Votre question

virus cheval de troie///// c pas toi

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Janvier 2008 17:06:13

bonjour,
j ai attrape le virus, j ai fais plusieurs manipulations, je croyais que c etait bon mais mon pc se coupe tout seul donc j ai encore ce virus qui se balade
aidez moi a le virer
merci

Autres pages sur : virus cheval troie

a b 8 Sécurité
25 Janvier 2008 19:10:23

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
25 Janvier 2008 21:37:20

MSNFix 1.642

C:\Documents and Settings\HP_Propri‚taire\Bureau\MSNFix\MSNFix
Fix exécuté le 2008-01-25 - 21:29:05.96 By HP_Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\nested.sys

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

/!\ ... C:\WINDOWS\system32\nested.sys



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

/!\ ... C:\WINDOWS\system32\nested.sys



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-01-25_213143.17.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Contenus similaires
25 Janvier 2008 21:54:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mail.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: .protected
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: windows mail service - Unknown owner - C:\WINDOWS\mail.exe
O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

--
End of file - 7710 bytes
a b 8 Sécurité
25 Janvier 2008 22:04:32

Re,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
25 Janvier 2008 22:15:50

SmitFraudFix v2.274

Rapport fait à 22:13:20.51, 2008-01-25
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mail.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.neufportail.fr/layout/img/header_home_bg_cor..."
"SubscribedURL"="http://www.neufportail.fr/layout/img/header_home_bg_cor..."
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.neufportail.fr/"
"SubscribedURL"="http://www.neufportail.fr/"
"FriendlyName"="Neuf Cegetel, neufportail.fr"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6D74B5E0-767A-4331-9C46-A071AE53A356}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6D74B5E0-767A-4331-9C46-A071AE53A356}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6D74B5E0-767A-4331-9C46-A071AE53A356}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

a b 8 Sécurité
25 Janvier 2008 22:22:19

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    25 Janvier 2008 22:51:44

    ComboFix 08-01-23.1C - HP_Propriétaire 2008-01-25 22:46:42.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.74 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.protected
    .
    ---- Previous Run -------
    .
    C:\.protected
    C:\Documents and Settings\All Users\Application Data.\cfejcjsf.dll
    C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\.protected
    C:\Program Files\Helper
    C:\Program Files\Helper\superfindout.dll
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\Program Files\winperformance
    C:\Program Files\winperformance\registry_backup\2008.01.24 17.50.28.rb
    C:\Program Files\winperformance\uninstall.exe
    C:\WINDOWS\.protected
    C:\WINDOWS\PerfInfo
    C:\WINDOWS\PerfInfo\zDbIAdp186wp.exe
    C:\WINDOWS\system32\4_exception.nls
    C:\WINDOWS\system32\drivers\etc\.protected
    C:\WINDOWS\zsxetabu.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\runtime






    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
    2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
    2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
    2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
    2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
    2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
    2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
    2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
    2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
    2008-01-23 08:35 . 2008-01-23 08:35 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
    2008-01-22 19:44 . 2008-01-22 19:44 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
    2008-01-22 14:10 . 2008-01-22 14:10 565,248 -r-hs---- C:\WINDOWS\mail.exe
    2008-01-22 02:47 . 2008-01-22 02:47 3,776,774 --a------ C:\WINDOWS\zDbIAdp186.exe
    2008-01-22 00:47 . 2008-01-22 00:47 <REP> d-------- C:\WINDOWS\dlgvtdea
    2008-01-22 00:46 . 2008-01-22 00:46 199,168 --a------ C:\WINDOWS\xenyteja.dll
    2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
    2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-09 20:23 . 2008-01-25 22:40 <REP> d-------- C:\Program Files\lx_cats
    2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
    2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
    2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
    2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
    2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
    2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
    2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
    2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
    2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
    2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
    2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
    2008-01-19 08:55 --------- d-----w C:\Program Files\eMule
    2008-01-19 08:33 --------- d-----w C:\Program Files\Google
    2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "FlyAway"="" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
    "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
    "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
    "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    R2 windows mail service;windows mail service;"C:\WINDOWS\mail.exe" [2008-01-22 14:10]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-25 21:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-01-25 21:47:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 22:48:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-25 22:50:10
    ComboFix-quarantined-files.txt 2008-01-25 21:50:02
    .
    2008-01-09 18:11:30 --- E O F ---
    26 Janvier 2008 00:27:56

    svp la suite
    merci
    26 Janvier 2008 14:02:07

    Avira AntiVir PersonalEdition Classic
    *************************************

    Copyright © 2007 Avira GmbH.
    All rights reserved.


    Inhalt
    ******

    0 Important information
    1 System requirements
    2 Important requirements for an installation
    3 Incompatibilities with other programs
    4 Support service
    5 Contact address


    0 Important information
    ***********************

    Users who have up to now installed an ANSI version of the Avira
    AntiVir PersonalEdition Classic software pack on a Microsoft Windows
    NT, Microsoft Windows 2000 or Microsoft Windows XP operating system,
    receive update information when attempting to update.

    When updating, please proceed as follows:

    1. Deinstall the installed version of the Avira AntiVir
    PersonalEdition Classic.
    2. Download a current software pack from the downoad section of the
    Avira AntiVir PersonalEdition Classic website
    http://www.free-av.com.
    3. Install this software pack on your computer.

    1 System requirements
    *********************

    In order for Avira AntiVir PersonalEdition Classic to run properly,
    the computer system must fulfill the following requirements:

    - Computer: Pentium or higher, at least 133 MHz

    - Operating system
    - Microsoft Windows Vista or
    - Microsoft Windows XP Home or Professional, or
    - Microsoft Windows 2000, SP 4 recommended

    Avira AntiVir PersonalEdition Classic also supports Microsoft Windows
    XP x64 Edition.

    The display of the program interfaces can differ, depending on the
    operating system used.

    - 30 MB free memory on the hard disk (more if quarantine is used)

    - Min. 100 MB temporary memory on the hard disk

    - Min. 25 MB of free main memory

    - For all installations: Internet Explorer 5.0 or higher

    - For the installation of Avira AntiVir PersonalEdition Classic:
    administrator rights

    Note
    ----

    - If there is no Internet Explorer 5.0 or higher available on your
    system, you can download it under the following address:

    http://www.microsoft.com/windows/ie/downloads/default.m...


    2 Important requirements for an installation
    ********************************************

    Ensure that the following requirements are fulfilled so that Avira
    AntiVir PersonalEdition Classic works properly on your computer:

    - System requirements fulfilled
    - No other on-access scanner (also called Guard) installed
    - Installer has administrator rights
    - Internet/Intranet connection available
    - All running programs on the computer exited


    3 Incompatibilities with other programs
    ***************************************

    Cygwin

    If the Avira AntiVir PersonalEdition Classic runs on a system where
    the product Cygwin is installed, you might encounter problems with
    updating the Avira AntiVir PersonalEdition Classic. In a worst case
    scenario you might not be able to update the Avira AntiVir
    PersonalEdition Classic at all. Background to this behavior is the
    fact that the cygwin process "cygrun.srv.exe" together with the
    Microsoft Client/Server runtime server subsystem ("csrss.exe) causes
    a complete load of the system once the update process of the Avira
    AntiVir PersonalEdition Classic is started. It is therefore strongly
    recommended to deinstall Cygwin before the Avira AntiVir
    PersonalEdition Classic is installed.


    4 Support service
    *****************

    If you have problems please try first to solve them using the
    integrated help system and the user manual (Download at:
    http://www.free-av.com). For harder problem, please feel free to
    post a message to our bulletin board at http://forum.avira.de or
    to call our Support-Hotline.

    Please also feel free to post bug reports, hints, feature requests
    and anything else related to the Avira AntiVir PersonalEdition
    Classic to this Bulletin Board.

    Please note that technical inquiries can only be anserwered via our
    Support-Forum or our Support-Hotline.


    Support-Forum
    -------------

    ...our forum is available for you at any time!

    The forum, which is subdivided into clear categories offers you the
    possibility to exchange yourself online with other users and our
    employees of the customer support. An up-to-date, electronic
    bulletin board that is coordinated by our moderators is available.
    Our experience multiplies with the experience from the users of
    AntiVir all over the world. Have a look on it without any
    obligation...

    http://forum.avira.de


    Support-Hotline
    ---------------

    Germany: 0900 10 11 333 (1,99 Euro/Min*)
    Austria: 0900 51 03 61 121 (2,16 Euro/Min*)
    Switzerland: 0900 51 03 61 (4,23 CHF/Min*)

    * Prices are subject to change.

    Mo - Fr between 10 a.m. and 7 p.m.


    5 Contact
    *********

    Avira GmbH
    Lindauer Str. 21
    D-88069 Tettnang
    Germany

    Internet: http://www.free-av.com
    a b 8 Sécurité
    26 Janvier 2008 14:05:32

    Tu as regardé le tuto au moins ? ...
    26 Janvier 2008 14:09:32

    dsl le voila


    AntiVir PersonalEdition Classic
    Report file date: samedi 26 janvier 2008 14:05

    Scanning for 835736 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: HP_Propriétaire
    Computer name: NOM-EB85C523610

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
    ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
    ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
    AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Windows System Directory
    Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 26 janvier 2008 14:05

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ezprint.exe' - '1' Module(s) have been scanned
    Scan process 'lxcrmon.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
    Scan process 'mail.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lxcrcoms.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    42 processes with 42 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '37' files ).


    Starting the file scan:

    Begin scan in 'C:\WINDOWS\system32'
    C:\WINDOWS\system32\fvelwow.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\nested.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\ztx86.sys
    [WARNING] The file could not be opened!


    End of the scan: samedi 26 janvier 2008 14:08
    Used time: 03:35 min

    The scan has been done completely.

    415 Scanning directories
    9089 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    9089 Files not concerned
    8 Archives were scanned
    3 Warnings
    0 Notes

    a b 8 Sécurité
    26 Janvier 2008 14:18:57

    Reposte un rapport Hijackthis.
    26 Janvier 2008 14:22:03

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:21:45, on 26/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\mail.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O23 - Service: windows mail service - Unknown owner - C:\WINDOWS\mail.exe
    O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
    O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

    --
    End of file - 7526 bytes
    a b 8 Sécurité
    26 Janvier 2008 17:52:25

    C'est mieux ?
    26 Janvier 2008 18:35:34

    non a chq fois que je le demarre il se lance au moin 3 ou 4 fois et il a un rapport d erreur qui s affiche et voila le resultat
    Malheureusement, le rapport d''erreurs que vous avez envoyé est corrompu et ne peut être analysé. Il est rare que les rapports d''erreurs soient corrompus. Cela peut être dû à des problèmes logiciels ou matériels et indique généralement un problème grave lié à votre ordinateur.

    a b 8 Sécurité
    27 Janvier 2008 19:11:43

    Tu peux faire un screen du raport d'erreur ?
    28 Janvier 2008 18:20:47

    salut
    j ai plus d erreur de rapport mais j ai l antivir qui indique
    c:\windows\mail.exe
    is the trojan horse
    tr\crypf.xpack.gen
    j ai toujours le meme soucis quand j allume
    a b 8 Sécurité
    28 Janvier 2008 18:31:59

    Tu as essayé de le supprimer manuellement ?
    28 Janvier 2008 18:47:08

    j ai recherche le fichier c:\windows\mail.exe il ne le trouve pas
    a b 8 Sécurité
    28 Janvier 2008 19:06:03

    Tu as essayé le scan en sans échec ?
    28 Janvier 2008 20:42:52

    oui je l ai essayé il y m a rien signalé
    j ai fais plusieurs demarrages et il fait la meme chose il se relance plusieurs fois mais il me marque rien
    conclusion c est au demarrage qu il deconne
    a b 8 Sécurité
    28 Janvier 2008 21:11:43

    Refais un scan Combofix pour voir.
    28 Janvier 2008 23:21:26

    voila le rapport
    ComboFix 08-01-23.1C - HP_Propriétaire 2008-01-28 23:14:59.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.103 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-26 14:00 . 2008-01-26 14:00 <REP> d-------- C:\Program Files\Avira
    2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
    2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
    2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
    2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
    2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
    2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
    2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
    2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
    2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
    2008-01-23 08:35 . 2008-01-23 08:35 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
    2008-01-22 19:44 . 2008-01-22 19:44 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
    2008-01-22 02:47 . 2008-01-22 02:47 3,776,774 --a------ C:\WINDOWS\zDbIAdp186.exe
    2008-01-22 00:47 . 2008-01-22 00:47 <REP> d-------- C:\WINDOWS\dlgvtdea
    2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
    2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-09 20:23 . 2008-01-28 20:10 <REP> d-------- C:\Program Files\lx_cats
    2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
    2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
    2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
    2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
    2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
    2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
    2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
    2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
    2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
    2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
    2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
    2008-01-19 08:55 --------- d-----w C:\Program Files\eMule
    2008-01-19 08:33 --------- d-----w C:\Program Files\Google
    2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
    2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_22.44.15.43 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-01-27 13:05:52 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "FlyAway"="" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
    "WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
    "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
    "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
    "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 14:05 249896]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
    S2 windows mail service;windows mail service;"C:\WINDOWS\mail.exe" []
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-28 21:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-01-28 21:47:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-28 23:17:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-28 23:18:40
    ComboFix-quarantined-files.txt 2008-01-28 22:18:36
    ComboFix2.txt 2008-01-28 22:13:59
    ComboFix3.txt 2008-01-25 21:50:11
    .
    2008-01-09 18:11:30 --- E O F ---
    a b 8 Sécurité
    29 Janvier 2008 12:21:33

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    Generic Host Process for Win-32 Service
    windows mail service

    Rootkit::
    C:\WINDOWS\system32\ztx86.sys
    C:\WINDOWS\svchost.exe
    C:\WINDOWS\mail.exe

    File::
    C:\WINDOWS\system32\fvelwow.sys
    C:\WINDOWS\zDbIAdp186.exe

    Folder::
    C:\WINDOWS\dlgvtdea

    Registry::


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    29 Janvier 2008 21:31:31

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:31:08, on 29/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
    O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

    --
    End of file - 7318 bytes
    29 Janvier 2008 21:32:25

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:31:08, on 29/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
    O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

    --
    End of file - 7318 bytes
    29 Janvier 2008 22:05:55

    tu m as dde un rapport d erreur voila ce qu il m affiche quand je l allume
    C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\WER4a7f.dir00\Mini012808-02.dmp
    C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\WER4a7f.dir00\sysdata.xml
    la signature d erreur
    BCCode : 1000007f BCP1 : 00000008 BCP2 : 80042000 BCP3 : 00000000
    BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1
    voila les dernieres info
    a b 8 Sécurité
    30 Janvier 2008 13:26:38

    Euh...c'est pas le rapport Combofix...
    30 Janvier 2008 23:32:16

    les deux rapports qu tu m as dde sont au dessus et le dernier message c est le rapport d rreur quand je l allum
    30 Janvier 2008 23:36:44

    dsl je n avais pas vu que tu n avais pas le rapport de combix
    je te le fais part
    31 Janvier 2008 08:32:18

    ComboFix 08-01-23.1C - HP_Propriétaire 2008-01-31 8:05:31.9 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.82 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-29 21:52 . 2008-01-29 21:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-26 14:00 . 2008-01-26 14:00 <REP> d-------- C:\Program Files\Avira
    2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
    2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
    2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
    2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
    2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
    2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
    2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
    2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
    2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
    2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
    2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-09 20:23 . 2008-01-31 08:01 <REP> d-------- C:\Program Files\lx_cats
    2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
    2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
    2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
    2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
    2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
    2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
    2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
    2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
    2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-29 20:53 --------- d-----w C:\Program Files\Lavasoft
    2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
    2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
    2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
    2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
    2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
    2008-01-19 08:55 --------- d-----w C:\Program Files\eMule
    2008-01-19 08:33 --------- d-----w C:\Program Files\Google
    2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
    2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-11 06:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-11 06:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_22.44.15.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 21:31:24 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-01-29 17:11:18 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-25 21:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-01-29 17:11:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-25 21:31:25 3,850,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-01-29 17:11:19 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-25 21:31:25 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-01-29 17:11:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-25 21:31:25 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-01-29 17:11:19 3,850,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-25 21:31:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-01-29 17:11:19 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-01-27 13:05:52 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    + 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    + 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "FlyAway"="" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
    "WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
    "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
    "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
    "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 14:05 249896]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S1 fvelwow;fvelwow;C:\WINDOWS\system32\fvelwow.sys []
    S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-30 06:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-01-30 06:47:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-31 08:08:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-01-31 8:09:40
    ComboFix-quarantined-files.txt 2008-01-31 07:09:30
    ComboFix2.txt 2008-01-29 17:29:16
    ComboFix3.txt 2008-01-29 17:07:29
    ComboFix4.txt 2008-01-28 22:18:41
    ComboFix5.txt 2008-01-28 22:13:59
    .
    2008-01-09 18:11:30 --- E O F ---
    a b 8 Sécurité
    31 Janvier 2008 18:24:06

    Tu as bien fait ce que j'ai avec CFScript ?
    1 Février 2008 16:47:00

    oui j ai fais un copier coller
    a b 8 Sécurité
    1 Février 2008 18:36:51

    Tu as enregistré le fichier texte pour le glisser dans combofix ?
    1 Février 2008 19:31:33

    oui si tu ve je peux recomencer
    a b 8 Sécurité
    2 Février 2008 12:22:21

    Oui :) 
    5 Février 2008 18:35:59

    ComboFix 08-01-23.1C - HP_Propriétaire 2008-02-05 18:22:11.10 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.136 [GMT 1:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    FILE
    C:\WINDOWS\system32\fvelwow.sys
    C:\WINDOWS\zDbIAdp186.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ztx86.sys

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-01 18:45 . 2008-02-01 18:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-01 18:45 . 2008-02-01 18:45 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-29 21:52 . 2008-01-29 21:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-26 14:00 . 2008-01-26 14:00 <REP> d-------- C:\Program Files\Avira
    2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
    2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
    2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
    2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
    2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
    2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
    2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
    2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
    2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
    2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
    2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
    2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
    2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
    2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-01-09 20:23 . 2008-02-05 18:00 <REP> d-------- C:\Program Files\lx_cats
    2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
    2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
    2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
    2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
    2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
    2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
    2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
    2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
    2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
    2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
    2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-02 08:44 --------- d-----w C:\Program Files\eMule
    2008-01-29 20:53 --------- d-----w C:\Program Files\Lavasoft
    2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
    2008-01-19 08:33 --------- d-----w C:\Program Files\Google
    2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
    2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-25_22.44.15.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-25 21:31:24 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    + 2008-02-05 17:21:54 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
    - 2008-01-25 21:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    + 2008-02-05 17:21:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
    - 2008-01-25 21:31:25 3,850,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    + 2008-02-05 17:21:55 3,874,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
    - 2008-01-25 21:31:25 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    + 2008-02-05 17:21:55 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
    - 2008-01-25 21:31:25 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    + 2008-02-05 17:21:55 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
    - 2008-01-25 21:31:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2008-02-05 17:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-01-27 13:05:52 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
    + 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    + 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    + 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "FlyAway"="" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
    "HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
    "WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
    "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
    "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
    "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
    "LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 14:05 249896]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S1 fvelwow;fvelwow;C:\WINDOWS\system32\fvelwow.sys []
    S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-05 07:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2008-02-05 06:47:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    5 Février 2008 18:36:46

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:34, on 2008-02-05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\lxcrcoms.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
    O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
    O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

    --
    End of file - 7432 bytes
    7 Février 2008 18:19:06

    pourquoi il n y a plus de reponse................... a ma suite
    8 Février 2008 14:19:41

    MERCI POUR LES REPONSES
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS