 Février 2008 14:25:11

non comment savoir?
et j'ai des chevals de troie aussi je crois
3 Février 2008 17:03:06

voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:44, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
c:\fotowin\RTETPISv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\lphant\eLePhantClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {159682fc-1dd2-11b2-8845-e695a6654d4d} - C:\WINDOWS\juzqdkzo.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - C:\Program Files\Helper\1201522502.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\MDB1B~1.MAS\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F815EBDCD66A47
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKLM\..\Run: [gpmtatsh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gpmtatsh.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe (file missing)
O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

--
End of file - 13042 bytes
3 Février 2008 18:33:03

ok

Cette procédure doit être imprimée pour que tu puisses l’avoir sous les yeux quand tu seras en mode sans échec.

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFi... ***

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    3 Février 2008 20:58:05

    Raport SDfix:

    SDFix: Version 1.136

    Run by miss-pink on 03/02/2008 at 20:40

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    astq
    FFI
    fvelwow
    jecsst
    ldrsvc
    msupdate
    nested
    smtpdrv
    ztx86

    Path:
    \??\C:\WINDOWS\system32\drivers\astq.tga
    C:\WINDOWS\system32\svchost.exe:exm.exe
    \??\C:\WINDOWS\system32\fvelwow.sys
    \??\C:\WINDOWS\system32\jecsst.sys
    %SystemRoot%\System32\svchost.exe -k netsvcs
    c:\windows\system32\msvcrtd.exe
    \??\C:\WINDOWS\system32\nested.sys
    System32\DRIVERS\smtpdrv.sys
    \??\C:\WINDOWS\system32\ztx86.sys

    astq - Deleted
    FFI - Deleted
    fvelwow - Deleted
    jecsst - Deleted
    ldrsvc - Deleted
    msupdate - Deleted
    nested - Deleted
    smtpdrv - Deleted
    ztx86 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Service NdisWon - Deleted after Reboot
    Service Wcvw55 - Deleted after Reboot

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\drivers\Wcvw55.sys - Deleted
    C:\839718~1 - Deleted
    C:\WINDOWS\luvcrmkb\1.png - Deleted
    C:\WINDOWS\luvcrmkb\2.png - Deleted
    C:\WINDOWS\luvcrmkb\3.png - Deleted
    C:\WINDOWS\luvcrmkb\4.png - Deleted
    C:\WINDOWS\luvcrmkb\5.png - Deleted
    C:\WINDOWS\luvcrmkb\6.png - Deleted
    C:\WINDOWS\luvcrmkb\7.png - Deleted
    C:\WINDOWS\luvcrmkb\8.png - Deleted
    C:\WINDOWS\luvcrmkb\9.png - Deleted
    C:\WINDOWS\luvcrmkb\bottom-rc.gif - Deleted
    C:\WINDOWS\luvcrmkb\config.png - Deleted
    C:\WINDOWS\luvcrmkb\content.png - Deleted
    C:\WINDOWS\luvcrmkb\download.gif - Deleted
    C:\WINDOWS\luvcrmkb\frame-bg.gif - Deleted
    C:\WINDOWS\luvcrmkb\frame-bottom-left.gif - Deleted
    C:\WINDOWS\luvcrmkb\frame-h1bg.gif - Deleted
    C:\WINDOWS\luvcrmkb\head.png - Deleted
    C:\WINDOWS\luvcrmkb\icon.png - Deleted
    C:\WINDOWS\luvcrmkb\indexwp.html - Deleted
    C:\WINDOWS\luvcrmkb\main.css - Deleted
    C:\WINDOWS\luvcrmkb\memory-prots.png - Deleted
    C:\WINDOWS\luvcrmkb\net.png - Deleted
    C:\WINDOWS\luvcrmkb\pc.gif - Deleted
    C:\WINDOWS\luvcrmkb\pc-mag.gif - Deleted
    C:\WINDOWS\luvcrmkb\poloska1.png - Deleted
    C:\WINDOWS\luvcrmkb\poloska2.png - Deleted
    C:\WINDOWS\luvcrmkb\poloska3.png - Deleted
    C:\WINDOWS\luvcrmkb\promowp1.html - Deleted
    C:\WINDOWS\luvcrmkb\promowp2.html - Deleted
    C:\WINDOWS\luvcrmkb\promowp3.html - Deleted
    C:\WINDOWS\luvcrmkb\promowp4.html - Deleted
    C:\WINDOWS\luvcrmkb\promowp5.html - Deleted
    C:\WINDOWS\luvcrmkb\reg.png - Deleted
    C:\WINDOWS\luvcrmkb\repair.png - Deleted
    C:\WINDOWS\luvcrmkb\scr-1.png - Deleted
    C:\WINDOWS\luvcrmkb\scr-2.png - Deleted
    C:\WINDOWS\luvcrmkb\start.png - Deleted
    C:\WINDOWS\luvcrmkb\styles.css - Deleted
    C:\WINDOWS\luvcrmkb\top-rc.gif - Deleted
    C:\WINDOWS\luvcrmkb\vline.gif - Deleted
    C:\WINDOWS\luvcrmkb\wp.png - Deleted
    C:\WINDOWS\mjrjpqud\1.png - Deleted
    C:\WINDOWS\mjrjpqud\2.png - Deleted
    C:\WINDOWS\mjrjpqud\3.png - Deleted
    C:\WINDOWS\mjrjpqud\4.png - Deleted
    C:\WINDOWS\mjrjpqud\5.png - Deleted
    C:\WINDOWS\mjrjpqud\6.png - Deleted
    C:\WINDOWS\mjrjpqud\7.png - Deleted
    C:\WINDOWS\mjrjpqud\8.png - Deleted
    C:\WINDOWS\mjrjpqud\9.png - Deleted
    C:\WINDOWS\mjrjpqud\bottom-rc.gif - Deleted
    C:\WINDOWS\mjrjpqud\config.png - Deleted
    C:\WINDOWS\mjrjpqud\content.png - Deleted
    C:\WINDOWS\mjrjpqud\download.gif - Deleted
    C:\WINDOWS\mjrjpqud\frame-bg.gif - Deleted
    C:\WINDOWS\mjrjpqud\frame-bottom-left.gif - Deleted
    C:\WINDOWS\mjrjpqud\frame-h1bg.gif - Deleted
    C:\WINDOWS\mjrjpqud\head.png - Deleted
    C:\WINDOWS\mjrjpqud\icon.png - Deleted
    C:\WINDOWS\mjrjpqud\indexwp.html - Deleted
    C:\WINDOWS\mjrjpqud\main.css - Deleted
    C:\WINDOWS\mjrjpqud\memory-prots.png - Deleted
    C:\WINDOWS\mjrjpqud\net.png - Deleted
    C:\WINDOWS\mjrjpqud\pc.gif - Deleted
    C:\WINDOWS\mjrjpqud\pc-mag.gif - Deleted
    C:\WINDOWS\mjrjpqud\poloska1.png - Deleted
    C:\WINDOWS\mjrjpqud\poloska2.png - Deleted
    C:\WINDOWS\mjrjpqud\poloska3.png - Deleted
    C:\WINDOWS\mjrjpqud\promowp1.html - Deleted
    C:\WINDOWS\mjrjpqud\promowp2.html - Deleted
    C:\WINDOWS\mjrjpqud\promowp3.html - Deleted
    C:\WINDOWS\mjrjpqud\promowp4.html - Deleted
    C:\WINDOWS\mjrjpqud\promowp5.html - Deleted
    C:\WINDOWS\mjrjpqud\reg.png - Deleted
    C:\WINDOWS\mjrjpqud\repair.png - Deleted
    C:\WINDOWS\mjrjpqud\scr-1.png - Deleted
    C:\WINDOWS\mjrjpqud\scr-2.png - Deleted
    C:\WINDOWS\mjrjpqud\start.png - Deleted
    C:\WINDOWS\mjrjpqud\styles.css - Deleted
    C:\WINDOWS\mjrjpqud\top-rc.gif - Deleted
    C:\WINDOWS\mjrjpqud\vline.gif - Deleted
    C:\WINDOWS\mjrjpqud\wp.png - Deleted
    C:\WINDOWS\PerfInfo\PKYFoNqpC0wp.exe - Deleted
    C:\Program Files\Helper\1201096631.dll - Deleted
    C:\Program Files\Helper\1201116000.dll - Deleted
    C:\Program Files\Helper\1201120829.dll - Deleted
    C:\Program Files\Helper\1201272350.dll - Deleted
    C:\Program Files\Helper\1201292044.dll - Deleted
    C:\Program Files\Helper\1201378749.dll - Deleted
    C:\Program Files\Helper\1201379172.dll - Deleted
    C:\Program Files\Helper\1201522502.dll - Deleted
    C:\Program Files\Helper\superfindout.dll - Deleted
    C:\d.exe - Deleted
    C:\WINDOWS\17PHolmes1148.exe - Deleted
    C:\WINDOWS\mrofinu1148.exe - Deleted
    C:\WINDOWS\system32\0_exception.nls - Deleted
    C:\WINDOWS\hotporn.exe - Deleted
    C:\WINDOWS\ie_32.exe - Deleted
    C:\WINDOWS\system32\drivers\svchost.exe - Deleted
    C:\WINDOWS\system32\drivers\astq.tga - Deleted
    C:\WINDOWS\system32\drivers\fak32.sys - Deleted
    C:\WINDOWS\system32\drivers\khtml.sys - Deleted
    C:\WINDOWS\system32\drivers\retx2.sys - Deleted
    C:\WINDOWS\system32\drivers\symavc32.sys - Deleted
    C:\WINDOWS\system32\fvelwow.sys - Deleted
    C:\WINDOWS\system32\jecsst.sys - Deleted
    C:\WINDOWS\system32\nested.sys - Deleted
    C:\WINDOWS\system32\ztx86.sys - Deleted



    Folder C:\Program Files\Helper - Removed
    Folder C:\WINDOWS\PerfInfo - Removed


    Removing Temp Files...

    ADS Check:



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-03 20:47:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1244


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
    "C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
    "C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
    "C:\\Program Files\\Acer TV-FM\\PowerCinema.exe"="C:\\Program Files\\Acer TV-FM\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\\Program Files\\Acer TV-FM\\PCMService.exe"="C:\\Program Files\\Acer TV-FM\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\13exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\13exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\35exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\35exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\55exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\55exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\26exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\26exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\59exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\59exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\23exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\23exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\34exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\34exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\49exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\49exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\98exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\98exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\83exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\83exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\28exinjs.a2.exe"="C:\\DOCUME~1\\alis\\LOCALS~1\\Temp\\28exinjs.a2.exe:*:Enabled:Microsoft Update"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:D isabled:Skype. The whole world can talk for free."
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:D isabled:Windows© NetMeeting©"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:D ownload Accelerator Plus (DAP)"
    "C:\\Program Files\\Ares MP3\\AresMP3.exe"="C:\\Program Files\\Ares MP3\\AresMP3.exe:*:D isabled:AresMP3"
    "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:D isabled:Azureus"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:D isabled:p artage de l'application RTC"
    "C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE:*:D isabled:Microsoft Office Word"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:p ando Application"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\DOCUME~1\\MDB1B~1.MAS\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\MDB1B~1.MAS\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
    "C:\\Documents and Settings\\M.Massoundi\\xtfrlp.exe"="C:\\Documents and Settings\\M.Massoundi\\xtfrlp.exe:*:Enabled:Windows Service"
    "C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:D isabled:Microsoft Management Console"
    "C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\Neuf\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)"
    "C:\\Program Files\\lphant\\eLePhantClient.exe"="C:\\Program Files\\lphant\\eLePhantClient.exe:*:Enabled:Lphant"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------
    C:\WINDOWS\hotporn.exe Found
    C:\WINDOWS\ie_32.exe Found

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Wed 29 Aug 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
    Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
    Fri 19 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
    Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
    Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
    Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Thu 3 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
    Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
    Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
    Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
    Sat 25 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 25 Nov 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
    Sat 16 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4878a187565d10d360502f64c0bf9b8\BIT64.tmp"

    Finished!

    ______
    Rapporrt Hijacktis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:57:43, on 03/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\system\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {159682fc-1dd2-11b2-8845-e695a6654d4d} - C:\WINDOWS\juzqdkzo.dll
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
    O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
    O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
    O4 - HKLM\..\Run: [gpmtatsh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gpmtatsh.dll"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
    O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 12254 bytes
    3 Février 2008 23:29:30

    re

    tu es vraiment bien infecté...

    1

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    2

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,C:\WINDOWS\system32\rxjdd nvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {159682fc-1dd2-11b2-8845-e695a6654d4d} - C:\WINDOWS\juzqdkzo.dll
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)


    3


    Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

    4

    ajoute un nouveau rapport Hijackthis.
    4 Février 2008 17:59:11

    rapport combofix :
    ComboFix 08-02.03.1 - miss-pink 2008-02-04 17:51:27.1 - NTFSx86
    Endroit: C:\Documents and Settings\miss-pink\Local Settings\Temporary Internet Files\Content.IE5\TFAWRYTI\ComboFix[1].exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\gpmtatsh.dll
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\#SharedObjects\CRFGW36V\iforex.com
    C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\#SharedObjects\CRFGW36V\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\miss-pink\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox
    C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk
    C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk
    C:\Documents and Settings\miss-pink\Menu Démarrer\Programmes\InternetGameBox\Website.lnk
    C:\Program Files\3721
    C:\Program Files\3721\assist\asbar.dll
    C:\Program Files\3721\helper.dll
    C:\Program Files\Accoona
    C:\Program Files\Accoona\ASearchAssist.dll
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\Program Files\messengerskinner
    C:\Program Files\messengerskinner\Conditions générales.url
    C:\Program Files\messengerskinner\Confidentialité.url
    C:\Program Files\messengerskinner\download\defaultPack.cab
    C:\Program Files\messengerskinner\resources\appconfig.xml
    C:\Program Files\messengerskinner\resources\btn.rgn
    C:\Program Files\messengerskinner\resources\btnBnr.rgn
    C:\Program Files\messengerskinner\resources\btnIn.rgn
    C:\Program Files\messengerskinner\resources\btnInNormal.bmp
    C:\Program Files\messengerskinner\resources\btnInOver.bmp
    C:\Program Files\messengerskinner\resources\btnNormal.bmp
    C:\Program Files\messengerskinner\resources\btnNormal.gif
    C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
    C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
    C:\Program Files\messengerskinner\resources\btnOver.bmp
    C:\Program Files\messengerskinner\resources\btnOver.gif
    C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
    C:\Program Files\messengerskinner\resources\btnOverBnr.gif
    C:\Program Files\messengerskinner\resources\languages_v2.xml
    C:\Program Files\messengerskinner\uninst.exe
    C:\Program Files\messengerskinner\Website.url
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\Program Files\winperformance
    C:\Program Files\winperformance\registry_backup\2008.01.22 22.36.53.rb
    C:\Program Files\winperformance\registry_backup\2008.01.23 14.58.50.rb
    C:\Program Files\winperformance\registry_backup\2008.01.24 09.35.30.rb
    C:\Program Files\winperformance\uninstall.exe
    C:\WINDOWS\1151.exe
    C:\WINDOWS\12783.exe
    C:\WINDOWS\15442.exe
    C:\WINDOWS\16364.exe
    C:\WINDOWS\16379.exe
    C:\WINDOWS\16732.exe
    C:\WINDOWS\17578.exe
    C:\WINDOWS\17790.exe
    C:\WINDOWS\18540.exe
    C:\WINDOWS\19822.exe
    C:\WINDOWS\20517.exe
    C:\WINDOWS\23121.exe
    C:\WINDOWS\23888.exe
    C:\WINDOWS\25363.exe
    C:\WINDOWS\27299.exe
    C:\WINDOWS\27303.exe
    C:\WINDOWS\2879.exe
    C:\WINDOWS\3023.exe
    C:\WINDOWS\31553.exe
    C:\WINDOWS\3259.exe
    C:\WINDOWS\33358.exe
    C:\WINDOWS\33755.exe
    C:\WINDOWS\33951.exe
    C:\WINDOWS\34447.exe
    C:\WINDOWS\35480.exe
    C:\WINDOWS\36598.exe
    C:\WINDOWS\3696.exe
    C:\WINDOWS\38228.exe
    C:\WINDOWS\38329.exe
    C:\WINDOWS\3877.exe
    C:\WINDOWS\3987.exe
    C:\WINDOWS\40562.exe
    C:\WINDOWS\4119.exe
    C:\WINDOWS\41565.exe
    C:\WINDOWS\41841.exe
    C:\WINDOWS\42509.exe
    C:\WINDOWS\42731.exe
    C:\WINDOWS\43795.exe
    C:\WINDOWS\44562.exe
    C:\WINDOWS\45324.exe
    C:\WINDOWS\45971.exe
    C:\WINDOWS\46454.exe
    C:\WINDOWS\48421.exe
    C:\WINDOWS\48703.exe
    C:\WINDOWS\50180.exe
    C:\WINDOWS\50186.exe
    C:\WINDOWS\52194.exe
    C:\WINDOWS\52351.exe
    C:\WINDOWS\5273.exe
    C:\WINDOWS\53531.exe
    C:\WINDOWS\54822.exe
    C:\WINDOWS\55769.exe
    C:\WINDOWS\56302.exe
    C:\WINDOWS\5934.exe
    C:\WINDOWS\59669.exe
    C:\WINDOWS\63075.exe
    C:\WINDOWS\63256.exe
    C:\WINDOWS\63767.exe
    C:\WINDOWS\63815.exe
    C:\WINDOWS\65142.exe
    C:\WINDOWS\65560.exe
    C:\WINDOWS\65982.exe
    C:\WINDOWS\66027.exe
    C:\WINDOWS\66208.exe
    C:\WINDOWS\67145.exe
    C:\WINDOWS\67439.exe
    C:\WINDOWS\69667.exe
    C:\WINDOWS\69796.exe
    C:\WINDOWS\70140.exe
    C:\WINDOWS\70200.exe
    C:\WINDOWS\70425.exe
    C:\WINDOWS\71061.exe
    C:\WINDOWS\71087.exe
    C:\WINDOWS\71166.exe
    C:\WINDOWS\7163.exe
    C:\WINDOWS\72355.exe
    C:\WINDOWS\73165.exe
    C:\WINDOWS\75012.exe
    C:\WINDOWS\75416.exe
    C:\WINDOWS\75658.exe
    C:\WINDOWS\76191.exe
    C:\WINDOWS\764.exe
    C:\WINDOWS\77054.exe
    C:\WINDOWS\77748.exe
    C:\WINDOWS\78201.exe
    C:\WINDOWS\78536.exe
    C:\WINDOWS\78846.exe
    C:\WINDOWS\79505.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\80061.exe
    C:\WINDOWS\80139.exe
    C:\WINDOWS\81908.exe
    C:\WINDOWS\82199.exe
    C:\WINDOWS\82476.exe
    C:\WINDOWS\83463.exe
    C:\WINDOWS\84026.exe
    C:\WINDOWS\84777.exe
    C:\WINDOWS\87241.exe
    C:\WINDOWS\87248.exe
    C:\WINDOWS\88662.exe
    C:\WINDOWS\89065.exe
    C:\WINDOWS\89882.exe
    C:\WINDOWS\9698.exe
    C:\WINDOWS\absolute key logger.lnk
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\aconti.ini
    C:\WINDOWS\aconti.log
    C:\WINDOWS\aconti.sdb
    C:\WINDOWS\acontidialer.txt
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\default.htm
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\iexplorr23.dll
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\juzqdkzo.dll
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\kkcomp.dll
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\kvnab.dll
    C:\WINDOWS\kvnab.exe
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\liqad.dll
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\liqui.dll
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\pbsysie.dll
    C:\WINDOWS\settn.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\system\svchost.exe
    C:\WINDOWS\system32\_000006_.tmp.dll
    C:\WINDOWS\system32\_000007_.tmp.dll
    C:\WINDOWS\system32\_000010_.tmp.dll
    C:\WINDOWS\system32\_000011_.tmp.dll
    C:\WINDOWS\system32\_000012_.tmp.dll
    C:\WINDOWS\system32\ace16win.dll
    C:\WINDOWS\system32\acespy
    C:\WINDOWS\system32\acespy\__acelog.ndx
    C:\WINDOWS\system32\acespy\systune.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\WINDOWS\system32\drivers\Xkb20.sys
    C:\WINDOWS\system32\drivers\Ywj39.sys
    C:\WINDOWS\system32\ESHOPEE.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\pplwjfw.dat
    C:\WINDOWS\system32\pplwjfw.exe
    C:\WINDOWS\system32\pplwjfw_nav.dat
    C:\WINDOWS\system32\pplwjfw_navps.dat
    C:\WINDOWS\system32\RTELM.dll
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\wbeCheck.exe
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\xadbrk.dll
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\xubgvmlu.dll
    C:\WINDOWS\xxxvideo.exe

    ----- BITS: Possible sites infectés -----

    hxxp://www.download.windowsupdate.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-04 17:27 . 2008-02-04 17:27 213,227 --a------ C:\WINDOWS\system32\wininet_s3.dll
    2008-02-03 20:38 . 2008-02-03 20:38 <REP> d-------- C:\WINDOWS\ERUNT
    2008-02-03 20:33 . 2008-02-03 20:52 <REP> d-------- C:\SDFix
    2008-02-03 15:29 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-03 15:29 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-03 15:29 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-03 12:49 . 2008-02-03 12:49 <REP> d-------- C:\Documents and Settings\miss-pink\Application Data\Ulead Systems
    2008-02-03 12:46 . 1999-10-15 12:50 1,056,768 --------- C:\WINDOWS\system32\ROBOEX32.DLL
    2008-02-03 12:45 . 2008-02-03 12:45 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
    2008-02-03 12:45 . 2006-07-22 19:37 49,152 --------- C:\WINDOWS\system32\INETWH32.dll
    2008-02-02 12:27 . 2008-02-02 12:28 30 --a------ C:\WINDOWS\Iedit_.INI
    2008-01-30 19:40 . 2005-07-13 11:46 1,570,489 --a------ C:\WINDOWS\system32\sisgl.dll
    2008-01-30 19:40 . 2005-07-13 11:15 904,192 --a------ C:\WINDOWS\system32\sisgrv.dll
    2008-01-30 19:40 . 2005-07-13 11:07 257,024 --a------ C:\WINDOWS\system32\drivers\sisgrp.sys
    2008-01-30 19:40 . 2003-11-27 00:10 65,536 --a------ C:\WINDOWS\system32\sis760.bin
    2008-01-30 19:40 . 2003-11-27 00:10 65,536 --a------ C:\WINDOWS\system32\sis741.bin
    2008-01-30 19:40 . 2005-07-13 11:05 49,152 --a------ C:\WINDOWS\system32\sis660.bin
    2008-01-30 19:40 . 2005-07-13 10:55 28,672 --a------ C:\WINDOWS\system32\SiSPInst.dll
    2008-01-30 19:40 . 2005-07-13 11:48 11,904 --a------ C:\WINDOWS\system32\drivers\srvkp.sys
    2008-01-30 15:56 . 2008-01-30 15:56 29,180 --a------ C:\WINDOWS\system32\wmedia32.exe
    2008-01-28 13:14 . 2001-08-17 21:52 18,688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
    2008-01-28 13:14 . 2001-08-17 21:52 18,688 --a------ C:\WINDOWS\system32\dllcache\cdaudio.sys
    2008-01-28 13:09 . 2008-01-28 13:09 18,432 --a------ C:\cvbkwtb.exe
    2008-01-27 13:52 . 2008-01-27 13:52 <REP> d-------- C:\Program Files\Windows Defender
    2008-01-26 21:26 . 2008-01-26 21:26 33,280 --a------ C:\kkynn.exe
    2008-01-26 21:26 . 2008-01-26 21:26 50 --a------ C:\kkynn.bat
    2008-01-26 14:59 . 2008-02-03 20:44 <REP> d-------- C:\WINDOWS\luvcrmkb
    2008-01-26 14:58 . 2008-01-26 14:58 201,216 --a------ C:\WINDOWS\jmrknipw.dll
    2008-01-26 14:56 . 2008-01-26 14:56 89,617 --a------ C:\WINDOWS\system32\rxjddnvj.exe
    2008-01-26 14:56 . 2008-01-26 14:56 89,617 --a------ C:\WINDOWS\sdebozqn.exe
    2008-01-26 14:56 . 2008-01-26 14:56 40,960 --a------ C:\WINDOWS\fubslaxw.exe
    2008-01-26 07:52 . 2005-11-02 23:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-01-26 07:52 . 2005-11-02 23:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-26 07:52 . 2006-09-12 05:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-01-26 07:52 . 2006-09-12 05:29 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-26 07:52 . 2006-09-12 05:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-01-26 07:52 . 2006-09-12 05:29 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-26 07:52 . 2006-09-12 05:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-01-26 07:52 . 2005-11-03 00:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2008-01-25 15:41 . 2008-01-26 21:25 58,368 --a------ C:\blhhjtpx.exe
    2008-01-24 18:16 . 2008-01-26 11:54 3,390 --a------ C:\WINDOWS\system32\testscript.tmp
    2008-01-23 14:59 . 2008-01-23 14:59 29 --a------ C:\WINDOWS\system32\ssurwwdp.tmp
    2008-01-23 14:49 . 2008-01-23 16:42 258,121 --a------ C:\WINDOWS\system32\sysdamp.exe
    2008-01-23 14:49 . 2008-01-23 14:49 69,493 --------- C:\WINDOWS\system32\drivers\smss.exe
    2008-01-23 14:49 . 2008-01-23 14:49 69,493 --------- C:\WINDOWS\system32\drivers\csrss.exe
    2008-01-23 14:48 . 2008-01-23 14:48 69,493 --------- C:\WINDOWS\system32\drivers\alg.exe
    2008-01-23 12:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-23 12:06 . 2008-01-23 12:06 <REP> d-------- C:\Program Files\Alwil Software
    2008-01-23 12:06 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-23 12:06 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-23 12:06 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-23 12:06 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-22 21:59 . 2008-01-28 13:09 58,368 --a------ C:\upaq.exe
    2008-01-22 10:45 . 2008-01-23 12:50 <REP> d-------- C:\Program Files\DioCleanerPro
    2008-01-22 00:58 . 2008-01-22 00:58 3,776,774 --a------ C:\WINDOWS\PKYFoNqpC0.exe
    2008-01-21 23:12 . 2008-02-03 20:45 <REP> d-------- C:\WINDOWS\mjrjpqud
    2008-01-21 23:12 . 2008-01-21 23:12 183,808 --a------ C:\WINDOWS\raxenuby.dll
    2008-01-21 23:11 . 2008-01-21 23:11 35,840 --a------ C:\WINDOWS\ghqbqnel.exe
    2008-01-21 23:05 . 2008-01-21 23:05 10,752 --a------ C:\bhij.exe
    2008-01-13 14:25 . 2008-01-13 14:35 63,488 --a------ C:\WINDOWS\xobglu16.dll
    2008-01-13 14:25 . 2008-01-13 14:35 23,552 --a------ C:\WINDOWS\xobglu32.dll
    2008-01-05 16:53 . 2008-01-27 10:29 <REP> d-------- C:\Program Files\Fichiers communs\SmartCom
    2008-01-05 16:51 . 2008-01-27 10:33 <REP> d-------- C:\Program Files\SmartCom

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-03 11:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-03 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-02-03 09:40 90,112 ----a-w C:\WINDOWS\DUMP46ec.tmp
    2008-02-02 11:03 --------- d-----w C:\Program Files\Ulead Systems
    2008-02-01 14:49 90,112 ----a-w C:\WINDOWS\DUMP3d09.tmp
    2008-02-01 14:48 90,112 ----a-w C:\WINDOWS\DUMP39fb.tmp
    2008-01-30 21:32 90,112 ----a-w C:\WINDOWS\DUMP3b72.tmp
    2008-01-30 18:46 90,112 ----a-w C:\WINDOWS\DUMP3645.tmp
    2008-01-30 16:42 90,112 ----a-w C:\WINDOWS\DUMP37ab.tmp
    2008-01-30 15:06 90,112 ----a-w C:\WINDOWS\DUMP33c3.tmp
    2008-01-30 15:03 90,112 ----a-w C:\WINDOWS\DUMP35b7.tmp
    2008-01-30 09:12 90,112 ----a-w C:\WINDOWS\DUMP3596.tmp
    2008-01-29 16:16 90,112 ----a-w C:\WINDOWS\DUMP3901.tmp
    2008-01-29 07:22 90,112 ----a-w C:\WINDOWS\DUMP3623.tmp
    2008-01-29 07:06 90,112 ----a-w C:\WINDOWS\DUMP35d5.tmp
    2008-01-29 07:05 90,112 ----a-w C:\WINDOWS\DUMP35a6.tmp
    2008-01-29 07:02 90,112 ----a-w C:\WINDOWS\DUMP35b6.tmp
    2008-01-28 18:19 90,112 ----a-w C:\WINDOWS\DUMP355a.tmp
    2008-01-28 12:39 90,112 ----a-w C:\WINDOWS\DUMP35c6.tmp
    2008-01-28 12:34 90,112 ----a-w C:\WINDOWS\DUMP341f.tmp
    2008-01-28 12:30 90,112 ----a-w C:\WINDOWS\DUMP33c2.tmp
    2008-01-28 12:27 90,112 ----a-w C:\WINDOWS\DUMP3587.tmp
    2008-01-28 12:25 90,112 ----a-w C:\WINDOWS\DUMP3559.tmp
    2008-01-27 23:14 90,112 ----a-w C:\WINDOWS\DUMP3558.tmp
    2008-01-27 23:13 90,112 ----a-w C:\WINDOWS\DUMP3539.tmp
    2008-01-27 13:43 90,112 ----a-w C:\WINDOWS\DUMP3855.tmp
    2008-01-26 20:26 90,112 ----a-w C:\WINDOWS\DUMP37d8.tmp
    2008-01-26 20:20 90,112 ----a-w C:\WINDOWS\DUMP36de.tmp
    2008-01-26 20:19 90,112 ----a-w C:\WINDOWS\DUMP398e.tmp
    2008-01-26 10:52 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-01-26 08:29 90,112 ----a-w C:\WINDOWS\DUMP3911.tmp
    2008-01-25 19:03 90,112 ----a-w C:\WINDOWS\DUMP378a.tmp
    2008-01-25 19:03 90,112 ----a-w C:\WINDOWS\DUMP375b.tmp
    2008-01-25 17:44 90,112 ----a-w C:\WINDOWS\DUMP38d2.tmp
    2008-01-25 17:43 90,112 ----a-w C:\WINDOWS\DUMP3661.tmp
    2008-01-25 16:50 90,112 ----a-w C:\WINDOWS\DUMP36b0.tmp
    2008-01-25 16:49 90,112 ----a-w C:\WINDOWS\DUMP34bc.tmp
    2008-01-25 16:48 90,112 ----a-w C:\WINDOWS\DUMP36ee.tmp
    2008-01-25 16:47 90,112 ----a-w C:\WINDOWS\DUMP3644.tmp
    2008-01-25 16:45 90,112 ----a-w C:\WINDOWS\DUMP3643.tmp
    2008-01-25 16:44 90,112 ----a-w C:\WINDOWS\DUMP36bf.tmp
    2008-01-25 16:43 90,112 ----a-w C:\WINDOWS\DUMP372d.tmp
    2008-01-25 16:42 90,112 ----a-w C:\WINDOWS\DUMP3642.tmp
    2008-01-25 16:41 90,112 ----a-w C:\WINDOWS\DUMP3921.tmp
    2008-01-24 23:50 90,112 ----a-w C:\WINDOWS\DUMP3c1e.tmp
    2008-01-24 15:03 90,112 ----a-w C:\WINDOWS\DUMP31dd.tmp
    2008-01-24 07:58 90,112 ----a-w C:\WINDOWS\DUMP35f4.tmp
    2008-01-24 07:57 90,112 ----a-w C:\WINDOWS\DUMP37aa.tmp
    2008-01-24 07:08 90,112 ----a-w C:\WINDOWS\DUMP35c5.tmp
    2008-01-23 11:50 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
    2008-01-23 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\third lies itch ford
    2008-01-22 09:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
    2008-01-22 09:10 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
    2008-01-15 14:13 --------- d-----w C:\Program Files\Google
    2008-01-09 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-03 13:21 --------- d-----w C:\Program Files\lphant
    2008-01-03 13:15 --------- d-----w C:\Documents and Settings\miss-pink\Application Data\MSNInstaller
    2008-01-03 13:14 --------- d-----w C:\Program Files\LimeWire
    2008-01-02 20:15 --------- d-----w C:\Documents and Settings\miss-pink\Application Data\LimeWire
    2007-12-31 17:24 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-12-31 17:23 --------- d-----w C:\Program Files\Windows Live Favorites
    2007-12-31 17:13 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-27 12:40 303,104 ----a-w C:\WINDOWS\system32\kvkeihife.exe
    2007-12-26 17:15 304,128 ----a-w C:\WINDOWS\system32\evdotsncn.exe
    2007-12-24 20:58 --------- d-----w C:\Program Files\Else plus
    2007-12-19 07:27 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-19 07:27 --------- d-----w C:\Program Files\Circle Developement
    2007-12-19 07:21 290,304 ----a-w C:\WINDOWS\system32\egfobkhg.exe
    2007-12-11 19:03 --------- d-----w C:\Program Files\Ares
    2007-12-11 17:26 300,544 ----a-w C:\WINDOWS\system32\lnbvbdhwj.exe
    2007-12-10 19:20 --------- d-----w C:\Program Files\Java
    2007-12-10 19:14 --------- d-----w C:\Program Files\Fichiers communs\Java
    2007-12-10 16:39 300,544 ----a-w C:\WINDOWS\system32\jtcuzypdy.exe
    2007-12-09 15:43 --------- d-----w C:\Program Files\NewTech Infosystems
    2007-12-09 14:18 289,280 ----a-w C:\WINDOWS\system32\pkbxoc.exe
    2007-12-09 07:44 297,984 ----a-w C:\WINDOWS\system32\vuysmi.exe
    2007-12-08 08:55 --------- d-----w C:\Program Files\D-Tools
    2007-12-06 18:21 291,328 ----a-w C:\WINDOWS\system32\cucpdz.exe
    2007-12-05 06:43 295,424 ----a-w C:\WINDOWS\system32\davryhc.exe
    2007-12-03 16:00 295,936 ----a-w C:\WINDOWS\system32\osqalsr.exe
    2007-12-01 07:39 283,648 ----a-w C:\WINDOWS\system32\suzamw.exe
    2007-11-29 15:59 285,696 ----a-w C:\WINDOWS\system32\ouikbpazv.exe
    2007-11-29 10:46 300,032 ----a-w C:\WINDOWS\system32\riyniu.exe
    2007-11-26 17:11 297,984 ----a-w C:\WINDOWS\system32\waxwidnt.exe
    2007-11-21 08:05 310,272 ----a-w C:\WINDOWS\system32\ljeqbeq.exe
    2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-11-14 07:17 292,352 ----a-w C:\WINDOWS\system32\kamkuz.exe
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-05-29 11:38 0 -c--a-w C:\Program Files\tw10428.dat.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Styles par défaut.asl.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Scripts par défaut.atn.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\SaveforWebStrings.txt.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Outils prédéfinis (défaut).tpl.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Nuancier par défaut.aco.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Motifs par défaut.pat.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Formes perso par défaut.csh.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Formes par défaut.abr.bak
    2007-05-29 11:38 0 -c--a-w C:\Program Files\Formats doc par défaut.txt.bak
    2007-05-29 11:37 0 -c--a-w C:\Program Files\Dégradés par défaut.grd.bak
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
    2008-02-04 17:27 213227 --a------ C:\WINDOWS\system32\wininet_s3.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    {2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}

    [HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 18:19 68856]
    "Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [2007-08-29 15:42 1008880]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Itch ford four knob"="C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe" [2008-02-04 17:43 5001216]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Sysmem32"="C:\WINDOWS\system32\drivers\alg.exe" [2008-01-23 14:48 69493]
    "Memory_chech"="C:\WINDOWS\system32\drivers\smss.exe" [2008-01-23 14:49 69493]
    "Clipboard_x"="C:\WINDOWS\system32\drivers\csrss.exe" [2008-01-23 14:49 69493]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
    "SiSPower"="SiSPower.dll" [2005-07-13 10:55 49152 C:\WINDOWS\system32\SiSPower.dll]
    "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
    "Kernel"="C:\WINDOWS\system\svchost.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-18 01:14]
    R2 RTETAPIService;RTE : Partage TAPI;"c:\fotowin\RTETPISv.exe" [2000-11-07 09:37]
    R3 DCamUSBNW800;TwinkleCam USB Camera;C:\WINDOWS\system32\DRIVERS\pcam800.sys [2002-04-19 17:44]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
    S0 Vpi56;Vpi56;C:\WINDOWS\system32\Drivers\Vpi56.sys []
    S0 WPXT;WinPcap Packet Driver (WPXT);C:\WINDOWS\system32\drivers\WPXT.sys []
    S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-03 20:00:00 C:\WINDOWS\Tasks\AF9AD379916942D1.job"
    - c:\docume~1\abdel\applic~1\elsepl~1\Thunkdeafgreat.exe
    "2008-01-14 07:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-01-27 12:56:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    "2008-02-04 16:30:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-04 17:55:57
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    C:\WINDOWS\system32\msole32.exe 27136 bytes
    C:\WINDOWS\system32\wml.exe 14080 bytes
    C:\WINDOWS\system32\vxddsk.exe 23040 bytes

    Scan terminé avec succès
    Les fichiers cachés: 3

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-04 17:57:01
    ComboFix-quarantined-files.txt 2008-02-04 16:56:53
    .
    2008-01-24 07:53:10 --- E O F ---


    Rapport hyjacktis'

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:58:48, on 04/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\wininet_s3.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
    O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
    O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 10006 bytes


    4 Février 2008 22:00:01

    bonsoir

    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    Vpi56

    File::
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\cvbkwtb.exe
    C:\kkynn.exe
    C:\kkynn.bat
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\fubslaxw.exe
    C:\blhhjtpx.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\upaq.exe
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\ghqbqnel.exe
    C:\bhij.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job

    Folder::
    C:\WINDOWS\luvcrmkb
    C:\Program Files\DioCleanerPro
    C:\WINDOWS\mjrjpqud
    C:\Documents and Settings\All Users\Application Data\third lies itch ford
    C:\Program Files\Else plus
    C:\Program Files\Circle Developement

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sysmem32"=-
    "Itch ford four knob"=-
    "Memory_chech"=-
    "Clipboard_x"=-
    "Kernel"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    +++++++++++++++++++++++
    ajoute un nouveau log hijackthis
    5 Février 2008 16:59:34

    rapport
    ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
    Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\blhhjtpx.exe
    C:\cvbkwtb.exe
    C:\kkynn.bat
    C:\kkynn.exe
    C:\upaq.exe
    C:\WINDOWS\fubslaxw.exe
    C:\WINDOWS\ghqbqnel.exe
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job
    .

    hijacktis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:59, on 2008-02-05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\system\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\wininet_s3.dll
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
    O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
    O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 11972 bytes
    5 Février 2008 21:18:31

    bonsoir

    le rapport de Combofix n'est pas complet:

    Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"
    6 Février 2008 04:07:42

    Mets toi en mode "sans échec" "F4 ou F8, ou les 2 +ctrl+ ou CTRL suppr..., celà depend de ton "settup"....!

    supprimes les"restaurations système"

    Et fais un scann de ton disque dur....!

    Contrairement à ce qu'on dit AVAST est bien....!
    6 Février 2008 04:12:53

    Mais au fait comment fait-ont pour joindre le "modérateur" ?

    6 Février 2008 11:34:03

    Oups je en savais pas qu'il n'etais pas complet:
    ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
    Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\blhhjtpx.exe
    C:\cvbkwtb.exe
    C:\kkynn.bat
    C:\kkynn.exe
    C:\upaq.exe
    C:\WINDOWS\fubslaxw.exe
    C:\WINDOWS\ghqbqnel.exe
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job
    .


    Normalment il est complet
    6 Février 2008 13:42:18

    bonjour
    jls1
    Citation :
    Mets toi en mode "sans échec" "F4 ou F8, ou les 2 +ctrl+ ou CTRL suppr..., celà depend de ton "settup"....!

    supprimes les"restaurations système"

    Et fais un scann de ton disque dur....!

    Contrairement à ce qu'on dit AVAST est bien....!

    ne jamais toucher à la restauration tant que le pc n'est pas totalement désinfecté!

    et Avast est une bouse
    Pourquoi changer ? : Avast! vs Antivir

    hollye tyler

    le rapport de ComboFix n'est toujours pas complet :) 

    fait exactement comme suit:
    Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"
    7 Février 2008 11:29:31

    c'est ce que j'ai fait pourtant je ne comprend pas pourquoi je vais dans poste de travail C: ensuite il y a le dossier combofix et ensuite je vois le bloc notes Combofix
    C'ets toujours celui là:
    ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
    Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\blhhjtpx.exe
    C:\cvbkwtb.exe
    C:\kkynn.bat
    C:\kkynn.exe
    C:\upaq.exe
    C:\WINDOWS\fubslaxw.exe
    C:\WINDOWS\ghqbqnel.exe
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job
    .
    7 Février 2008 11:30:37

    Quand j'ai fait la rechrche j'ai tapè toput ce que tu as dis et on m'a donner lui:
    ComboFix 08-02.05.3 - miss-pink 2008-02-05 16:49:06.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.158 [GMT 1:00]
    Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\blhhjtpx.exe
    C:\cvbkwtb.exe
    C:\kkynn.bat
    C:\kkynn.exe
    C:\upaq.exe
    C:\WINDOWS\fubslaxw.exe
    C:\WINDOWS\ghqbqnel.exe
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job
    .

    La meme choze :) 
    7 Février 2008 12:46:22

    je pense que tu n'as pas attendu la fin de la manipulation

    refais un passage comme suit et surtout, laisse l'outil travailler jusqu'au bout car les fichiers infectieux sont toujours présents.

    Copie (Ctrl+C) le texte ci-dessous :
    Driver::
    Vpi56

    File::
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\cvbkwtb.exe
    C:\kkynn.exe
    C:\kkynn.bat
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\fubslaxw.exe
    C:\blhhjtpx.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\upaq.exe
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\ghqbqnel.exe
    C:\bhij.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job

    Folder::
    C:\WINDOWS\luvcrmkb
    C:\Program Files\DioCleanerPro
    C:\WINDOWS\mjrjpqud
    C:\Documents and Settings\All Users\Application Data\third lies itch ford
    C:\Program Files\Else plus
    C:\Program Files\Circle Developement

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sysmem32"=-
    "Itch ford four knob"=-
    "Memory_chech"=-
    "Clipboard_x"=-
    "Kernel"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    +++++++++++++++++++++++
    ajoute un nouveau log hijackthis
    7 Février 2008 16:58:51

    J'ai fait et sa a refait la meme chose
    :
    ComboFix 08-02.05.3 - miss-pink 2008-02-07 16:44:44.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.157 [GMT 1:00]
    Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Mes documents\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\blhhjtpx.exe
    C:\cvbkwtb.exe
    C:\kkynn.bat
    C:\kkynn.exe
    C:\upaq.exe
    C:\WINDOWS\fubslaxw.exe
    C:\WINDOWS\ghqbqnel.exe
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job
    .

    Incapable d'obtenir les privilèges Système

    RAPORT HIJACKTHIS
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:56, on 2008-02-07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
    O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
    O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 11762 bytes
    7 Février 2008 22:28:13

    bonsoir


    Citation :
    C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Mes documents\CFScript.txt


    voilà le problème. (merci éric ^^)

    tu dois enregistrer le doc CFScript.txt sur ton bureau. pas dans mes documents.
    puis tu fais un glisser déposer comme sur l'image.

    8 Février 2008 20:22:51

    Mme chose je crois!
    ComboFix 08-02.05.3 - miss-pink 2008-02-08 16:53:15.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.141 [GMT 1:00]
    Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\blhhjtpx.exe
    C:\cvbkwtb.exe
    C:\kkynn.bat
    C:\kkynn.exe
    C:\upaq.exe
    C:\WINDOWS\fubslaxw.exe
    C:\WINDOWS\ghqbqnel.exe
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job
    .
    8 Février 2008 22:04:50

    bonsoir

    on va passer un outil avant alors, car c'est possible qu'il y ait un problème de priviléges.

    important: je suis absent la semaine prochaine, les autres helpers sont prévenus mais s'ils t'oublient, tu peux envoyer un mp à angeldark ou à eric71

    Prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant ce fix. Regarde bien les trois petites notes au bas, avant de débuter.
    Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=7

    Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
    • Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
    • Coche Run this program as a task
    • Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Clique OK
    • Il se relancera après les 10 secondes, puis clique sur le bouton Scan for L2M ; les icônes de ton Bureau vont disparaître : c'est normal.
    • Lorsque le scan termine, clique sur le bouton Remove L2M
    • Un message Done Scanning apparaîtra, clique OK.
    • Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer ; clique OK.
    • Ton PC va maintenant s'éteindre.
    • Démarre ton PC normalement.
    • Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt , ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.
    *Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.

    **Si tu reçois un message de ton parefeu que l'outil tente d'accéder à l'internet : accepte.

    ***Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX du lien ci-bas, et place-le dans le dossier C:\Windows\System32.
    http://www.ascentive.com/support/new/images/lib/MSWINSC...

    9 Février 2008 19:03:45

    Ok shamrock ;) 

    Voici le scan:

    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 2008-02-09 18:49:25


    Attempting to delete infected files...

    Making registry repairs.


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{06A2568A-CED6-4187-BB20-400B8C02BE5A}"
    HKCR\Clsid\{06A2568A-CED6-4187-BB20-400B8C02BE5A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{00F33137-EE26-412F-8D71-F84E4C2C6625}"
    HKCR\Clsid\{00F33137-EE26-412F-8D71-F84E4C2C6625}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrateurs - Succeeded


    et HIJACKTIS:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03, on 2008-02-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Itch ford four knob] C:\Documents and Settings\All Users\Application Data\third lies itch ford\dupe user.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
    O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
    O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Kernel] C:\WINDOWS\system\svchost.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 11806 bytes
    10 Février 2008 11:56:37

    Hello :) 

    Sham_Rock ayant pris un repos bien mérité , nous allons continuer ensemble
    Citation :
    Restoring SeDebugPrivilege for Administrateurs - Succeeded

    les privilèges sont restaurés , tu peux retenter le CFScript pour voir
    si il ne fonctionne toujours pas on changera d'outil




    10 Février 2008 12:49:37

    Heu..je voulais juste signaler que en fait quand pour combofix vous dites que un ecran bleu aparait et que c'est marké taper 1 ou 2 sa n'parait pas sa il fait direct le scan il redemarre et voila le rapport
    :
    ComboFix 08-02.05.3 - miss-pink 2008-02-10 12:40:34.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.130 [GMT 1:00]
    Endroit: C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\miss-pink\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\bhij.exe
    C:\blhhjtpx.exe
    C:\cvbkwtb.exe
    C:\kkynn.bat
    C:\kkynn.exe
    C:\upaq.exe
    C:\WINDOWS\fubslaxw.exe
    C:\WINDOWS\ghqbqnel.exe
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job
    .

    10 Février 2008 12:56:19

    Bon , c'est toujours pareil , c'est bizarre ...


    clique sur Demarrer / Panneau de configuration / Options des dossiers , choisis l'onglet Affichage , puis décoche cette option :

    et enfin clique sur OK

    Sélectionne entièrement le contenu du cadre ci-dessous :

    Drivers to unload:
    Vpi56

    registry keys to delete:
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}"

    registry values to delete:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Sysmem32
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Kernel
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Memory_chech
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Clipboard_x
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | Itch ford four knob

    Files to delete:
    C:\WINDOWS\system32\wininet_s3.dll
    C:\WINDOWS\system32\wmedia32.exe
    C:\cvbkwtb.exe
    C:\kkynn.exe
    C:\kkynn.bat
    C:\WINDOWS\jmrknipw.dll
    C:\WINDOWS\system32\rxjddnvj.exe
    C:\WINDOWS\sdebozqn.exe
    C:\WINDOWS\fubslaxw.exe
    C:\blhhjtpx.exe
    C:\WINDOWS\system32\ssurwwdp.tmp
    C:\WINDOWS\system32\sysdamp.exe
    C:\WINDOWS\system32\drivers\smss.exe
    C:\WINDOWS\system32\drivers\csrss.exe
    C:\WINDOWS\system32\drivers\alg.exe
    C:\upaq.exe
    C:\WINDOWS\PKYFoNqpC0.exe
    C:\WINDOWS\raxenuby.dll
    C:\WINDOWS\ghqbqnel.exe
    C:\bhij.exe
    C:\WINDOWS\system32\kvkeihife.exe
    C:\WINDOWS\system32\evdotsncn.exe
    C:\WINDOWS\system32\egfobkhg.exe
    C:\WINDOWS\system32\lnbvbdhwj.exe
    C:\WINDOWS\system32\jtcuzypdy.exe
    C:\WINDOWS\system32\pkbxoc.exe
    C:\WINDOWS\system32\vuysmi.exe
    C:\WINDOWS\system32\cucpdz.exe
    C:\WINDOWS\system32\davryhc.exe
    C:\WINDOWS\system32\osqalsr.exe
    C:\WINDOWS\system32\suzamw.exe
    C:\WINDOWS\system32\ouikbpazv.exe
    C:\WINDOWS\system32\riyniu.exe
    C:\WINDOWS\system32\waxwidnt.exe
    C:\WINDOWS\system32\ljeqbeq.exe
    C:\WINDOWS\system32\kamkuz.exe
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\Tasks\AF9AD379916942D1.job

    Folders to delete:
    C:\WINDOWS\luvcrmkb
    C:\Program Files\DioCleanerPro
    C:\WINDOWS\mjrjpqud
    C:\Documents and Settings\All Users\Application Data\third lies itch ford
    C:\Program Files\Else plus
    C:\Program Files\Circle Developement

    Puis clique droit , choisis Copier
    Ouvre le Bloc-Note , clique droit , choisis Coller afin de coller le contenu du cadre ci-dessus
    Vérifie qu'il ne manque aucune ligne avant de continuer !
    Enregistre le fichier sur ton bureau , nomme le remove.txt

    Télécharge The Avenger [:eric_71:3] < ici

    Dézippe le contenu de l'archive sur ton bureau et pas ailleurs !
    Double-clique sur avenger.exe et clique sur Ok
    Sélectionne Load Script from File et clique sur l'icône en forme de dossier
    Sélectionne le fichier remove.txt qui est sur ton bureau

    Clique sur le feu vert pour lancer le script puis Clique sur Oui
    Accepte de redémarrer ton pc
    Une fois redémarré , Copie / Colle le rapport généré ( C:\avenger.txt )

    ATTENTION , ci vous n'êtes pas la personne concernée ,
    n'appliquez EN AUCUN CAS cette procédure ,
    vous risqueriez d'endommager votre PC !!
    10 Février 2008 13:52:39

    Voila la rapport:
    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\tdkikjwi

    *******************

    Script file located at: \??\C:\jpbfgifw.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver Vpi56 unloaded successfully.
    File C:\WINDOWS\system32\wininet_s3.dll deleted successfully.
    File C:\WINDOWS\system32\wmedia32.exe deleted successfully.
    File C:\cvbkwtb.exe deleted successfully.
    File C:\kkynn.exe deleted successfully.
    File C:\kkynn.bat deleted successfully.
    File C:\WINDOWS\jmrknipw.dll deleted successfully.
    File C:\WINDOWS\system32\rxjddnvj.exe deleted successfully.
    File C:\WINDOWS\sdebozqn.exe deleted successfully.
    File C:\WINDOWS\fubslaxw.exe deleted successfully.
    File C:\blhhjtpx.exe deleted successfully.
    File C:\WINDOWS\system32\ssurwwdp.tmp deleted successfully.
    File C:\WINDOWS\system32\sysdamp.exe deleted successfully.
    File C:\WINDOWS\system32\drivers\smss.exe deleted successfully.
    File C:\WINDOWS\system32\drivers\csrss.exe deleted successfully.
    File C:\WINDOWS\system32\drivers\alg.exe deleted successfully.
    File C:\upaq.exe deleted successfully.
    File C:\WINDOWS\PKYFoNqpC0.exe deleted successfully.
    File C:\WINDOWS\raxenuby.dll deleted successfully.
    File C:\WINDOWS\ghqbqnel.exe deleted successfully.
    File C:\bhij.exe deleted successfully.
    File C:\WINDOWS\system32\kvkeihife.exe deleted successfully.
    File C:\WINDOWS\system32\evdotsncn.exe deleted successfully.
    File C:\WINDOWS\system32\egfobkhg.exe deleted successfully.
    File C:\WINDOWS\system32\lnbvbdhwj.exe deleted successfully.
    File C:\WINDOWS\system32\jtcuzypdy.exe deleted successfully.
    File C:\WINDOWS\system32\pkbxoc.exe deleted successfully.
    File C:\WINDOWS\system32\vuysmi.exe deleted successfully.
    File C:\WINDOWS\system32\cucpdz.exe deleted successfully.
    File C:\WINDOWS\system32\davryhc.exe deleted successfully.
    File C:\WINDOWS\system32\osqalsr.exe deleted successfully.
    File C:\WINDOWS\system32\suzamw.exe deleted successfully.
    File C:\WINDOWS\system32\ouikbpazv.exe deleted successfully.
    File C:\WINDOWS\system32\riyniu.exe deleted successfully.
    File C:\WINDOWS\system32\waxwidnt.exe deleted successfully.
    File C:\WINDOWS\system32\ljeqbeq.exe deleted successfully.
    File C:\WINDOWS\system32\kamkuz.exe deleted successfully.


    File C:\WINDOWS\system32\Drivers\Vpi56.sys not found!
    Deletion of file C:\WINDOWS\system32\Drivers\Vpi56.sys failed!

    Could not process line:
    C:\WINDOWS\system32\Drivers\Vpi56.sys
    Status: 0xc0000034

    File C:\WINDOWS\system32\msole32.exe deleted successfully.
    File C:\WINDOWS\system32\wml.exe deleted successfully.
    File C:\WINDOWS\system32\vxddsk.exe deleted successfully.
    File C:\WINDOWS\Tasks\AF9AD379916942D1.job deleted successfully.


    Folder C:\WINDOWS\luvcrmkb not found!
    Deletion of folder C:\WINDOWS\luvcrmkb failed!

    Could not process line:
    C:\WINDOWS\luvcrmkb
    Status: 0xc0000034



    Folder C:\Program Files\DioCleanerPro not found!
    Deletion of folder C:\Program Files\DioCleanerPro failed!

    Could not process line:
    C:\Program Files\DioCleanerPro
    Status: 0xc0000034



    Folder C:\WINDOWS\mjrjpqud not found!
    Deletion of folder C:\WINDOWS\mjrjpqud failed!

    Could not process line:
    C:\WINDOWS\mjrjpqud
    Status: 0xc0000034



    Folder C:\Documents and Settings\All Users\Application Data\third lies itch ford not found!
    Deletion of folder C:\Documents and Settings\All Users\Application Data\third lies itch ford failed!

    Could not process line:
    C:\Documents and Settings\All Users\Application Data\third lies itch ford
    Status: 0xc0000034



    Folder C:\Program Files\Else plus not found!
    Deletion of folder C:\Program Files\Else plus failed!

    Could not process line:
    C:\Program Files\Else plus
    Status: 0xc0000034



    Folder C:\Program Files\Circle Developement not found!
    Deletion of folder C:\Program Files\Circle Developement failed!

    Could not process line:
    C:\Program Files\Circle Developement
    Status: 0xc0000034

    Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} deleted successfully.
    Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Sysmem32 deleted successfully.
    Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Kernel deleted successfully.
    Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Memory_chech deleted successfully.
    Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Clipboard_x deleted successfully.
    Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Itch ford four knob deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
    10 Février 2008 17:01:26


    Ah , ça fait un bon ménage :) 

    Reposte un HiJackThis

    10 Février 2008 18:26:54

    Ok =)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:26, on 2008-02-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 11332 bytes
    10 Février 2008 18:47:16

    Re ,


    Relance HiJackThis clique cette fois sur [do a system scan only]
    coche dans les cases à gauche les lignes suivantes ( et uniquement celles-ci ) :
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspe1.dll

    et clique sur [Fix checked] ( en bas à gauche )
    A la demande de confirmation , répond Oui

    ---------------------------------------------------

    Supprime :

    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\speed-bit

    reposte un Hijackthis



    10 Février 2008 19:24:55

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:24, on 2008-02-10
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 9059 bytes
    11 Février 2008 02:31:03

    Ok ,

    c'est bien plus clair :) 

    Télécharge Clean [:eric_71:4] < ici

    décompresse-le sur ton bureau ( extraire tous les fichiers) , tu obtient un dossier clean
    Ouvre le dossier clean, double-clique sur clean.cmd ( le .cmd peut ne pas apparaitre )
    choisis l'option 1 puis patiente

    un rapport est généré , poste ce rapport ( C:\rapport_clean.txt )
    11 Février 2008 11:49:54

    Rapoort:

    2008-02-11 a 11:40:22.93

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\
    C:\WINDOWS\hotporn.exe FOUND

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\bdod.bin FOUND
    C:\WINDOWS\764.exe FOUND
    C:\WINDOWS\pbar.dll FOUND
    C:\WINDOWS\flt.dll FOUND
    C:\WINDOWS\7search.dll FOUND
    C:\WINDOWS\system\svchost.exe FOUND
    11 Février 2008 20:53:04

    Re ,

    ben y'en à encore

    redemarre en mode sans echec : >> Comment démarrer en mode Sans Echec <<

    Ouvre le dossier clean, double-clique sur clean.cmd
    Choisis l'option 2 et patiente
    Redémarre normalement

    Poste le rapport ( C:\rapport_clean.txt )

    11 Février 2008 22:10:49

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 2008-02-11 a 22:03:51.26

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\
    tentative de suppression de C:\WINDOWS\hotporn.exe

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\bdod.bin
    tentative de suppression de C:\WINDOWS\764.exe
    tentative de suppression de C:\WINDOWS\pbar.dll
    tentative de suppression de C:\WINDOWS\flt.dll
    tentative de suppression de C:\WINDOWS\7search.dll
    tentative de suppression de C:\WINDOWS\system\svchost.exe
    11 Février 2008 22:16:43

    Ok :) 

    Télécharge ToolsCleaner2 [:eric_71:15] < ici

    Installe le sur ton Bureau
    Clique sur [Recherche] pour lancer le scan
    Clique sur [Supprimer] pour nettoyer les outils utilisés
    Clique sur [Quitter] , ceci va créer un rapport
    Poste le rapport ( C:\TCleaner.txt )

    ----------------------------------------------------

    Fais un scan en ligne Kaspersky [:eric_71:19] < ici avec Internet Explorer !

    Clique sur Demarrer Online-Scanner ( en bas à droite )
    Clique sur J'accepte , si necessaire valide l'installation des ActiveX
    laisse installer les Mises à jour , choisis l'analyse du Poste de travail

    à la fin de l'analyse , Sauvegarde le rapport puis colle le dans ta réponse

    Si tu vois ce message : La licence de Kaspersky On-line Scanner est périmée
    vas dans Ajout / Suppression de programmes et désinstalle On-Line Scanner
    retourne sur le site et retente le scan

    12 Février 2008 12:54:29

    rapport Tcleaner:
    -->- Recherche:

    C:\Combofix: trouvé !
    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\avenger.zip: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\Clean.zip: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\Look2Me-Destroyer.exe: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\tar.exe: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\remove.reg: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\pskill.exe: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\LFiles.exe: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\gzip.exe: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\delsiri.cmd: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\delr.cmd: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\del3.cmd: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\del2.cmd: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\clean.cmd: trouvé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\cherche.cmd: trouvé !
    C:\Documents and Settings\miss-pink\Local Settings\Temp\Répertoire temporaire 1 pour avenger.zip\avenger.exe: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\avenger.zip: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\Clean.zip: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\Look2Me-Destroyer.exe: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\ComboFix.exe: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\tar.exe: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\remove.reg: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\pskill.exe: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\LFiles.exe: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\gzip.exe: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\delsiri.cmd: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\delr.cmd: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\del3.cmd: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\del2.cmd: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\clean.cmd: supprimé !
    C:\Documents and Settings\miss-pink\Bureau\clean\clean\cherche.cmd: supprimé !
    C:\Documents and Settings\miss-pink\Local Settings\Temp\Répertoire temporaire 1 pour avenger.zip\avenger.exe: Erreur de suppression !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Pour kasperskys a beugue sa ne marche pas pour l'instant il y a toujours un problème de connexion

    12 Février 2008 20:41:10

    Re ,

    Citation :
    Pour kasperskys a beugue sa ne marche pas pour l'instant il y a toujours un problème de connexion

    Humm .. tu le fais bien avec Internet Explorer hein ? pas un autre navigateur ?

    12 Février 2008 21:14:10

    Oui je n'ai que ca internet explorer
    14 Février 2008 11:03:53

    Voila le raport :
    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-02-14 11:01:50
    PROTECTIONS: 1
    MALWARE: 70
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.7.1098 [VPS 080213-1] 4.7.1098 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00027660 adware/savenow Adware No 0 Yes No hkey_local_machine\software\classes\wuse.1
    00027660 adware/savenow Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{763bd795-24ae-44d7-82d8-f9a1ee799729}
    00035917 adware/ist.sidefind Adware No 0 Yes No hkey_classes_root\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}
    00040319 adware/activesearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7}
    00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f}
    00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
    00040735 adware/whenusearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
    00040735 adware/whenusearch Adware No 0 Yes No hkey_classes_root\wuse.1
    00047327 adware/adsincontext Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{029E02F0-A0E5-4B19-B958-7BF2DB29FB13}
    00048242 adware/404search Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
    00120993 adware/deskwizz Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4dfb-9693-23AB7686A456}
    00132710 dialer.xd Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44A1-9F4543D34546}
    00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@trafficmp[1].txt
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@casalemedia[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@atdmt[2].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@tradedoubler[1].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@247realmedia[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@fastclick[2].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@tribalfusion[1].txt
    00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@as-eu.falkag[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@mediaplex[1].txt
    00147424 Cookie/Luckynugget TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.luckynugget[1].txt
    00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@pacificpoker[2].txt
    00149046 Cookie/Casinotropez TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@casinotropez[1].txt
    00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@revenue[2].txt
    00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@findwhat[1].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@com[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@xiti[1].txt
    00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@fe.lea.lycos[2].txt
    00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg.hitbox[2].txt
    00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@azjmp[1].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@toplist[1].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@statcounter[2].txt
    00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@perf.overture[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@apmebf[1].txt
    00168068 Cookie/Lop TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.lop[2].txt
    00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@bilbo.counted[1].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@burstnet[1].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@bs.serving-sys[2].txt
    00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[3].txt
    00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@as1.falkag[1].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@weborama[3].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adtech[2].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@server.iad.liveperson[2].txt
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@fl01.ct2.comclick[1].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@advertising[1].txt
    00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@statse.webtrendslive[1].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@ads.pointroll[2].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@overture[2].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@realmedia[2].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@questionmarket[2].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@zedo[1].txt
    00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@metriweb[1].txt
    00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[1].txt
    00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@cassava[1].txt
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[2].txt
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adultfriendfinder[2].txt
    00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@go[1].txt
    00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@searchportal.information[2].txt
    00206648 adware/activshopper Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}
    00206648 adware/activshopper Adware No 0 Yes No c:\program files\e-zshopper
    00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@adviva[2].txt
    00218901 adware/adbars Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641EF3-8A7A-4D84-8659-B0911E947CC8}
    00221182 adware/eshopper Adware No 0 Yes No c:\windows\system32\eshopee.exe
    00235137 application/activitymon HackTools No 0 Yes No c:\program files\amsys
    00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@atwola[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@smartadserver[2].txt
    00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg-dig.hitbox[2].txt
    01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
    02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\68993.exe
    02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\71949.exe
    02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\86325.exe
    02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\22741.exe
    02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\38207.exe
    02898959 Adware/Sysdamper Adware No 1 Yes No C:\WINDOWS\29242.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================


    Par contre au dessous c'etait marquè desinfecter mais je ne peux pas le faire car il faut s'inscrire
    14 Février 2008 19:43:46

    Re ,

    Télécharge OTMoveIt2 [:eric_71:2] < ici

    Sauvegarde-le sur ton Bureau
    Séléctionne l'encadré ci-dessous , puis Clique droit , puis Copier :
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@trafficmp[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@casalemedia[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@doubleclick[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@atdmt[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@tradedoubler[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@247realmedia[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@fastclick[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@tribalfusion[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@as-eu.falkag[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@mediaplex[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.luckynugget[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@pacificpoker[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@casinotropez[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@revenue[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@findwhat[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@com[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@xiti[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@fe.lea.lycos[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg.hitbox[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@azjmp[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@toplist[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@statcounter[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@perf.overture[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@apmebf[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.lop[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@bilbo.counted[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@burstnet[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@serving-sys[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@bs.serving-sys[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[3].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@as1.falkag[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@weborama[3].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adtech[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@server.iad.liveperson[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@fl01.ct2.comclick[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@advertising[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@statse.webtrendslive[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@ads.pointroll[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@overture[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@realmedia[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@questionmarket[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@zedo[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@metriweb[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@cassava[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adultfriendfinder[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@go[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@searchportal.information[2].txt
    c:\program files\e-zshopper
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adviva[2].txt
    c:\windows\system32\eshopee.exe
    c:\program files\amsys
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@atwola[1].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@smartadserver[2].txt
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg-dig.hitbox[2].txt
    C:\WINDOWS\PSEXESVC.EXE
    C:\WINDOWS\68993.exe
    C:\WINDOWS\71949.exe
    C:\WINDOWS\86325.exe
    C:\WINDOWS\22741.exe
    C:\WINDOWS\38207.exe
    C:\WINDOWS\29242.exe

    Lance maintenant OTMoveIt en double cliquant sur OTMoveIt.exe
    Deux cadres apparaissent , clique droit sur le cadre de gauche , puis Coller
    Enfin , clique sur [MoveIt!][/#f]

    [#ff0000]Il est possible qu'il te demande de redemarrer , accepte en cliquant sur YES

    Poste le rapport généré ( C:\_OTMoveIt\MovedFiles\date de création )

    -----------------------------------------------------------

    Télécharge ce fichier : http://cjoint.com/?cotlKdnvMS

    Décompresse le sur ton bureau , double clique dessus et accèpte l'inscription des données

    -----------------------------------------------------------

    Tu as toujours des problèmes ?

    14 Février 2008 20:49:50

    Bah nan maintenant il n'ya plus de pubs, mon arière plan est toujour le meme il ne mettent plus l'ecran bleu^^
    Rapport:
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@trafficmp[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@casalemedia[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@doubleclick[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@atdmt[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@tradedoubler[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@247realmedia[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@fastclick[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@tribalfusion[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@as-eu.falkag[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@mediaplex[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.luckynugget[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@pacificpoker[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@casinotropez[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@revenue[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@findwhat[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@com[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@xiti[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@fe.lea.lycos[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg.hitbox[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@azjmp[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@toplist[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@statcounter[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@perf.overture[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@apmebf[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@www.lop[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@bilbo.counted[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@burstnet[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@serving-sys[1].txt moved successfully.
    File/Folder C:\Documents and Settings\miss-pink\Cookies\miss-pink@bs.serving-sys[2].txt not found.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[3].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@as1.falkag[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@weborama[3].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adtech[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@server.iad.liveperson[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@fl01.ct2.comclick[1].txt moved successfully.
    File/Folder C:\Documents and Settings\miss-pink\Cookies\miss-pink@advertising[1].txt not found.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@statse.webtrendslive[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@ads.pointroll[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@overture[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@realmedia[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@questionmarket[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@zedo[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@metriweb[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@888[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@cassava[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adrevolver[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adultfriendfinder[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@go[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@searchportal.information[2].txt moved successfully.
    c:\program files\e-zshopper moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@adviva[2].txt moved successfully.
    c:\windows\system32\eshopee.exe moved successfully.
    c:\program files\amsys moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@atwola[1].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@smartadserver[2].txt moved successfully.
    C:\Documents and Settings\miss-pink\Cookies\miss-pink@ehg-dig.hitbox[2].txt moved successfully.
    C:\WINDOWS\PSEXESVC.EXE moved successfully.
    C:\WINDOWS\68993.exe moved successfully.
    C:\WINDOWS\71949.exe moved successfully.
    C:\WINDOWS\86325.exe moved successfully.
    C:\WINDOWS\22741.exe moved successfully.
    C:\WINDOWS\38207.exe moved successfully.
    C:\WINDOWS\29242.exe moved successfully.

    OTMoveIt2 v1.0.20 log created on 02142008_204652


    Mais esq'uil y a toujours les virus, est-ce que je peux effacer fin, suprimer les autres logiciels que vous m'avez fait installer


    14 Février 2008 21:37:01

    Re ,
    Citation :
    Mais esq'uil y a toujours les virus

    Non , cette fois c'est tout bon :) 
    Citation :
    suprimer les autres logiciels que vous m'avez fait installer

    On vérifie un dernier détail , reposte un HiJackThis
    14 Février 2008 22:17:03

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:16, on 2008-02-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    C:\Program Files\Neuf\Media Center\MediaCenter.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Neuf\Media Center\httpd\httpd.exe
    C:\Program Files\lphant\eLePhantClient.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\miss-pink\Bureau\PhotoFiltre.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RTE : Partage TAPI (RTETAPIService) - RTE Software - c:\fotowin\RTETPISv.exe
    O24 - Desktop Component 0: (no name) - http://www.fond-ecran-photo.com/upload/Stars-Femmes/ima...

    --
    End of file - 9306 bytes
    17 Février 2008 18:42:33

    Pourquoi desinstaller avast il est super =)
    18 Février 2008 01:56:06

    Citation :
    Pourquoi desinstaller avast il est super =)

    :??:  tu as lu le lien que je t'ai donné sur les Antivirus ?

    On voit tous les jours des centaines de personnes infectées et 9 sur 10 ont Avast , si toutes ces personnes avait Antivir à la place déjà la moitié d'entre elles ne seraient pas venues car elles ne se seraient pas fait infecter ( cela n'empêche pas qu'un Antivirus ne protège pas de tout )

    Tu peux choisir de le garder , mais sache que tu n'es pas protégé correctement.

    18 Février 2008 10:37:15

    Ok j'ai compris c'est mieux que j'installe celui là :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS