Votre question

Admedia365... fenêtre intempestive et problèmes en chaîne

Tags :
  • Fenêtre intempestive
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Décembre 2007 13:16:46

Bonjour,

Je sais qu'un post est ouvert à ce sujet maisétant donné la longueur des réponses, je me permet d'en créer un second. Depuis l'apparition de ce virus, j'ai des problèmes de connexions et mon ordi fait un bruit de tracteur. J'ai suivi les 1ère instructions de chercheur (scan avec hijack et combofix), voici les rapports:

COMBOFIX
ComboFix 07-12-12.3 - DAGOURET 2007-12-12 0:16:22.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.31 [GMT 1:00]
Running from: C:\Documents and Settings\DAGOURET\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\DAGOURET\Bureau\Live Safety Center.lnk
C:\Documents and Settings\DAGOURET\Favoris\Online Security Guide.lnk
C:\WINDOWS\system32\cacfhyqi.dll
C:\WINDOWS\system32\cdfii.ini
C:\WINDOWS\system32\cdfii.ini2
C:\WINDOWS\system32\cqdhsoty.exe
C:\WINDOWS\system32\ddcabxx.dll
C:\WINDOWS\system32\ddcbyvt.dll
C:\WINDOWS\system32\drkpdbcy.exe
C:\WINDOWS\system32\fherbsrg.dll
C:\WINDOWS\system32\grsbrehf.ini
C:\WINDOWS\system32\gyguyqws.ini
C:\WINDOWS\system32\igxyfabq.ini
C:\WINDOWS\system32\iifdc.dll
C:\WINDOWS\system32\ivahuxvb.exe
C:\WINDOWS\system32\msulrdgy.exe
C:\WINDOWS\system32\oxfjnkyp.dllbox
C:\WINDOWS\system32\qbafyxgi.dll
C:\WINDOWS\system32\siceylty.dll
C:\WINDOWS\system32\swqyugyg.dll
C:\WINDOWS\system32\tibhpcok.dll
C:\WINDOWS\system32\ueawwsdr.dll
C:\WINDOWS\system32\vfflxckk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.

2007-12-09 18:57 . 2007-12-10 14:59 834,760 ---hs---- C:\WINDOWS\system32\ekjtxrtu.ini
2007-12-08 14:17 . 2007-12-09 18:51 834,340 ---hs---- C:\WINDOWS\system32\okyariux.ini
2007-12-08 09:56 . 2007-12-08 09:56 <REP> d--hs---- C:\FOUND.000
2007-12-03 12:09 . 2007-12-03 12:09 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-21 13:31 . 2007-11-21 13:31 <REP> d-------- C:\Program Files\SphinxME
2007-11-21 13:31 . 2007-11-21 13:31 587 --a------ C:\?.lnk
2007-11-13 20:28 . 2007-11-13 20:28 <REP> d-------- C:\Documents and Settings\DAGOURET\.lincity
2007-11-13 20:23 . 2007-11-13 20:23 <REP> d-------- C:\Program Files\jeu
2007-11-13 20:19 . 2007-11-13 20:19 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-11-13 20:19 . 2007-11-13 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2007-11-11 21:34 . 2007-11-11 21:34 <REP> d-------- C:\Program Files\Warring States
2007-11-11 20:34 . 2007-11-11 20:34 <REP> d-------- C:\Program Files\Pocket PC

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-08 18:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-08 17:17 --------- d-----w C:\Program Files\Risk
2007-11-07 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-07 22:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-07 18:28 --------- d-----w C:\Program Files\Transport Giant
2007-11-05 14:21 --------- d-----w C:\Program Files\CapAlpha
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 22:38 --------- d-----w C:\Documents and Settings\DAGOURET\Application Data\Anuman Interactive
2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 19:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 19:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-12 00:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-27 22:07 43,128 ----a-w C:\Documents and Settings\DAGOURET\Application Data\GDIPFONTCACHEV1.DAT
2006-10-01 12:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-08-20 00:10 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 00:33]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= c:\Program Files\interMute\SpySubtract\sshook.dll [2007-07-16 20:04 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oxfjnkyp]
oxfjnkyp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 8.0 Icône AOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=C:\WINDOWS\pss\AOL Compagnon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dataviz Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dataviz Messenger.lnk
backup=C:\WINDOWS\pss\Dataviz Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2003-05-23 14:20 253952 --a------ C:\WINDOWS\System32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 03:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-20 01:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 09:29 40960 -ra------ C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-06 23:07 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-06 23:19 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitor]
monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2003-01-17 19:26 458752 --------- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NsUpdate]
C:\WINDOWS\NsUpdate.exe UPDATE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy]
2003-02-28 19:54 40960 --------- C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2003-03-11 13:58 122880 --a------ C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpwrtray]
TPWRTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
C:\Program Files\Carpe Diem\marie-laetitia
[1]\CDUpdater.exe CD_UPDATER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R2 RVIEGVST;VSC VST Engine;\??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\DAGOURET\LOCALS~1\Temp\DMSKSSRh.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\system32\DRIVERS\wlags48b.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-11 23:35:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 00:33:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-12 0:35:46 - machine was rebooted
.
2007-12-03 11:09:33 --- E O F ---


HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50:15, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\DAGOURET\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netecolo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://noemiedagouret.spaces.live.com//PhotoUpload/MsnP...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {8B5561D8-F6ED-4FD7-BA4D-7DE0FBA3B512} (NeoBook ActiveX Control) - file:///C:/Program%20Files/Crescendo%20édition%20complète/CRESCEXE/SP_Cresc/NB5ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CF392BE0-B84F-46E9-BDA9-845119819119} (IPAQSelfHelp Class) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/ISPEIPA...
O20 - Winlogon Notify: oxfjnkyp - oxfjnkyp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8553 bytes


MERCI D'AVANCE de m'aider à sortir de cette mélasse

Autres pages sur : admedia365 fenatre intempestive problames chaane

13 Décembre 2007 00:44:48

Et voilou. :bounce:  C'est fait.

Merci merci!!!


AntiVir PersonalEdition Classic
Report file date: mercredi 12 décembre 2007 21:54

Scanning for 971419 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: YOUR-HITQBZKUES

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:00:30
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 19:00:30
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 19:00:30
ANTIVIR3.VDF : 7.0.1.81 215040 Bytes 12/12/2007 19:00:30
AVEWIN32.DLL : 7.6.0.40 3064320 Bytes 12/12/2007 19:00:32
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 12 décembre 2007 21:54

The scan of running processes will be started
Scan process 'AVSCAN.EXE' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'POWERPNT.EXE' - '1' Module(s) have been scanned
Scan process 'AVCENTER.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'FirewallGUI.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'GUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'FWService.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '12' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\SphinxME\MacrosLexica.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word95
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP1\A0001067.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[WARNING] The file was ignored!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP3\A0001131.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[WARNING] The file was ignored!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP3\A0001132.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[WARNING] The file was ignored!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP3\A0001134.dll
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[WARNING] The file was ignored!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP3\A0001137.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] The file was ignored!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP3\A0001145.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '479058da.qua'!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP5\A0001473.exe
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[WARNING] The file was ignored!
C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP5\A0001474.exe
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[WARNING] The file was ignored!
C:\qoobox\Quarantine\catchme2007-12-12_ 03200.53.zip
[0] Archive type: ZIP
--> iifdc.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47d45a44.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fherbsrg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47c55a54.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qbafyxgi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47c15a55.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\swqyugyg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DRT
[INFO] The file was moved to '47d15a6d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vfflxckk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47c65a5e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ddcbyvt.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47c35a5f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\iifdc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47c65a70.qua'!


End of the scan: mercredi 12 décembre 2007 23:00
Used time: 1:06:18 min

The scan has been done completely.

5431 Scanning directories
209270 Files were scanned
15 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
209255 Files not concerned
6447 Archives were scanned
9 Warnings
0 Notes




Contenus similaires
a b 8 Sécurité
13 Décembre 2007 18:25:56

Reposte un rapport Hijackthis.
13 Décembre 2007 19:36:30

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:30, on 13/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\DAGOURET\Bureau\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netecolo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://noemiedagouret.spaces.live.com//PhotoUpload/MsnP...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {8B5561D8-F6ED-4FD7-BA4D-7DE0FBA3B512} (NeoBook ActiveX Control) - file:///C:/Program%20Files/Crescendo%20édition%20complète/CRESCEXE/SP_Cresc/NB5ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CF392BE0-B84F-46E9-BDA9-845119819119} (IPAQSelfHelp Class) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/ISPEIPA...
O20 - Winlogon Notify: oxfjnkyp - oxfjnkyp.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8399 bytes
a b 8 Sécurité
13 Décembre 2007 20:30:01

Refais un scan Combofix.
13 Décembre 2007 22:44:32

Combofix

ComboFix 07-12-12.3 - DAGOURET 2007-12-13 22:31:10.2 - FAT32x86
Running from: C:\Documents and Settings\DAGOURET\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.

2007-12-12 19:42 . 2007-12-12 19:42 <REP> d-------- C:\Program Files\Avira
2007-12-12 19:42 . 2007-12-12 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-12 15:42 . 2007-12-12 15:46 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-09 18:57 . 2007-12-10 14:59 834,760 ---hs---- C:\WINDOWS\system32\ekjtxrtu.ini
2007-12-08 14:17 . 2007-12-09 18:51 834,340 ---hs---- C:\WINDOWS\system32\okyariux.ini
2007-12-08 09:56 . 2007-12-08 09:56 <REP> d--hs---- C:\FOUND.000
2007-12-03 12:09 . 2007-12-03 12:09 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-21 13:31 . 2007-11-21 13:31 <REP> d-------- C:\Program Files\SphinxME
2007-11-21 13:31 . 2007-11-21 13:31 587 --a------ C:\€.lnk
2007-11-13 20:28 . 2007-11-13 20:28 <REP> d-------- C:\Documents and Settings\DAGOURET\.lincity
2007-11-13 20:23 . 2007-11-13 20:23 <REP> d-------- C:\Program Files\jeu
2007-11-13 20:19 . 2007-11-13 20:19 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared
2007-11-13 20:19 . 2007-11-13 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 20:34 --------- d-----w C:\Program Files\Warring States
2007-11-11 19:34 --------- d-----w C:\Program Files\Pocket PC
2007-11-08 18:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-08 17:17 --------- d-----w C:\Program Files\Risk
2007-11-07 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-07 22:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-07 18:28 --------- d-----w C:\Program Files\Transport Giant
2007-11-05 14:21 --------- d-----w C:\Program Files\CapAlpha
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 22:38 --------- d-----w C:\Documents and Settings\DAGOURET\Application Data\Anuman Interactive
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 19:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 19:22 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-08-27 22:07 43,128 ----a-w C:\Documents and Settings\DAGOURET\Application Data\GDIPFONTCACHEV1.DAT
2006-10-01 12:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-08-20 00:10 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-12_ 0.35.01.86 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-08-20 10:59:30 124,928 ------w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:59:30 214,528 ------w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:59:30 132,608 ------w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:59:30 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 11:22:12 63,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:59:30 153,088 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:59:30 230,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 08:34:26 161,792 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:59:30 383,488 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:59:30 384,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:59:30 6,058,496 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:59:30 44,544 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:59:30 267,776 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 11:22:12 13,824 ------w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 11:22:32 625,152 ------w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:59:30 27,648 ------w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:59:30 459,264 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:59:30 52,224 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 10:59:30 3,584,512 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:59:30 477,696 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:59:30 193,024 ------w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:59:30 671,232 ------w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:59:32 102,400 ------w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:34:38 216,800 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 ------w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:59:32 105,984 ------w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:59:32 1,152,000 ------w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:59:32 232,960 ------w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:59:32 824,832 ------w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2007-08-20 10:59:30 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-12-12 19:00:32 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
- 2007-08-20 10:59:30 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-20 10:59:30 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:49:42 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-20 10:59:30 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-17 11:22:12 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 11:00:42 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 10:59:30 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:49:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 10:59:30 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:49:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 08:34:26 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:56 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 10:59:30 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 10:59:30 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:49:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 10:59:30 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:49:44 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 10:59:30 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:49:44 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 10:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:49:44 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 11:22:12 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-20 10:59:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:49:44 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-11-02 07:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-20 10:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 10:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-20 10:59:30 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 10:59:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-20 10:59:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-20 10:59:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:49:46 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-20 10:59:32 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:49:46 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-07-18 13:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-08-20 10:59:32 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:49:46 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-20 10:59:32 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:49:46 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-20 10:59:32 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:49:46 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-20 10:59:32 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:49:46 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 00:33]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-12 20:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= c:\Program Files\interMute\SpySubtract\sshook.dll [2007-07-16 20:04 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oxfjnkyp]
oxfjnkyp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 8.0 Icône AOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=C:\WINDOWS\pss\AOL Compagnon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dataviz Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dataviz Messenger.lnk
backup=C:\WINDOWS\pss\Dataviz Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2003-05-23 14:20 253952 --a------ C:\WINDOWS\System32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 03:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-20 01:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 09:29 40960 -ra------ C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-06 23:07 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-06 23:19 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitor]
monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2003-01-17 19:26 458752 --------- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NsUpdate]
C:\WINDOWS\NsUpdate.exe UPDATE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy]
2003-02-28 19:54 40960 --------- C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2003-03-11 13:58 122880 --a------ C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpwrtray]
TPWRTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
C:\Program Files\Carpe Diem\marie-laetitia
[1]\CDUpdater.exe CD_UPDATER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R2 RVIEGVST;VSC VST Engine;\??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\DAGOURET\LOCALS~1\Temp\DMSKSSRh.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\system32\DRIVERS\wlags48b.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-13 21:35:08 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 22:36:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-13 22:37:50
C:\ComboFix2.txt ... 2007-12-12 00:35
.
2007-12-12 14:49:39 --- E O F ---
a b 8 Sécurité
14 Décembre 2007 10:47:47

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\ekjtxrtu.ini
C:\WINDOWS\system32\okyariux.ini

Folder::
C:\FOUND.000

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oxfjnkyp]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
18 Décembre 2007 19:37:03

:fou:  Ouah je crois que mon ordi sera plus efficace en imitant superman si je le jette du 3ème!!!

Je reviens de week end et il bug à fond. Il s'arrêtait tout seul et je pouvais même plus l'allumer en mode sans echec.

Bref j'ai pu faire un premier combix comme tu me l'a demandé. Les 2 fichiers en .ini ont été supprimé. Mais comme je n'avais pas arrêté Antivir, j'en ai relancé un et un Hijack:

ComboFix 07-12-12.3 - DAGOURET 2007-12-18 19:26:35.6 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\DAGOURET\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.

2007-12-17 20:28 . 2007-12-17 20:28 <REP> d--hs---- C:\FOUND.002
2007-12-17 13:20 . 2007-12-17 13:20 <REP> d--hs---- C:\FOUND.001
2007-12-12 19:42 . 2007-12-12 19:42 <REP> d-------- C:\Program Files\Avira
2007-12-12 19:42 . 2007-12-12 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-12 15:42 . 2007-12-12 15:46 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-03 12:09 . 2007-12-03 12:09 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-21 13:31 . 2007-11-21 13:31 <REP> d-------- C:\Program Files\SphinxME
2007-11-21 13:31 . 2007-11-21 13:31 587 --a------ C:\€.lnk

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-11-13 19:23 --------- d-----w C:\Program Files\jeu
2007-11-13 19:19 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2007-11-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 20:34 --------- d-----w C:\Program Files\Warring States
2007-11-11 19:34 --------- d-----w C:\Program Files\Pocket PC
2007-11-08 18:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-08 17:17 --------- d-----w C:\Program Files\Risk
2007-11-07 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-07 22:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-07 18:28 --------- d-----w C:\Program Files\Transport Giant
2007-11-05 14:21 --------- d-----w C:\Program Files\CapAlpha
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 22:38 --------- d-----w C:\Documents and Settings\DAGOURET\Application Data\Anuman Interactive
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-27 22:07 43,128 ----a-w C:\Documents and Settings\DAGOURET\Application Data\GDIPFONTCACHEV1.DAT
2006-10-01 12:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-08-20 00:10 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 00:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-12 20:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= c:\Program Files\interMute\SpySubtract\sshook.dll [2007-07-16 20:04 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 8.0 Icône AOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=C:\WINDOWS\pss\AOL Compagnon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dataviz Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dataviz Messenger.lnk
backup=C:\WINDOWS\pss\Dataviz Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2003-05-23 14:20 253952 --a------ C:\WINDOWS\System32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 03:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-20 01:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 09:29 40960 -ra------ C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-06 23:07 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-06 23:19 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitor]
monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2003-01-17 19:26 458752 --------- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NsUpdate]
C:\WINDOWS\NsUpdate.exe UPDATE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy]
2003-02-28 19:54 40960 --------- C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2003-03-11 13:58 122880 --a------ C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpwrtray]
TPWRTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
C:\Program Files\Carpe Diem\marie-laetitia
[1]\CDUpdater.exe CD_UPDATER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R2 RVIEGVST;VSC VST Engine;\??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\DAGOURET\LOCALS~1\Temp\DMSKSSRh.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\system32\DRIVERS\wlags48b.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-18 17:35:26 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 19:31:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-18 19:32:25
C:\ComboFix2.txt ... 2007-12-18 18:23
C:\ComboFix3.txt ... 2007-12-18 17:19
.
2007-12-12 14:49:39 --- E O F ---


ComboFix 07-12-12.3 - DAGOURET 2007-12-18 19:26:35.6 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.68 [GMT 1:00]
Running from: C:\Documents and Settings\DAGOURET\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-18 to 2007-12-18 ))))))))))))))))))))))))))))))))))))
.

2007-12-17 20:28 . 2007-12-17 20:28 <REP> d--hs---- C:\FOUND.002
2007-12-17 13:20 . 2007-12-17 13:20 <REP> d--hs---- C:\FOUND.001
2007-12-12 19:42 . 2007-12-12 19:42 <REP> d-------- C:\Program Files\Avira
2007-12-12 19:42 . 2007-12-12 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-12 15:42 . 2007-12-12 15:46 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-03 12:09 . 2007-12-03 12:09 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-21 13:31 . 2007-11-21 13:31 <REP> d-------- C:\Program Files\SphinxME
2007-11-21 13:31 . 2007-11-21 13:31 587 --a------ C:\€.lnk

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-11-13 19:23 --------- d-----w C:\Program Files\jeu
2007-11-13 19:19 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2007-11-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 20:34 --------- d-----w C:\Program Files\Warring States
2007-11-11 19:34 --------- d-----w C:\Program Files\Pocket PC
2007-11-08 18:05 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-11-08 17:17 --------- d-----w C:\Program Files\Risk
2007-11-07 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-11-07 22:05 --------- d-----w C:\Program Files\ReflexiveArcade
2007-11-07 18:28 --------- d-----w C:\Program Files\Transport Giant
2007-11-05 14:21 --------- d-----w C:\Program Files\CapAlpha
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 22:38 --------- d-----w C:\Documents and Settings\DAGOURET\Application Data\Anuman Interactive
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-27 22:07 43,128 ----a-w C:\Documents and Settings\DAGOURET\Application Data\GDIPFONTCACHEV1.DAT
2006-10-01 12:48 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-08-20 00:10 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 20:21]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 00:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 08:13]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-12 20:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= c:\Program Files\interMute\SpySubtract\sshook.dll [2007-07-16 20:04 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL 8.0 Icône AOL.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk
backup=C:\WINDOWS\pss\AOL 8.0 Icône AOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AOL Compagnon.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk
backup=C:\WINDOWS\pss\AOL Compagnon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dataviz Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Dataviz Messenger.lnk
backup=C:\WINDOWS\pss\Dataviz Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkvMon.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk
backup=C:\WINDOWS\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
000StTHK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
2003-05-23 14:20 253952 --a------ C:\WINDOWS\System32\00THotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 03:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-20 01:09 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 09:29 40960 -ra------ C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-04-06 23:07 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-04-06 23:19 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTSMMSG]
LTSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitor]
monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2003-01-17 19:26 458752 --------- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NsUpdate]
C:\WINDOWS\NsUpdate.exe UPDATE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy]
2003-02-28 19:54 40960 --------- C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
TFNF5.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
2003-03-11 13:58 122880 --a------ C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpwrtray]
TPWRTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Updater]
C:\Program Files\Carpe Diem\marie-laetitia
[1]\CDUpdater.exe CD_UPDATER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VetTray]
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe

R0 TVALG;Toshiba Value Added Logical and General Purpose Device Driver;C:\WINDOWS\system32\DRIVERS\TVALG.SYS
R2 RVIEGVST;VSC VST Engine;\??\C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\DAGOURET\LOCALS~1\Temp\DMSKSSRh.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 wlags48b;Wireless LAN PCCard Driver;C:\WINDOWS\system32\DRIVERS\wlags48b.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-18 17:35:26 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 19:31:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-18 19:32:25
C:\ComboFix2.txt ... 2007-12-18 18:23
C:\ComboFix3.txt ... 2007-12-18 17:19
.
2007-12-12 14:49:39 --- E O F ---
a b 8 Sécurité
18 Décembre 2007 20:21:47

Reposte un rapport Hijackthis.
18 Décembre 2007 20:35:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:33, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\DAGOURET\Bureau\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netecolo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://noemiedagouret.spaces.live.com//PhotoUpload/MsnP...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProduct...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-win...
O16 - DPF: {8B5561D8-F6ED-4FD7-BA4D-7DE0FBA3B512} (NeoBook ActiveX Control) - file:///C:/Program%20Files/Crescendo%20édition%20complète/CRESCEXE/SP_Cresc/NB5ActiveX.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CF392BE0-B84F-46E9-BDA9-845119819119} (IPAQSelfHelp Class) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/ISPEIPA...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8386 bytes
a b 8 Sécurité
18 Décembre 2007 20:42:42

Tu peux désinstaller PC Tools Firewall Plus ?
19 Décembre 2007 13:47:09

PC Tools désinstallé. J'ai mis zone alarm en attendant tes conseils suivant. Mais ça fait déjà un gros mieux, mon UC était utilisé à 100% et là plus de bug.
a b 8 Sécurité
19 Décembre 2007 14:01:35

Encore des problèmes ?
20 Décembre 2007 09:28:46

Quand Zone Alarm (pare feu) et Antivir sont actifs tous les deux, rebelote l'ordi sature...
a b 8 Sécurité
20 Décembre 2007 16:15:03

Vire Zone Alarm et installe Kerio.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS