Se connecter / S'enregistrer
Votre question

Adware-gen et RJump-B

Tags :
  • Adware
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Janvier 2008 15:31:13

Bonjour à tous et meilleurs voeux,
Je cherche à me débarasser des bestioles suivantes : Adware-gen et RJump-B. Elles ont été détectées par Avast et mises en quarantaine. Voici le rapport d'HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:57, on 07/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
D:\Mes documents\telechargement\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)--
End of file - 11644 bytes
ci

Merci de votre aide.

Autres pages sur : adware gen rjump

a b 8 Sécurité
7 Janvier 2008 18:00:10

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    7 Janvier 2008 19:09:47

    Bonsoir et merci de votre aide,
    Voici le rapport de Combofix...

    ComboFix 08-01-08.2 - Tof et So 2008-01-08 14:04:40.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.153 [GMT 1:00]
    Running from: D:\Mes documents\telechargement\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-07 13:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-06 19:51 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-06 19:51 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-06 19:51 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-06 19:50 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-06 19:50 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-06 19:50 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-01-06 19:50 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-06 19:50 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-06 08:24 . 2008-01-08 14:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-06 08:24 . 2008-01-08 14:01 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-29 10:30 . 2007-12-29 10:30 <REP> d--hs---- C:\FOUND.019
    2007-12-28 13:55 . 2007-12-28 13:55 <REP> d--hs---- C:\FOUND.018
    2007-12-25 06:27 . 2007-12-25 06:27 <REP> d--hs---- C:\FOUND.017
    2007-12-24 12:30 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
    2007-12-24 12:29 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-12-24 12:28 . 2007-12-24 12:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-12-23 18:57 . 2007-12-23 18:57 <REP> d--hs---- C:\FOUND.016
    2007-12-23 10:20 . 2007-12-23 11:53 3,108 --a------ C:\WINDOWS\PASSPORT
    2007-12-16 13:03 . 2007-12-16 13:03 <REP> d--hs---- C:\FOUND.015
    2007-12-16 12:42 . 2007-12-16 14:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-12-14 06:25 . 2008-01-08 14:01 0 --------- C:\WINDOWS\system32\eRLog.ini
    2007-12-12 06:35 . 2007-12-12 06:35 118 --a------ C:\WINDOWS\system32\MRT.INI
    2007-12-11 23:35 . 2007-12-11 23:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2007-12-11 23:35 . 2007-12-11 23:35 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2007-12-11 23:35 . 2007-12-11 23:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2007-12-11 23:32 . 2007-12-11 23:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-12-11 23:32 . 2007-12-11 23:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-11 23:32 . 2007-12-11 23:32 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2007-12-11 23:32 . 2007-12-11 23:32 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2007-12-11 08:15 . 2007-12-11 08:15 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-11 04:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-11 04:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-12-11 04:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-10 19:50 . 2007-12-10 19:50 <REP> d-------- C:\Program Files\Windows Live
    2007-12-10 19:50 . 2007-12-10 19:50 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-10 19:50 . 2007-12-10 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-09 17:05 . 2007-12-09 17:05 <REP> d-------- C:\Sight_Training_EUR_NDS-XPA

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-08 13:04 --------- d-----w C:\Documents and Settings\Tof et So\Application Data\Skype
    2008-01-08 12:59 --------- d-----w C:\Documents and Settings\Tof et So\Application Data\skypePM
    2008-01-06 18:47 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9693.sys
    2007-12-30 08:42 3,464 ----a-w C:\Documents and Settings\Tof et So\Application Data\wklnhst.dat
    2007-12-11 22:34 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-12-07 17:08 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-12-07 17:07 59,223 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2007-12-07 17:06 79,875 ----a-w C:\WINDOWS\system32\adssite-remove.exe
    2007-12-07 17:06 --------- d-----w C:\Program Files\Adssite Games Collection
    2007-12-05 05:33 --------- d-----w C:\Program Files\LimeWire
    2007-12-05 05:33 --------- d-----w C:\Documents and Settings\Tof et So\Application Data\LimeWire
    2007-12-03 21:55 --------- d-----w C:\Program Files\eMule
    2007-12-03 17:12 282,624 ----a-w C:\WINDOWS\system32\adssite_sidebar.dll
    2007-12-03 14:31 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-03 14:29 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-03 11:49 --------- d-----w C:\Program Files\Microsoft LifeCam
    2007-12-02 05:50 --------- d-----w C:\Program Files\Photo Service Edition
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:49 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:49 6,065,664 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:49 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:49 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:49 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:49 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:01 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 10:59 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2006-09-06 12:28 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-08_14.00.14.12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-08 13:02:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_920.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-03 18:12 282624 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    2007-10-17 13:53 57384 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe" [ ]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-16 12:36 21760296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07 32768]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 15:39 110592]
    "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-06-21 15:28 425984]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
    "nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
    "eCarteBleue-CLEO"="C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" [2006-02-07 10:07 200704]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-10 16:18 77824]
    "PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-09-28 09:31 655360]
    "SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]
    "P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "PowerDVD"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" [2004-08-27 01:08 430080]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 21:14 57344]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "VX1000"="C:\WINDOWS\vVX1000.exe" [2006-12-06 00:38 707360]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
    "fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-10-17 13:53 243240]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 04:11]
    R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
    R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
    R2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-10-17 13:53]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
    R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 00:39]
    R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys [2003-08-10 07:17]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\Auto\command - RavMonE.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \Shell\Auto\command - L:\RavMonE.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-03 17:13:24 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
    - E:\setup.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-08 14:05:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-08 14:05:58
    ComboFix-quarantined-files.txt 2008-01-08 13:05:50
    ComboFix2.txt 2008-01-08 13:00:29
    .
    2007-12-12 05:50:02 --- E O F ---
    Contenus similaires
    8 Janvier 2008 12:31:35

    Bonjour,
    Suivant vos instructions, voici le rapport d'AntiVir :

    AntiVir PersonalEdition Classic
    Report file date: mercredi 9 janvier 2008 06:38

    Scanning for 1005505 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ACER-E3B0141A93

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 05:37:49
    ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 05:37:49
    ANTIVIR3.VDF : 7.0.1.203 152576 Bytes 08/01/2008 05:37:49
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 09/01/2008 05:37:50
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 09/01/2008 05:37:50
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 9 janvier 2008 06:38

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'skypePM.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'UAService7.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'fssui.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'fsssvc.exe' - '1' Module(s) have been scanned
    Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
    Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned
    Scan process 'PowerDVD.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
    Scan process 'DeviceManager.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
    Scan process 'ECB-CLEO.exe' - '1' Module(s) have been scanned
    Scan process 'MediaSync.exe' - '1' Module(s) have been scanned
    Scan process 'AspireService.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned
    Scan process 'MediaServerService.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    54 processes with 54 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '39' files ).


    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\Ubisoft\Open Season\System\PatchFX.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
    [INFO] The file was moved to '47f86606.qua'!
    C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP513\A0210992.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Small.bws.20
    [INFO] The file was moved to '47b665f0.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd9693.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <ACERDATA>


    End of the scan: mercredi 9 janvier 2008 07:27
    Used time: 48:47 min

    The scan has been done completely.

    5670 Scanning directories
    304405 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    304403 Files not concerned
    7177 Archives were scanned
    4 Warnings
    38 Notes

    8 Janvier 2008 21:18:59

    Please, help !
    a b 8 Sécurité
    8 Janvier 2008 21:42:40

    De la patience ?
    Reposte un rapport Hijackthis.
    8 Janvier 2008 21:48:02

    Bonsoir,
    Oui, de la patience, ... Dsl...
    Voici le rapport :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:46:07, on 09/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\WINDOWS\vVX1000.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\internet explorer\iexplore.exe
    D:\Mes documents\telechargement\HiJackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D74A5DFA-7731-4CC8-8E72-A74CCEE253B0}: NameServer = 217.175.160.11 217.175.160.12
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)

    --
    End of file - 11931 bytes
    8 Janvier 2008 21:58:06

    Oui, je viens de le dézipper.
    a b 8 Sécurité
    8 Janvier 2008 22:03:06

    Lance Kill.cmd :) 
    8 Janvier 2008 22:21:15

    Voilà, c'est fait.
    a b 8 Sécurité
    9 Janvier 2008 13:16:58

    Le rapport ? C:\kill.txt ?
    9 Janvier 2008 14:15:53

    Bonjour,
    Voici le rapport :

    C:\WINDOWS\system32\adssite_sidebar.dll - Trouve !
    C:\WINDOWS\system32\adssite_sidebar.dll - Erreur de Suppression !
    ----------
    C:\WINDOWS\system32\gzmrt.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\nsoC6.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\nss131.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\gzmrotate.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\adssite_sidebar_uninstall.exe - Trouve !
    C:\WINDOWS\system32\adssite_sidebar_uninstall.exe - Supprime !
    ----------
    C:\WINDOWS\system32\adssite-remove.exe n'existe pas !
    ----------
    C:\WINDOWS\system32\adssite_sidebar.dll - Trouve !
    C:\WINDOWS\system32\adssite_sidebar.dll - Supprime !
    ----------
    C:\WINDOWS\system32\gzmrt.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\nsoC6.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\nss131.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\gzmrotate.dll n'existe pas !
    ----------
    C:\WINDOWS\system32\adssite_sidebar_uninstall.exe n'existe pas !
    ----------
    C:\WINDOWS\system32\adssite-remove.exe n'existe pas !
    ----------
    a b 8 Sécurité
    9 Janvier 2008 14:44:57

    Reposte un rapport Hijackthis.
    9 Janvier 2008 14:48:28

    Voilà :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:47:13, on 10/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Acer\eRecovery\Monitor.exe
    C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    D:\Mes documents\telechargement\HiJackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D74A5DFA-7731-4CC8-8E72-A74CCEE253B0}: NameServer = 217.175.160.11 217.175.160.12
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Gateway\wlancfg.exe (file missing)

    --
    End of file - 9733 bytes
    a b 8 Sécurité
    9 Janvier 2008 15:01:39

    C'est mieux ?
    9 Janvier 2008 15:17:07

    Pas franchement,
    Explorer.exe plante régulièrement. Je rencontre des difficultés à accéder aux fichiers m'obligeant au Ctrl+Alt+Sup. La bécane ralentit de plus en plus.
    a b 8 Sécurité
    9 Janvier 2008 15:38:19

    Pas forcément un virus.

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    9 Janvier 2008 16:09:40

    Voilà :

    ComboFix 08-01-08.2 - Tof et So 2008-01-10 10:53:44.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.90 [GMT 1:00]
    Running from: D:\Mes documents\telechargement\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-09 23:05 . 2008-01-09 23:05 176 --a------ C:\WINDOWS\wininit.ini
    2008-01-09 19:24 . 2008-01-09 19:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-09 19:09 . 2008-01-09 19:09 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-09 19:08 . 2008-01-09 19:09 <REP> d-------- C:\Program Files\CCleaner
    2008-01-09 11:29 . 2008-01-10 10:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-09 11:28 . 2008-01-09 20:06 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-01-09 11:28 . 2008-01-09 11:28 <REP> d-------- C:\Documents and Settings\Tof et So\Application Data\PC Tools
    2008-01-09 11:28 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-01-09 11:28 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-09 11:28 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-09 11:28 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-09 11:28 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-09 11:23 . 2008-01-09 12:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-01-08 19:50 . 2008-01-08 19:50 <REP> d-------- C:\Program Files\Avira
    2008-01-08 19:50 . 2008-01-08 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-07 13:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-06 19:51 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-06 19:50 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-12-29 10:30 . 2007-12-29 10:30 <REP> d--hs---- C:\FOUND.019
    2007-12-28 13:55 . 2007-12-28 13:55 <REP> d--hs---- C:\FOUND.018
    2007-12-25 06:27 . 2007-12-25 06:27 <REP> d--hs---- C:\FOUND.017
    2007-12-24 12:30 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
    2007-12-24 12:29 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-12-24 12:28 . 2007-12-24 12:28 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-12-23 18:57 . 2007-12-23 18:57 <REP> d--hs---- C:\FOUND.016
    2007-12-23 10:20 . 2007-12-23 11:53 3,108 --a------ C:\WINDOWS\PASSPORT
    2007-12-16 13:03 . 2007-12-16 13:03 <REP> d--hs---- C:\FOUND.015
    2007-12-16 12:42 . 2007-12-16 14:42 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2007-12-14 06:25 . 2008-01-10 00:00 0 --------- C:\WINDOWS\system32\eRLog.ini
    2007-12-12 06:35 . 2007-12-12 06:35 118 --a------ C:\WINDOWS\system32\MRT.INI
    2007-12-11 23:35 . 2007-12-11 23:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
    2007-12-11 23:35 . 2007-12-11 23:35 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm
    2007-12-11 23:35 . 2007-12-11 23:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
    2007-12-11 23:32 . 2007-12-11 23:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
    2007-12-11 23:32 . 2007-12-11 23:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-12-11 23:32 . 2007-12-11 23:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-12-11 23:32 . 2007-12-11 23:32 8,835 --a------ C:\WINDOWS\system32\dpufr.qm
    2007-12-11 23:32 . 2007-12-11 23:32 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm
    2007-12-11 08:15 . 2007-12-11 08:15 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-11 04:50 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-11 04:50 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-12-11 04:50 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-10 19:50 . 2007-12-10 19:50 <REP> d-------- C:\Program Files\Windows Live
    2007-12-10 19:50 . 2007-12-10 19:50 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-10 19:50 . 2007-12-10 19:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-09 22:06 --------- d-----w C:\Program Files\Ripp-it_AM
    2008-01-09 22:06 --------- d-----w C:\Program Files\Photo Service Edition
    2008-01-09 22:04 --------- d-----w C:\Program Files\Micro Application
    2008-01-09 22:04 --------- d-----w C:\Program Files\Google
    2008-01-09 22:02 --------- d-----w C:\Program Files\Steam
    2008-01-09 22:02 --------- d-----w C:\Program Files\Click'N Design 3D (V5)
    2008-01-09 21:57 --------- d-----w C:\Program Files\Ubisoft
    2008-01-09 21:57 --------- d-----w C:\Documents and Settings\Tof et So\Application Data\Gearbox Software
    2008-01-09 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-09 21:36 --------- d-----w C:\Documents and Settings\Tof et So\Application Data\Skype
    2008-01-09 16:09 --------- d-----w C:\Documents and Settings\Tof et So\Application Data\skypePM
    2008-01-09 05:30 --------- d-----w C:\Program Files\Alwil Software
    2008-01-08 18:56 --------- d-----w C:\Documents and Settings\Tof et So\Application Data\LimeWire
    2008-01-06 18:47 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9693.sys
    2007-12-30 08:42 3,464 ----a-w C:\Documents and Settings\Tof et So\Application Data\wklnhst.dat
    2007-12-11 22:34 43,528 ----a-w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-12-11 22:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-12-11 22:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-12-11 22:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-12-11 22:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-12-11 22:33 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-12-11 22:33 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-12-05 05:33 --------- d-----w C:\Program Files\LimeWire
    2007-12-03 21:55 --------- d-----w C:\Program Files\eMule
    2007-12-03 14:31 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-12-03 14:29 --------- d-----w C:\Program Files\Fichiers communs\Skype
    2007-12-03 11:49 --------- d-----w C:\Program Files\Microsoft LifeCam
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:49 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:49 6,065,664 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:49 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:49 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:49 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:49 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:01 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 10:59 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2006-09-06 12:28 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-08_14.00.14.12 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-12 08:31:48 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
    + 2008-01-09 22:10:50 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A81000000003}\SC_Reader.exe
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-01-09 05:37:51 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    - 2006-04-20 12:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    - 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
    - 2007-12-25 05:32:10 53,832 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-01-09 10:29:55 53,832 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-12-25 05:32:10 65,034 ----a-w C:\WINDOWS\system32\perfc00C.dat
    + 2008-01-09 10:29:55 65,034 ----a-w C:\WINDOWS\system32\perfc00C.dat
    - 2007-12-25 05:32:10 382,088 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-01-09 10:29:55 382,088 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-12-25 05:32:10 447,278 ----a-w C:\WINDOWS\system32\perfh00C.dat
    + 2008-01-09 10:29:55 447,278 ----a-w C:\WINDOWS\system32\perfh00C.dat
    - 2004-08-05 04:00:00 12,288 ----a-w C:\WINDOWS\system32\regsvr32.exe
    + 2004-08-05 06:00:00 12,288 ----a-w C:\WINDOWS\system32\regsvr32.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
    2007-10-17 13:53 57384 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03 352256]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-21 15:39 110592]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
    "nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
    "P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "VX1000"="C:\WINDOWS\vVX1000.exe" [2006-12-06 00:38 707360]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-09 06:37 249896]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 04:11]
    R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
    R2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-10-17 13:53]
    R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
    R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 00:39]
    R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys [2003-08-10 07:17]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\Auto\command - RavMonE.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
    \Shell\Auto\command - L:\RavMonE.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-03 17:13:24 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_setup_exe.job"
    - E:\setup.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-10 10:55:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-10 10:57:16
    ComboFix-quarantined-files.txt 2008-01-10 09:57:12
    ComboFix2.txt 2008-01-08 13:00:29
    .
    2008-01-09 17:18:10 --- E O F ---
    a b 8 Sécurité
    9 Janvier 2008 16:10:23

    Rien de bien méchant.
    11 Janvier 2008 11:22:28

    Bonjour,
    Un seul mot : merci.
    Tout à l'air d'être rentré dans l'ordre.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS