Votre question

Impossible d'utiliser Google!!! Help [Résolu]

Tags :
  • google
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Janvier 2008 18:26:52

Bonjour,

Voici mon problème, je ne peux plus utiliser google ou meme yahoo, car a chaque fois que je fais une recherche, je suis redirigez vers d'autre site merdique..

Mais le plus souvent c'est marqué search-daily ou encore un truck genre Bankregister

Enfin que des truc inutile et je peux plus faire de recherche..

Je vous ai posté le rapport HiJackThis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:26:31, on 02.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nssB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 212.247.152.6 193.12.150.6
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7615 bytes

Merci de votre aide..

Autres pages sur : impossible utiliser google help resolu

a b 8 Sécurité
2 Janvier 2008 18:28:27

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    2 Janvier 2008 18:44:52

    Voici le rapport, c'est qqch d'assez long! Faut etre expert pour comprendre qqch lol!

    Mais merci bcp c'est super sympa..

    ComboFix 08-01-02.1 - Stephane 2008-01-02 18:36:45.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT 1:00]
    Running from: C:\Documents and Settings\Stephane\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Michel\Bureau\movieland terms.lnk
    C:\Documents and Settings\Michel\Bureau\movieland.url
    C:\Program Files\knoxgfmh
    C:\Program Files\knoxgfmh\khqvozyn.dll
    C:\Program Files\mediapipe
    C:\Program Files\mediapipe\Agent.dll
    C:\Program Files\mediapipe\api.exe
    C:\Program Files\mediapipe\install.log
    C:\Program Files\mediapipe\MediaPipe.ini
    C:\Program Files\mediapipe\p2pinst.exe
    C:\Program Files\mediapipe\p2pl.exe
    C:\WINDOWS\system32\nssB.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-02 18:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-31 18:02 . 2007-12-31 18:02 <REP> d-------- C:\Program Files\AxBx
    2007-12-27 20:05 . 2007-12-27 20:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2007-12-27 19:55 . 2007-12-27 19:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2007-12-27 19:54 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-27 19:47 . 2007-12-27 19:47 <REP> d----c--- C:\VundoFix Backups
    2007-12-27 18:03 . 19,456 C:\WINDOWS\system32\drivers\pzikyexx.dat
    2007-12-27 18:01 . 2007-12-27 18:01 <REP> d-------- C:\Program Files\Dcads Games Collection
    2007-12-27 18:01 . 2003-04-24 13:00 84,992 --a------ C:\WINDOWS\system32\avmete.dll
    2007-12-27 18:01 . 2007-12-27 21:11 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
    2007-12-27 18:01 . 2007-12-27 18:10 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
    2007-12-27 18:01 . 2007-12-27 18:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
    2007-12-27 14:58 . 2007-12-27 15:00 16,826 --ah----- C:\WINDOWS\system32\brdiag.GID
    2007-12-27 14:53 . 2007-12-27 14:54 <REP> d-------- C:\Program Files\Brother
    2007-12-27 14:29 . 2007-12-27 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-27 14:29 . 2007-12-27 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-24 14:07 . 2007-12-24 14:07 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
    2007-12-17 12:51 . 2000-09-14 01:00 77,824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
    2007-12-17 12:51 . 2002-09-19 00:00 73,728 --a------ C:\WINDOWS\system32\brrbtool.exe
    2007-12-17 12:51 . 2007-12-27 14:55 13,109 --a------ C:\WINDOWS\HL-1430.INI
    2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
    2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
    2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
    2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
    2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
    2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
    2007-12-10 22:27 . 2007-12-10 22:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
    2007-12-05 17:32 . 2007-12-05 17:32 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
    2007-12-05 17:26 . 2007-12-27 14:55 <REP> d-------- C:\Program Files\Brownie
    2007-12-05 17:25 . 2007-12-05 17:25 <REP> d-------- C:\Documents and Settings\Stephane\WINDOWS
    2007-12-05 17:25 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-05 17:14 . 2003-07-31 02:05 642,944 --------- C:\WINDOWS\system32\drivers\CnxEtU.sys
    2007-12-05 17:14 . 2003-07-31 19:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
    2007-12-05 17:14 . 2002-08-05 22:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
    2007-12-05 17:14 . 2001-10-02 22:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
    2007-12-05 17:14 . 2003-11-02 15:54 108,675 --------- C:\WINDOWS\system32\drivers\CnxTgN.sys
    2007-12-05 17:14 . 2003-07-31 02:05 60,288 --------- C:\WINDOWS\system32\drivers\CnxEtP.sys
    2007-12-04 23:03 . 2007-12-04 23:03 <REP> d-------- C:\Program Files\EA GAMES
    2007-12-04 22:31 . 2007-12-04 22:31 <REP> dr-h-c--- C:\MSOCache
    2007-12-03 20:17 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-03 20:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-03 20:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-03 20:17 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-03 20:17 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-03 20:17 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-03 20:17 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-03 20:17 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-03 20:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-03 20:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-03 18:37 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage réseau
    2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage d'impression
    2007-12-03 17:58 . 2007-12-02 10:42 <REP> d--h----- C:\Documents and Settings\Michel\Modèles
    2007-12-03 17:58 . 2007-12-13 17:49 <REP> dr------- C:\Documents and Settings\Michel\Mes documents
    2007-12-03 17:58 . 2007-12-10 20:22 <REP> dr------- C:\Documents and Settings\Michel\Menu Démarrer
    2007-12-03 17:58 . 2007-12-13 21:20 <REP> dr------- C:\Documents and Settings\Michel\Favoris
    2007-12-03 17:58 . 2008-01-02 18:40 <REP> d-------- C:\Documents and Settings\Michel\Bureau
    2007-12-03 17:45 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-03 17:45 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-03 17:45 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
    2007-12-02 23:36 . 2007-12-02 23:36 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer
    2007-12-02 21:49 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-12-02 21:47 . 2004-08-19 16:09 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
    2007-12-02 21:47 . 2004-08-19 16:09 452,096 --a--c--- C:\WINDOWS\system32\dllcache\fxsapi.dll
    2007-12-02 21:47 . 2004-08-19 16:09 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
    2007-12-02 21:47 . 2004-08-19 16:09 143,360 --a--c--- C:\WINDOWS\system32\dllcache\fxsclnt.exe
    2007-12-02 21:47 . 2004-08-19 16:09 72,192 --a------ C:\WINDOWS\system32\fxscom.dll
    2007-12-02 21:47 . 2004-08-19 16:09 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fxscom.dll
    2007-12-02 21:43 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002090_.tmp
    2007-12-02 21:37 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    2007-12-02 21:37 . 2006-05-05 10:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
    2007-12-02 21:36 . 2006-08-14 11:34 332,928 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
    2007-12-02 21:34 . 2003-06-16 10:05 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
    2007-12-02 21:33 . 2006-05-19 14:23 112,128 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
    2007-12-02 21:33 . 2006-05-19 14:23 95,744 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
    2007-12-02 21:32 . 2006-08-25 16:51 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
    2007-12-02 21:31 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
    2007-12-02 21:02 . 2006-02-08 09:44 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
    2007-12-02 21:02 . 2006-06-07 10:07 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
    2007-12-02 21:02 . 2006-06-01 06:28 129,112 -ra------ C:\WINDOWS\system32\atiicdxx.dat
    2007-12-02 21:02 . 2005-10-14 03:10 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
    2007-12-02 21:02 . 2006-06-07 10:28 29,008 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
    2007-12-02 21:02 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-12-02 21:02 . 2006-05-31 14:34 6,126 -ra------ C:\WINDOWS\system32\atifglpf.xml
    2007-12-02 21:02 . 2006-02-08 09:44 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
    2007-12-02 20:57 . 2007-12-02 20:57 13,646 --a------ C:\WINDOWS\system32\wpa.bak
    2007-12-02 20:53 . 2007-12-31 15:48 49 --a------ C:\WINDOWS\NeroDigital.ini
    2007-12-02 20:51 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-12-02 20:51 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-12-02 20:51 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2007-12-02 20:51 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-12-02 20:51 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2007-12-02 20:51 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2007-12-02 20:51 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2007-12-02 20:41 . 2007-12-02 20:41 <REP> d-------- C:\Documents and Settings\Monique\Application Data\Ahead
    2007-12-02 20:35 . 2007-12-02 20:35 <REP> d-------- C:\Documents and Settings\Monique\Incomplete
    2007-12-02 20:35 . 2007-12-05 19:03 <REP> d-------- C:\Documents and Settings\Monique\Application Data\LimeWire
    2007-12-02 20:33 . 2007-12-02 20:33 <REP> d-------- C:\Documents and Settings\Stephane\Incomplete

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-27 18:26 --------- d-----w C:\Program Files\Tearoetn
    2007-12-10 21:29 --------- d-----w C:\Program Files\QuickTime
    2007-12-05 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-12-02 19:31 --------- d-----w C:\Program Files\Ahead
    2007-12-02 19:29 --------- d-----w C:\Program Files\Java
    2007-12-01 14:14 --------- d-----w C:\Program Files\PowerArchiver
    2007-12-01 13:45 --------- d-----w C:\Program Files\Vstep
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    2007-02-25 21:04 19,864 ----a-w C:\Documents and Settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-24 14:07 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2152777C-6D86-491D-A4F8-31B62DC3A483}]
    2003-04-24 13:00 84992 --a------ C:\WINDOWS\system32\avmete.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "CnxDslTaskBar"="C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 19:06 458752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 22:28 155648]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-27 19:55 6731312]
    "VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23 2618240]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    R0 wkhzyzbh;wkhzyzbh;C:\WINDOWS\system32\drivers\pzikyexx.dat []
    R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 02:05]
    R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 02:05]
    R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 15:54]
    S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]

    *Newly Created Service* - PROCEXP90
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-02 18:40:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-02 18:41:19
    ComboFix-quarantined-files.txt 2008-01-02 17:40:57
    .
    2007-12-12 13:17:28 --- E O F ---
    Contenus similaires
    3 Janvier 2008 17:21:28

    Re,

    Alors voici mon rapprt de antivir:

    AntiVir PersonalEdition Classic
    Report file date: jeudi 3 janvier 2008 15:39

    Scanning for 999937 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MENOUD

    Version information:
    BUILD.DAT : 270 15603 Bytes 19.09.2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.08.2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.08.2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14.08.2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21.08.2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14.12.2007 14:37:26
    ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28.12.2007 14:37:26
    ANTIVIR3.VDF : 7.0.1.190 81920 Bytes 03.01.2008 14:37:26
    AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 03.01.2008 14:37:27
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18.07.2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:16:24
    AVPACK32.DLL : 7.6.0.2 360488 Bytes 03.01.2008 14:37:27
    AVREG.DLL : 7.0.1.6 30760 Bytes 18.07.2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28.08.2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.07.2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07.08.2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.08.2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.07.2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 3 janvier 2008 15:39

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'VirusKeeper.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'BRSS01A.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'BRSVC01A.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    33 processes with 33 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '19' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Stephane\Application Data\Sun\Java\Deployment\cache\6.0\32\50c2ce60-3e23df66
    [0] Archive type: ZIP
    --> BnnnnBaa.class
    [DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
    --> VaannnaaBaa.class
    [DETECTION] Is the Trojan horse TR/ClassLoader
    [INFO] The file was moved to '47dff62a.qua'!
    C:\Documents and Settings\Stephane\Mes documents\Incomplete\T-158449152-fifa 2005 full game.zip
    [0] Archive type: ZIP SFX (self extracting)
    --> fifa.ace
    [1] Archive type: ACE
    --> data\feart\campaign\campaign.abg
    [WARNING] Error creating the file
    --> data\feart\common\common.abg
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\QooBox\Quarantine\C\Program Files\knoxgfmh\khqvozyn.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ee04bc.qua'!
    C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP57\A0011947.dll
    [DETECTION] Is the Trojan horse TR/Spy.Agent.208896
    [INFO] The file was moved to '47ad04a9.qua'!
    C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP58\A0011969.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47ad04ac.qua'!
    C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP64\A0012190.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47ad04da.qua'!
    C:\WINDOWS\system32\avmete.dll
    [DETECTION] Is the Trojan horse TR/BHO.agz.33
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    Begin scan in 'D:\'


    End of the scan: jeudi 3 janvier 2008 17:08
    Used time: 1:29:02 min

    The scan has been done completely.

    6000 Scanning directories
    432682 Files were scanned
    6 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    5 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    432676 Files not concerned
    1919 Archives were scanned
    5 Warnings
    8 Notes

    a b 8 Sécurité
    3 Janvier 2008 18:29:12

    Reposte un rapport Hijackthis.
    3 Janvier 2008 20:29:14

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 20:28:56, on 03.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
    O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ucqimxgwza] c:\windows\system32\ucqimxgwza.exe ucqimxgwza (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ibsagypmf] c:\windows\system32\ibsagypmf.exe ibsagypmf (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [zypxuiqa] c:\windows\system32\zypxuiqa.exe zypxuiqa (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ntslce] c:\windows\system32\ntslce.exe ntslce (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [yxdelcfatm] c:\windows\system32\yxdelcfatm.exe yxdelcfatm (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [djzbmhrqf] c:\windows\system32\djzbmhrqf.exe djzbmhrqf (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\RunServices: [virtual-machine] wini.exe (User 'Michel')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
    O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

    --
    End of file - 8999 bytes
    a b 8 Sécurité
    3 Janvier 2008 20:36:19

    Re,

    Télécharge Navilog1.exe (IL-MAFIOSO)
    Enregistre-le sur ton Bureau.
    Lance l'installation en double cliquant sur navilog.exe.
    Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
    (Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    [#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    3 Janvier 2008 21:07:38

    Voici le rapport!

    Search Navipromo version 3.3.8 commencé le 03.01.2008 à 20:54:47.82

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.13
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINDOWS ***



    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***




    *** Recherche dossiers dans "C:\Documents and Settings\Stephane\application data" ***


    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans "C:\Documents and Settings\Stephane\local settings\application data" *



    *** Recherche fichiers ***




    *** Recherche clés spécifiques dans le Registre ***


    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :


    * Dans "C:\Documents and Settings\Stephane\local settings\application data" :


    3)Recherche Certificats :

    Certificat Egroup absent !

    4)Recherche fichiers connus :



    *** Analyse terminée le 03.01.2008 à 21:04:31.46 ***
    a b 8 Sécurité
    3 Janvier 2008 21:10:58

    Tu peux utiliser la dernière version d'Hijackthis ?
    3 Janvier 2008 21:22:23



    Voila, je viens de la telecharger!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:21:48, on 03.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_i...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
    O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ucqimxgwza] c:\windows\system32\ucqimxgwza.exe ucqimxgwza (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ibsagypmf] c:\windows\system32\ibsagypmf.exe ibsagypmf (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [zypxuiqa] c:\windows\system32\zypxuiqa.exe zypxuiqa (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ntslce] c:\windows\system32\ntslce.exe ntslce (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [yxdelcfatm] c:\windows\system32\yxdelcfatm.exe yxdelcfatm (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [djzbmhrqf] c:\windows\system32\djzbmhrqf.exe djzbmhrqf (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\RunServices: [virtual-machine] wini.exe (User 'Michel')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 7587 bytes
    a b 8 Sécurité
    3 Janvier 2008 21:34:33

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
    O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ucqimxgwza] c:\windows\system32\ucqimxgwza.exe ucqimxgwza (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ibsagypmf] c:\windows\system32\ibsagypmf.exe ibsagypmf (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [zypxuiqa] c:\windows\system32\zypxuiqa.exe zypxuiqa (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ntslce] c:\windows\system32\ntslce.exe ntslce (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [yxdelcfatm] c:\windows\system32\yxdelcfatm.exe yxdelcfatm (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [djzbmhrqf] c:\windows\system32\djzbmhrqf.exe djzbmhrqf (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\RunServices: [virtual-machine] wini.exe (User 'Michel')


    Supprime :
    C:\WINDOWS\system32\dcads_sidebar.dll
    3 Janvier 2008 21:49:14

    Je pense que j'ai réussi ce que tu m'as demandé!

    Cependant, je ne suis pas parvenu a supprimer manuellement le fichier

    C:\WINDOWS\system32\dcads_sidebar.dll

    simplement pcq il n'existe plus! ou du moins introuvable dans le systeme mais apres le travail fait avec HiJackThis!

    Par contre, il y a encore ces deux fichier qui ressemble:

    C:\WINDOWS\system32\dcads_sidebar_uninstall

    C:\WINDOWS\system32\dcads-remove

    Bon j'y ai pas toucher par précaution..

    Et re-voisi un rapport! encore merci pour tout, tu est en train de me sauver!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:45:01, on 03.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_i...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 6171 bytes
    a b 8 Sécurité
    3 Janvier 2008 22:03:32

    Supprime les deux fichier puis fix cette ligne :
    O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
    3 Janvier 2008 22:25:09

    C'est bizarre le fichier que tu m'as demander de supprimer du rapport HiJackThis revient a chaque fois...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:24:17, on 03.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 6 pour HiJackThis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_i...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
    O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 6114 bytes
    a b 8 Sécurité
    3 Janvier 2008 22:38:30

    Tu as essayé en sans échec ?
    3 Janvier 2008 22:54:22

    je viens de le faire.. meme en sans échec il revient.. ou plutot ne s'efface pas..

    Pcq la procédure marche très bien mais dès que je fais un scan juste après et bien il est a nouveau la..

    Est-il très important comme fichier?

    a b 8 Sécurité
    3 Janvier 2008 22:59:30

    Ok, refais un scan Combofix.
    3 Janvier 2008 23:07:16

    ComboFix 08-01-02.1 - Stephane 2008-01-03 23:01:14.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.686 [GMT 1:00]
    Running from: C:\Documents and Settings\Stephane\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-03 23:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-03 20:53 . 2008-01-03 21:05 <REP> d-------- C:\Program Files\Navilog1
    2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Program Files\Avira
    2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2007-12-31 18:02 . 2007-12-31 18:02 <REP> d-------- C:\Program Files\AxBx
    2007-12-27 20:05 . 2007-12-27 20:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2007-12-27 19:55 . 2007-12-27 19:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2007-12-27 19:54 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-27 19:47 . 2007-12-27 19:47 <REP> d----c--- C:\VundoFix Backups
    2007-12-27 18:03 . 19,456 C:\WINDOWS\system32\drivers\pzikyexx.dat
    2007-12-27 18:01 . 2007-12-27 18:01 <REP> d-------- C:\Program Files\Dcads Games Collection
    2007-12-27 18:01 . 2007-12-27 18:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
    2007-12-27 14:58 . 2007-12-27 15:00 16,826 --ah----- C:\WINDOWS\system32\brdiag.GID
    2007-12-27 14:53 . 2007-12-27 14:54 <REP> d-------- C:\Program Files\Brother
    2007-12-27 14:29 . 2007-12-27 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-27 14:29 . 2007-12-27 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-17 12:51 . 2000-09-14 01:00 77,824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
    2007-12-17 12:51 . 2002-09-19 00:00 73,728 --a------ C:\WINDOWS\system32\brrbtool.exe
    2007-12-17 12:51 . 2007-12-27 14:55 13,109 --a------ C:\WINDOWS\HL-1430.INI
    2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
    2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
    2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
    2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
    2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
    2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
    2007-12-10 22:27 . 2007-12-10 22:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
    2007-12-05 17:32 . 2007-12-05 17:32 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
    2007-12-05 17:26 . 2007-12-27 14:55 <REP> d-------- C:\Program Files\Brownie
    2007-12-05 17:25 . 2007-12-05 17:25 <REP> d-------- C:\Documents and Settings\Stephane\WINDOWS
    2007-12-05 17:25 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-05 17:14 . 2003-07-31 02:05 642,944 --------- C:\WINDOWS\system32\drivers\CnxEtU.sys
    2007-12-05 17:14 . 2003-07-31 19:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
    2007-12-05 17:14 . 2002-08-05 22:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
    2007-12-05 17:14 . 2001-10-02 22:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
    2007-12-05 17:14 . 2003-11-02 15:54 108,675 --------- C:\WINDOWS\system32\drivers\CnxTgN.sys
    2007-12-05 17:14 . 2003-07-31 02:05 60,288 --------- C:\WINDOWS\system32\drivers\CnxEtP.sys
    2007-12-04 23:03 . 2007-12-04 23:03 <REP> d-------- C:\Program Files\EA GAMES
    2007-12-04 22:31 . 2007-12-04 22:31 <REP> dr-h-c--- C:\MSOCache
    2007-12-03 20:17 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-03 20:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-03 20:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-03 20:17 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-03 20:17 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-03 20:17 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-03 20:17 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-03 20:17 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-03 20:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-03 20:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-03 18:37 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage réseau
    2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage d'impression
    2007-12-03 17:58 . 2007-12-02 10:42 <REP> d--h----- C:\Documents and Settings\Michel\Modèles
    2007-12-03 17:58 . 2007-12-13 17:49 <REP> dr------- C:\Documents and Settings\Michel\Mes documents
    2007-12-03 17:58 . 2007-12-10 20:22 <REP> dr------- C:\Documents and Settings\Michel\Menu Démarrer
    2007-12-03 17:58 . 2007-12-13 21:20 <REP> dr------- C:\Documents and Settings\Michel\Favoris
    2007-12-03 17:58 . 2008-01-02 18:40 <REP> d-------- C:\Documents and Settings\Michel\Bureau
    2007-12-03 17:45 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-03 17:45 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-03 17:45 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-27 18:26 --------- d-----w C:\Program Files\Tearoetn
    2007-12-27 16:30 --------- d-----w C:\Documents and Settings\Stephane\Application Data\LimeWire
    2007-12-10 21:29 --------- d-----w C:\Program Files\QuickTime
    2007-12-05 18:03 --------- d-----w C:\Documents and Settings\Monique\Application Data\LimeWire
    2007-12-05 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-02 19:41 --------- d-----w C:\Documents and Settings\Monique\Application Data\Ahead
    2007-12-02 19:31 --------- d-----w C:\Program Files\Ahead
    2007-12-02 19:29 --------- d-----w C:\Program Files\Java
    2007-12-01 14:14 --------- d-----w C:\Program Files\PowerArchiver
    2007-12-01 13:45 --------- d-----w C:\Program Files\Vstep
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
    2007-02-25 21:04 19,864 ----a-w C:\Documents and Settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( snapshot@2008-01-02_18.40.41.10 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-27 14:15:14 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-01-02 18:51:47 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2007-12-27 14:15:14 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-01-02 18:51:48 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2007-12-27 14:15:14 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-01-02 18:51:48 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2007-12-27 14:15:14 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-01-02 18:51:47 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2007-12-27 14:15:14 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-01-02 18:51:48 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2007-12-27 14:15:14 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-01-02 18:51:48 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2007-12-27 14:15:14 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-01-02 18:51:49 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2007-12-27 14:15:14 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-01-02 18:51:49 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2007-12-27 14:15:14 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-01-02 18:51:47 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2007-12-27 14:15:14 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-01-02 18:51:47 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2007-12-27 14:15:14 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-01-02 18:51:49 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2007-12-27 14:15:14 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-01-02 18:51:47 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2007-12-27 14:15:13 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-01-02 18:51:46 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-01-03 14:24:58 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
    + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-01-03 14:37:27 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2152777C-6D86-491D-A4F8-31B62DC3A483}]
    C:\WINDOWS\system32\avmete.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "CnxDslTaskBar"="C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 19:06 458752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 22:28 155648]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-27 19:55 6731312]
    "VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23 2618240]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    R0 wkhzyzbh;wkhzyzbh;C:\WINDOWS\system32\drivers\pzikyexx.dat []
    R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 02:05]
    R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 02:05]
    R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 15:54]
    S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-03 23:04:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-03 23:05:18
    ComboFix-quarantined-files.txt 2008-01-03 22:05:02
    ComboFix2.txt 2008-01-02 17:41:20
    .
    2007-12-12 13:17:28 --- E O F ---
    a b 8 Sécurité
    3 Janvier 2008 23:08:47

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Driver::
    wkhzyzbh

    File::
    C:\WINDOWS\system32\drivers\pzikyexx.dat
    C:\WINDOWS\system32\avmete.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2152777C-6D86-491D-A4F8-31B62DC3A483}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    3 Janvier 2008 23:21:31

    alors la, je suis bluffé.. je comprend pas tout je doit dire mais je crois qu'il est parti..

    HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:18:56, on 03.01.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

    --
    End of file - 5233 bytes


    Combofix:

    ComboFix 08-01-02.1 - Stephane 2008-01-03 23:11:42.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.650 [GMT 1:00]
    Running from: C:\Documents and Settings\Stephane\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Stephane\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\avmete.dll
    C:\WINDOWS\system32\drivers\pzikyexx.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\pzikyexx.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_WKHZYZBH
    -------\wkhzyzbh


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-03 23:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-03 20:53 . 2008-01-03 21:05 <REP> d-------- C:\Program Files\Navilog1
    2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Program Files\Avira
    2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2007-12-31 18:02 . 2007-12-31 18:02 <REP> d-------- C:\Program Files\AxBx
    2007-12-27 20:05 . 2007-12-27 20:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
    2007-12-27 19:55 . 2007-12-27 19:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2007-12-27 19:54 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-27 19:47 . 2007-12-27 19:47 <REP> d----c--- C:\VundoFix Backups
    2007-12-27 18:01 . 2007-12-27 18:01 <REP> d-------- C:\Program Files\Dcads Games Collection
    2007-12-27 18:01 . 2007-12-27 18:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
    2007-12-27 14:58 . 2007-12-27 15:00 16,826 --ah----- C:\WINDOWS\system32\brdiag.GID
    2007-12-27 14:53 . 2007-12-27 14:54 <REP> d-------- C:\Program Files\Brother
    2007-12-27 14:29 . 2007-12-27 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-27 14:29 . 2007-12-27 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-17 12:51 . 2000-09-14 01:00 77,824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
    2007-12-17 12:51 . 2002-09-19 00:00 73,728 --a------ C:\WINDOWS\system32\brrbtool.exe
    2007-12-17 12:51 . 2007-12-27 14:55 13,109 --a------ C:\WINDOWS\HL-1430.INI
    2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
    2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
    2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
    2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
    2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
    2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
    2007-12-10 22:27 . 2007-12-10 22:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
    2007-12-05 17:32 . 2007-12-05 17:32 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
    2007-12-05 17:26 . 2007-12-27 14:55 <REP> d-------- C:\Program Files\Brownie
    2007-12-05 17:25 . 2007-12-05 17:25 <REP> d-------- C:\Documents and Settings\Stephane\WINDOWS
    2007-12-05 17:25 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
    2007-12-05 17:14 . 2003-07-31 02:05 642,944 --------- C:\WINDOWS\system32\drivers\CnxEtU.sys
    2007-12-05 17:14 . 2003-07-31 19:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
    2007-12-05 17:14 . 2002-08-05 22:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
    2007-12-05 17:14 . 2001-10-02 22:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
    2007-12-05 17:14 . 2003-11-02 15:54 108,675 --------- C:\WINDOWS\system32\drivers\CnxTgN.sys
    2007-12-05 17:14 . 2003-07-31 02:05 60,288 --------- C:\WINDOWS\system32\drivers\CnxEtP.sys
    2007-12-04 23:03 . 2007-12-04 23:03 <REP> d-------- C:\Program Files\EA GAMES
    2007-12-04 22:31 . 2007-12-04 22:31 <REP> dr-h-c--- C:\MSOCache
    2007-12-03 20:17 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-03 20:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-03 20:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-03 20:17 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-03 20:17 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-03 20:17 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-03 20:17 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-03 20:17 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-03 20:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-03 20:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-03 18:37 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage r‚seau
    2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage d'impression
    2007-12-03 17:58 . 2007-12-02 10:42 <REP> d--h----- C:\Documents and Settings\Michel\ModŠles
    2007-12-03 17:58 . 2007-12-13 17:49 <REP> dr------- C:\Documents and Settings\Michel\Mes documents
    2007-12-03 17:58 . 2007-12-10 20:22 <REP> dr------- C:\Documents and Settings\Michel\Menu D‚marrer
    2007-12-03 17:58 . 2007-12-13 21:20 <REP> dr------- C:\Documents and Settings\Michel\Favoris
    2007-12-03 17:58 . 2008-01-02 18:40 <REP> d-------- C:\Documents and Settings\Michel\Bureau
    2007-12-03 17:45 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
    2007-12-03 17:45 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
    2007-12-03 17:45 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-27 18:26 --------- d-----w C:\Program Files\Tearoetn
    2007-12-27 16:30 --------- d-----w C:\Documents and Settings\Stephane\Application Data\LimeWire
    2007-12-10 21:29 --------- d-----w C:\Program Files\QuickTime
    2007-12-05 18:03 --------- d-----w C:\Documents and Settings\Monique\Application Data\LimeWire
    2007-12-05 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-02 19:41 --------- d-----w C:\Documents and Settings\Monique\Application Data\Ahead
    2007-12-02 19:31 --------- d-----w C:\Program Files\Ahead
    2007-12-02 19:29 --------- d-----w C:\Program Files\Java
    2007-12-01 14:14 --------- d-----w C:\Program Files\PowerArchiver
    2007-12-01 13:45 --------- d-----w C:\Program Files\Vstep
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-02-25 21:04 19,864 ----a-w C:\Documents and Settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( snapshot_2008-01-03_23.04.44.34 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "CnxDslTaskBar"="C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 19:06 458752]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 22:28 155648]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-27 19:55 6731312]
    "VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23 2618240]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 02:05]
    R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 02:05]
    R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 15:54]
    S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-03 23:15:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-03 23:18:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-03 22:18:23
    ComboFix2.txt 2008-01-03 22:05:18
    ComboFix3.txt 2008-01-02 17:41:20
    .
    2007-12-12 13:17:28 --- E O F ---
    a b 8 Sécurité
    3 Janvier 2008 23:22:57

    Tu as encore des soucis ? :) 
    3 Janvier 2008 23:26:50

    Non je viens de controler, tout marche à la perfection..

    T'es un vrai chef et je te remercie beaucoup pour ton aide!

    Il me reste plus q'a mettre que mon problème est résolu mais je sais pas comment faire lol.. je vais chercher

    Encore merci Angeldark!
    a b 8 Sécurité
    4 Janvier 2008 12:59:39

    Bonne continuation :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    5 Janvier 2008 13:51:39

    -->- Recherche:

    C:\Vundofix backups: trouvé !
    C:\Qoobox: trouvé !
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\fsbl.exe: trouvé !
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.exe: trouvé !
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.lnk: trouvé !
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\vundoFix.exe: trouvé !
    C:\Documents and Settings\Stephane\Recent\HijackThis.lnk: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Logitech\iTouch\Drivers\Clean: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\fsbl.exe: supprimé !
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.exe: supprimé !
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.lnk: supprimé !
    C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\vundoFix.exe: supprimé !
    C:\Documents and Settings\Stephane\Recent\HijackThis.lnk: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\Vundofix backups: supprimé !
    C:\Qoobox: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Logitech\iTouch\Drivers\Clean: supprimé !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS