Votre question

[Resolu] Help virus , trojan [Hijackthis]

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
15 Octobre 2007 16:57:19

Bonjour je crois avoir beaucoup de problèmes avec des virus et trojan en ce moment , je ne connais rien a hijackthis , donc si vous pouviez m'aider je vous remervirais infiniment , merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:43, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\MYPC~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe
C:\DOCUME~1\MYPC~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 213.239.205.117 l2authd.lineage2.com # m0o ag
O1 - Hosts: 213.239.205.117 l2testauthd.lineage2.com # m0o age
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {12E1BB3D-F4FF-4C16-B452-29B0AB07D1BE} - C:\WINDOWS\system32\jkhhi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {773AEAEA-7F9E-489F-9B50-9FA3AAEEDCB4} - C:\WINDOWS\system32\yywnivdn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kuvbyciv.dll
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\system32\gebyvsq.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kuvbyciv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\My PC\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ArchosLink] C:\Program Files\Archos\ArchosLink\ArchosLink.exe /swmin
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Souscrire avec ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\My PC\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://media2.selfcast.com/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://m6video.m6.fr/1click/install/files/installer2.ca...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: gebyvsq - C:\WINDOWS\SYSTEM32\gebyvsq.dll
O20 - Winlogon Notify: kuvbyciv - C:\WINDOWS\SYSTEM32\kuvbyciv.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 14995 bytes

Autres pages sur : resolu help virus trojan hijackthis

15 Octobre 2007 17:03:50

bonjour

~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
15 Octobre 2007 17:32:50

Re merci de m'aider voici le rapport Vundo fix :

VundoFix V6.5.10

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:12:42 15/10/2007

Listing files found while scanning....

C:\windows\system32\bfpnvhvo.ini
C:\windows\system32\gebyvsq.dll
C:\WINDOWS\system32\kuvbyciv.dll
C:\WINDOWS\system32\kvjiiyap.dll
C:\windows\system32\lqjshgmr.exe
C:\WINDOWS\system32\ovhvnpfb.dll

Beginning removal...

Attempting to delete C:\windows\system32\bfpnvhvo.ini
C:\windows\system32\bfpnvhvo.ini Has been deleted!

Attempting to delete C:\windows\system32\gebyvsq.dll
C:\windows\system32\gebyvsq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\kuvbyciv.dll
C:\WINDOWS\system32\kuvbyciv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kvjiiyap.dll
C:\WINDOWS\system32\kvjiiyap.dll Has been deleted!

Attempting to delete C:\windows\system32\lqjshgmr.exe
C:\windows\system32\lqjshgmr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ovhvnpfb.dll
C:\WINDOWS\system32\ovhvnpfb.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\gebyvsq.dll
C:\windows\system32\gebyvsq.dll Could not be deleted.

Performing Repairs to the registry.
Done!


Et Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:18, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\My PC\Local Settings\Temporary Internet Files\Content.IE5\XNSUJKS5\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 213.239.205.117 l2authd.lineage2.com # m0o ag
O1 - Hosts: 213.239.205.117 l2testauthd.lineage2.com # m0o age
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {773AEAEA-7F9E-489F-9B50-9FA3AAEEDCB4} - C:\WINDOWS\system32\yywnivdn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6B245AD-4968-4552-82C8-1A58B757CE1A} - C:\WINDOWS\system32\jkhhi.dll
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\system32\gebyvsq.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\My PC\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ArchosLink] C:\Program Files\Archos\ArchosLink\ArchosLink.exe /swmin
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Souscrire avec ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\My PC\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://media2.selfcast.com/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://m6video.m6.fr/1click/install/files/installer2.ca...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 14782 bytes

Merci de m'aider ^^

Contenus similaires
15 Octobre 2007 19:02:15

re

on continue

Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

ajoute un nouveau rapport Hijackthis.
15 Octobre 2007 19:24:30

Bonsoir voici ce que vous m'avez demandé :
ComboFix 07-10-12.4 - My PC 2007-10-15 19:12:52.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.114 [GMT 2:00]
Running from: C:\Documents and Settings\My PC\Bureau\ComboFix.exe
* Created a new restore point
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\My PC\Application Data\inst.exe
C:\WINDOWS\system32\dvobjxjv.exe
C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.bak1
C:\WINDOWS\system32\ihhkj.bak2
C:\WINDOWS\system32\ihhkj.bak2
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\ihhkj.ini
C:\WINDOWS\system32\jkhhi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers créés 2007-09-15 to 2007-10-15 ))))))))))))))))))))))))))))))))))))
.

2007-10-15 19:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 17:12 <REP> d-------- C:\VundoFix Backups
2007-10-15 16:52 389,184 --a------ C:\WINDOWS\system32\jjmgakxw.exe
2007-10-14 00:13 339,968 --a------ C:\WINDOWS\system32\iobiwojc.dll
2007-10-14 00:13 339,968 --a------ C:\Program Files\Hammer.dll
2007-10-14 00:12 389,184 --a------ C:\WINDOWS\system32\uyeifpir.exe
2007-10-13 12:33 <REP> d-------- C:\Documents and Settings\My PC\Application Data\Grisoft
2007-10-13 12:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-13 12:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-13 12:01 14,848 --a------ C:\Program Files\msc.exe
2007-10-13 12:00 34,304 --------- C:\WINDOWS\system32\gebyvsq.dll
2007-10-12 23:39 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-10-12 23:38 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-10-12 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-10 16:51 966,973 --a------ C:\WINDOWS\system32\DieuxDuStade.scr
2007-10-07 19:44 <REP> d-------- C:\WINDOWS\system32\AlertModule
2007-10-07 19:44 <REP> d-------- C:\Program Files\Wanadoo Messager
2007-10-07 19:44 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2007-10-07 19:44 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2007-10-07 19:44 32,768 --a------ C:\WINDOWS\system32\ffJmpWeb.dll
2007-10-07 18:31 <REP> d-------- C:\Program Files\Inventel
2007-10-07 12:14 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2007-10-07 12:13 <REP> d-------- C:\Program Files\Wanadoo
2007-10-06 17:11 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
2007-10-06 15:55 22,328 --a------ C:\Documents and Settings\My PC\Application Data\PnkBstrK.sys
2007-10-05 17:57 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-05 17:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-05 17:56 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-05 17:37 <REP> d-------- C:\Program Files\Sierra
2007-10-05 10:02 <REP> d-------- C:\Program Files\Veoh Networks
2007-10-03 16:54 <REP> d-------- C:\Program Files\QuickTime
2007-09-26 18:48 <REP> d-------- C:\Program Files\MSXML 6.0
2007-09-26 11:40 <REP> d-------- C:\Documents and Settings\My PC\animations
2007-09-26 11:39 <REP> d-------- C:\Documents and Settings\My PC\system
2007-09-26 11:39 <REP> d-------- C:\Documents and Settings\My PC\Patch
2007-09-25 20:35 <REP> d-------- C:\Program Files\MSBuild
2007-09-25 20:32 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2007-09-25 20:32 <REP> d-------- C:\Program Files\Reference Assemblies
2007-09-25 20:31 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-25 19:51 <REP> d-------- C:\Program Files\m0o.eu
2007-09-24 20:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-21 22:04 <REP> d-------- C:\Program Files\Archos
2007-09-21 22:04 <REP> d-------- C:\Documents and Settings\My PC\Application Data\ArchosLink

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 10:00 877 ----a-w C:\WINDOWS\system32\drivers\header_red_bg.gif
2007-10-13 10:00 8,852 ----a-w C:\WINDOWS\system32\drivers\download_btn.jpg
2007-10-13 10:00 4,448 ----a-w C:\WINDOWS\system32\drivers\download_now_btn.gif
2007-10-13 10:00 3,552 ----a-w C:\WINDOWS\system32\drivers\cell_header_remove.gif
2007-10-13 10:00 3,479 ----a-w C:\WINDOWS\system32\drivers\cell_header_scan.gif
2007-10-13 10:00 3,313 ----a-w C:\WINDOWS\system32\drivers\cell_header_block.gif
2007-10-13 10:00 12,471 ----a-w C:\WINDOWS\system32\drivers\detect.htm
2007-10-13 10:00 1,373 ----a-w C:\WINDOWS\system32\drivers\cell_footer.gif
2007-10-13 10:00 1,342 ----a-w C:\WINDOWS\system32\drivers\cell_bg.gif
2007-10-07 17:52 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-10-05 15:43 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-05 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-25 17:49 --------- d-----w C:\Program Files\World of Warcraft
2007-09-24 17:42 --------- d-----w C:\Program Files\Free Easy Burner
2007-09-24 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-09-24 17:29 --------- d-----w C:\Program Files\Octoshape Streaming Services
2007-09-22 19:36 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-09-19 15:33 --------- d-----w C:\Documents and Settings\My PC\Application Data\teamspeak2
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-23 18:12 --------- d-----w C:\Documents and Settings\My PC\Application Data\Skype
2007-08-20 22:42 --------- d-----w C:\Program Files\MSXML 4.0
2007-06-14 14:29 47,360 -c--a-w C:\Documents and Settings\My PC\Application Data\pcouffin.sys
2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{773AEAEA-7F9E-489F-9B50-9FA3AAEEDCB4}]
C:\WINDOWS\system32\yywnivdn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}]
2007-10-13 12:00 34304 --------- C:\WINDOWS\system32\gebyvsq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 07:35]
"nwiz"="nwiz.exe" [2004-09-30 07:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 07:35]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 13:27]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-12-22 13:31]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-03 16:54]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 13:05]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 12:16]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 20:25]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-10-05 09:11]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\My PC\OctoshapeClient.exe" []
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"ArchosLink"="C:\Program Files\Archos\ArchosLink\ArchosLink.exe" [2007-10-01 09:20]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}"= C:\WINDOWS\system32\gebyvsq.dll [2007-10-13 12:00 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]
winzzd32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
Winlognotif.dll 2003-09-03 06:14 49152 C:\WINDOWS\system32\Winlognotif.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhi.dll

R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys
R2 hwpsgt;hwpsgt;C:\WINDOWS\system32\DRIVERS\hwpsgt.sys
R2 lemsgt;lemsgt;C:\WINDOWS\system32\DRIVERS\lemsgt.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 dump_wmimmc;dump_wmimmc;\??\C:\Documents and Settings\My PC\Bureau\Lineage II\system\GameGuard\dump_wmimmc.sys
S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\MYPC~1\LOCALS~1\Temp\sony_ssm.sys
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-05-10 13:29:25 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
"2007-10-15 16:41:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 19:18:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-15 19:22:44 - machine was rebooted
.
--- E O F ---




Puis hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:11, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\My PC\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {773AEAEA-7F9E-489F-9B50-9FA3AAEEDCB4} - C:\WINDOWS\system32\yywnivdn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\system32\gebyvsq.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\My PC\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ArchosLink] C:\Program Files\Archos\ArchosLink\ArchosLink.exe /swmin
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Souscrire avec ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\My PC\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://media2.selfcast.com/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://m6video.m6.fr/1click/install/files/installer2.ca...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 14255 bytes
15 Octobre 2007 23:05:37

bonsoir

Copie (Ctrl+C) le texte ci-dessous :
File::
C:\WINDOWS\system32\jjmgakxw.exe
C:\WINDOWS\system32\iobiwojc.dll
C:\Program Files\Hammer.dll
C:\WINDOWS\system32\uyeifpir.exe
C:\Program Files\msc.exe
C:\WINDOWS\system32\gebyvsq.dll
C:\WINDOWS\system32\yywnivdn.dll
C:\WINDOWS\system32\jkhhi.dll

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{773AEAEA-7F9E-489F-9B50-9FA3AAEEDCB4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzd32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    +++++++++++

    ajoute un nouveau log hijackthis

    16 Octobre 2007 17:37:29

    Bonjour
    Voici le rapport ComboFix :

    ComboFix 07-10-12.4 - My PC 2007-10-16 17:18:48.2 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.106 [GMT 2:00]
    Running from: C:\Documents and Settings\My PC\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\My PC\Bureau\CFScript.txt
    * Created a new restore point

    FILE::
    C:\Program Files\Hammer.dll
    C:\Program Files\msc.exe
    C:\WINDOWS\system32\gebyvsq.dll
    C:\WINDOWS\system32\iobiwojc.dll
    C:\WINDOWS\system32\jjmgakxw.exe
    C:\WINDOWS\system32\jkhhi.dll
    C:\WINDOWS\system32\uyeifpir.exe
    C:\WINDOWS\system32\yywnivdn.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Hammer.dll
    C:\Program Files\Hammer.dll
    C:\Program Files\msc.exe
    C:\VundoFix Backups
    C:\VundoFix Backups\bfpnvhvo.ini.bad
    C:\VundoFix Backups\gebyvsq.dll.bad
    C:\VundoFix Backups\kuvbyciv.dll.bad
    C:\VundoFix Backups\kvjiiyap.dll.bad
    C:\VundoFix Backups\lqjshgmr.exe.bad
    C:\VundoFix Backups\ovhvnpfb.dll.bad
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\gebyvsq.dll
    C:\WINDOWS\system32\iobiwojc.dll
    C:\WINDOWS\system32\jjmgakxw.exe
    C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.bak2
    C:\WINDOWS\system32\jlnmp.bak2
    C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\oyukebqu.dll
    C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\uqbekuyo.ini
    C:\WINDOWS\system32\uyeifpir.exe
    C:\WINDOWS\system32\wynulfjf.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_APLMP50
    -------\LEGACY_ASPI32
    -------\LEGACY_PRODRV06
    -------\LEGACY_PROHLP02
    -------\LEGACY_SFDRV01
    -------\LEGACY_SFHLP01
    -------\LEGACY_SFHLP02
    -------\LEGACY_SFVFS02
    -------\APLMp50
    -------\ASPI32
    -------\prodrv06
    -------\prohlp02
    -------\sfdrv01
    -------\sfhlp01
    -------\sfhlp02
    -------\sfvfs02


    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-15 19:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-13 12:33 <REP> d-------- C:\Documents and Settings\My PC\Application Data\Grisoft
    2007-10-13 12:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-13 12:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-12 23:39 <REP> d-------- C:\Program Files\Windows Live Favorites
    2007-10-12 23:38 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2007-10-12 23:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-10-10 16:51 966,973 --a------ C:\WINDOWS\system32\DieuxDuStade.scr
    2007-10-07 19:44 <REP> d-------- C:\WINDOWS\system32\AlertModule
    2007-10-07 19:44 <REP> d-------- C:\Program Files\Wanadoo Messager
    2007-10-07 19:44 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
    2007-10-07 19:44 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
    2007-10-07 19:44 32,768 --a------ C:\WINDOWS\system32\ffJmpWeb.dll
    2007-10-07 18:31 <REP> d-------- C:\Program Files\Inventel
    2007-10-07 12:14 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
    2007-10-07 12:13 <REP> d-------- C:\Program Files\Wanadoo
    2007-10-06 17:11 <REP> d-------- C:\Program Files\TrackMania Nations ESWC
    2007-10-06 15:55 22,328 --a------ C:\Documents and Settings\My PC\Application Data\PnkBstrK.sys
    2007-10-05 17:57 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-10-05 17:57 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-10-05 17:56 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-10-05 17:37 <REP> d-------- C:\Program Files\Sierra
    2007-10-05 10:02 <REP> d-------- C:\Program Files\Veoh Networks
    2007-10-03 16:54 <REP> d-------- C:\Program Files\QuickTime
    2007-09-26 18:48 <REP> d-------- C:\Program Files\MSXML 6.0
    2007-09-26 11:40 <REP> d-------- C:\Documents and Settings\My PC\animations
    2007-09-26 11:39 <REP> d-------- C:\Documents and Settings\My PC\system
    2007-09-26 11:39 <REP> d-------- C:\Documents and Settings\My PC\Patch
    2007-09-25 20:35 <REP> d-------- C:\Program Files\MSBuild
    2007-09-25 20:32 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2007-09-25 20:32 <REP> d-------- C:\Program Files\Reference Assemblies
    2007-09-25 20:31 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-09-25 19:51 <REP> d-------- C:\Program Files\m0o.eu
    2007-09-24 20:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2007-09-21 22:04 <REP> d-------- C:\Program Files\Archos
    2007-09-21 22:04 <REP> d-------- C:\Documents and Settings\My PC\Application Data\ArchosLink

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-07 17:52 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
    2007-10-07 17:52 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-10-07 17:52 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.SYS
    2007-10-05 15:43 --------- d-----w C:\Program Files\GameSpy Arcade
    2007-10-05 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-25 17:49 --------- d-----w C:\Program Files\World of Warcraft
    2007-09-24 17:42 --------- d-----w C:\Program Files\Free Easy Burner
    2007-09-24 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-09-24 17:29 --------- d-----w C:\Program Files\Octoshape Streaming Services
    2007-09-22 19:36 --------- d-----w C:\Program Files\Windows Live Safety Center
    2007-09-19 15:33 --------- d-----w C:\Documents and Settings\My PC\Application Data\teamspeak2
    2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-08-23 18:12 --------- d-----w C:\Documents and Settings\My PC\Application Data\Skype
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-20 22:42 --------- d-----w C:\Program Files\MSXML 4.0
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-06-14 14:29 47,360 -c--a-w C:\Documents and Settings\My PC\Application Data\pcouffin.sys
    2005-05-13 15:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 09:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 19:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 17:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 10:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 13:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 20:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 22:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 08:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 11:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-10-15_19.21.03.98 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-10-16 15:29:59 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_688.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 07:35]
    "nwiz"="nwiz.exe" [2004-09-30 07:35 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 07:35]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 11:38]
    "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 13:27]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28]
    "LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-12-22 13:31]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-03 16:54]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-25 13:05]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2005-04-18 12:16]
    "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 20:25]
    "Steam"="c:\program files\valve\steam\steam.exe" [2007-10-05 09:11]
    "Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\My PC\OctoshapeClient.exe" []
    "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 17:31]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
    "ArchosLink"="C:\Program Files\Archos\ArchosLink\ArchosLink.exe" [2007-10-01 09:20]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Zboard]
    Winlognotif.dll 2003-09-03 06:14 49152 C:\WINDOWS\system32\Winlognotif.dll

    R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys
    R2 hwpsgt;hwpsgt;C:\WINDOWS\system32\DRIVERS\hwpsgt.sys
    R2 lemsgt;lemsgt;C:\WINDOWS\system32\DRIVERS\lemsgt.sys
    R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
    R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys
    S3 dump_wmimmc;dump_wmimmc;\??\C:\Documents and Settings\My PC\Bureau\Lineage II\system\GameGuard\dump_wmimmc.sys
    S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
    S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
    S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
    S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys
    S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
    S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\MYPC~1\LOCALS~1\Temp\sony_ssm.sys
    S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
    S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-05-10 13:29:25 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
    "2007-10-15 18:41:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-16 17:30:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-16 17:35:08 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-15 19:22
    .
    --- E O F ---



    Puis Hijackthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:37:04, on 16/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\program files\valve\steam\steam.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Archos\ArchosLink\ArchosLink.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\My PC\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wanadoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\My PC\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ArchosLink] C:\Program Files\Archos\ArchosLink\ArchosLink.exe /swmin
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Souscrire avec ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\My PC\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://media2.selfcast.com/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://m6video.m6.fr/1click/install/files/installer2.ca...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 14045 bytes
    16 Octobre 2007 21:48:24

    bonsoir

    on continue

    tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    17 Octobre 2007 13:57:13

    Et voilà , et merci d'etre encoire là pour m'aider ;)  cet antivirus est super je trouve ;)  .




    AntiVir PersonalEdition Classic
    Report file date: mercredi 17 octobre 2007 12:20

    Scanning for 886955 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: MY-78B45766D9F6

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:58:43
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 09:58:43
    ANTIVIR2.VDF : 7.0.0.91 687104 Bytes 16/10/2007 09:58:43
    ANTIVIR3.VDF : 7.0.0.98 44032 Bytes 17/10/2007 09:58:43
    AVEWIN32.DLL : 7.6.0.23 2753024 Bytes 17/10/2007 09:58:44
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 17 octobre 2007 12:20

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
    Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
    Scan process 'UAService7.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
    Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'steam.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LWEMon.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'Zboard.exe' - '1' Module(s) have been scanned
    Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
    Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned
    Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'iTouch.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'ZboardTray.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    46 processes with 46 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '56' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\qoobox\Quarantine\C\Program Files\Hammer.dll.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4782f3ef.qua'!
    C:\qoobox\Quarantine\C\Program Files\msc.exe.vir
    [DETECTION] Is the Trojan horse TR/Agent.14848.28
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\VundoFix Backups\gebyvsq.dll.bad.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\VundoFix Backups\kuvbyciv.dll.bad.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '478bf412.qua'!
    C:\qoobox\Quarantine\C\VundoFix Backups\kvjiiyap.dll.bad.vir
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\VundoFix Backups\ovhvnpfb.dll.bad.vir
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\WINDOWS\system32\gebyvsq.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\WINDOWS\system32\iobiwojc.dll.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4777f416.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\jjmgakxw.exe.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4782f412.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\jkhhi.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\WINDOWS\system32\oyukebqu.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\WINDOWS\system32\pmnlj.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\WINDOWS\system32\uyeifpir.exe.vir
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '477af423.qua'!
    C:\qoobox\Quarantine\C\WINDOWS\system32\wynulfjf.dll.vir
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP184\A0072163.exe
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0072312.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0072321.dll
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0072403.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.E
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0072406.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4745f47f.qua'!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0074429.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4745f481.qua'!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0074430.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0074431.exe
    [DETECTION] Is the Trojan horse TR/Click.Agent.NP
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0074432.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP187\A0074471.exe
    [DETECTION] Is the Trojan horse TR/Fotomoto.E
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP187\A0074475.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP189\A0074618.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4745f48a.qua'!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP189\A0074621.exe
    [DETECTION] Is the Trojan horse TR/Agent.14848.28
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP189\A0074622.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP189\A0074623.dll
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4745f48b.qua'!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP189\A0074624.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4745f48c.qua'!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP189\A0074625.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4745f48d.qua'!
    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP189\A0074629.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\trzC1.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
    [INFO] The file was deleted!
    Begin scan in 'D:\'


    End of the scan: mercredi 17 octobre 2007 13:56
    Used time: 1:36:03 min

    The scan has been done completely.

    5074 Scanning directories
    215869 Files were scanned
    22 viruses and/or unwanted programs were found
    11 Files were classified as suspicious:
    22 files were deleted
    0 files were repaired
    11 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    215847 Files not concerned
    888 Archives were scanned
    1 Warnings
    0 Notes

    17 Octobre 2007 14:25:10

    bonjour

    reposte un log hijackthis stp
    17 Octobre 2007 14:26:27

    Oui voilà ;=)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:26:12, on 17/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\program files\valve\steam\steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\My PC\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\My PC\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ArchosLink] C:\Program Files\Archos\ArchosLink\ArchosLink.exe /swmin
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Souscrire avec ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\My PC\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://media2.selfcast.com/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://m6video.m6.fr/1click/install/files/installer2.ca...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 13208 bytes
    17 Octobre 2007 14:32:01

    ok

    on termine

    ~Télécharge AVG anti-spyware.
    http://www.ewido.net/en/download/
    ~Mets le à jour.

    ~Télécharge CCleaner:

    http://www.filehippo.com/download_ccleaner/

    ~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"


    1

    Redémarre en mode sans échec. (f8 au démarrage)

    2


    ~Lance CCleaner:

    Clique sur le bouton chercher les erreurs, tu fais « réparer les erreurs »
    Clique sur le bouton nettoyage, tu fais « lancer le nettoyage ».


    3

    ~Lance AVG anti-spyware.

    ~Dans l’onglet analyse, dans Paramètre, clique sur Actions recommandées : choisis Quarantaine.

    ~Clique sur Analyse puis Analyse complète du système pour commencer le scan.

    ~Une fois que le scan est terminé, clique sur Appliquer toutes les actions, pour supprimer tous les fichiers infectés trouvés par AVG Anti-Spyware.

    ~Une fois que la suppression des fichiers infectés a été faite, clique sur enregistrer le rapport et sauvegarde-le sur le bureau.
    ~Redémarre normalement

    4


    ~Copie/Colle le rapport AVG anti-spyware.

    +++++++++++++++++++++++++++++++++
    Tuto de CCleaner: (merci à Malekal) .
    http://www.malekal.com/tutorial_CCleaner.html

    TutoAVG antispyware : (merci à Malekal) .
    http://www.malekal.com/tutorial_AVG_AntiSpyware.html


    17 Octobre 2007 16:04:18

    Voilà le rapport ;) 

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 15:10:30 17/10/2007

    + Résultat de l'analyse:



    C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP185\A0072307.exe -> Downloader.Alphabet.aa : Nettoyé et sauvegardé (mise en quarantaine).


    Fin du rapport
    17 Octobre 2007 16:07:53

    parfait
    une dernière vérification et c'est bon.


    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://webscanner.kaspersky.fr/

    ~ Clique sur Online Scanner.
    ~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

    ~Sélectionne le poste de travail comme analyse.

    ~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

    Aide

    +++++++++++++++

    tu ajouteras un dernier log hijackthis
    17 Octobre 2007 20:04:33

    voilà

    <html>
    <head>
    <title>KASPERSKY ON-LINE SCANNER REPORT</title>
    <meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
    </head>

    <style>
    .pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
    .text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
    TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
    </style>

    <body>
    <table width='100%' height='110' border='0'>
    <tr height='30' align='center' bgcolor='#005447'>
    <td colspan='2' height='30' class='pagetitle'>
    <b>KASPERSKY ON-LINE SCANNER REPORT</b>
    </td>
    </tr>
    <tr height='70'>
    <td colspan='2' height='70'>
    Wednesday, October 17, 2007 8:03:20 PM<br>
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)<br>
    Kaspersky On-line Scanner version : 5.0.83.0<br>
    Dernière mise à jour de la base antivirus Kaspersky : 17/10/2007<br>
    Enregistrements dans la base antivirus Kaspersky : 410607<br>
    </td>
    </tr>
    <tr height='10'>
    <td colspan='2' height='10'>
    </td>
    </tr>
    </table>
    <table width='100%' height='145' border='0'>
    <tr height='20' bgcolor='#EFEBDE'>
    <td colspan='2' height='20'><b>Paramètres d'analyse</b></td>
    </tr>
    <tr height='15'>
    <td height='15' width='250'>Analyser avec la base antivirus suivante</td>
    <td>standard</td>
    </tr>
    <tr height='15'>
    <td height='15'>Analyser les archives</td>
    <td>vrai</td>
    </tr>
    <tr height='15'>
    <td height='15'>Analyser les bases de messagerie</td>
    <td>vrai</td>
    </tr>
    <tr height='10'>
    <td colspan='2' height='10'>
    </td>
    </tr>
    <tr height='20' bgcolor='#EFEBDE'>
    <td height='20'><b>Cible de l'analyse</b></td>
    <td>Poste de travail</td>
    </tr>
    <tr height='20'>
    <td colspan='2' height='20'>
    A:\<br>
    C:\<br>
    D:\<br>
    E:\<br>
    F:\
    </td>
    </tr>
    <tr height='10'>
    <td colspan='2' height='10'>
    </td>
    </tr>
    <tr height='20' bgcolor='#EFEBDE'>
    <td colspan='2' height='20'><b>Statistiques de l'analyse</b></td>
    </tr>
    <tr height='15'>
    <td height='15'>Total d'objets analysés</td>
    <td>49206</td>
    </tr>
    <tr height='15'>
    <td height='15'>Nombre de virus trouvés</td>
    <td>0</td>
    </tr>
    <tr height='15'>
    <td height='15'>Nombre d'objets infectés</td>
    <td>0 / 0</td>
    </tr>
    <tr height='15'>
    <td height='15'>Nombre d'objets suspects</td>
    <td>0</td>
    </tr>
    <tr height='15'>
    <td height='15'>Durée de l'analyse</td>
    <td>00:36:40</td>
    </tr>
    </table>
    <br>
    <table width='100%' border='0'>
    <tr height='20' bgcolor='#EFEBDE'>
    <td height='20'><b>Nom de l'objet infecté</b></td>
    <td width='200'><b>Nom du virus</b></td>
    <td width='100'><b>Dernière action</b></td>
    </tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\LocalService\Cookies\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\LocalService\NTUSER.DAT </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\LocalService\ntuser.dat.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Cookies\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Historique\History.IE5\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Historique\History.IE5\MSHist012007101720071018\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temp\flaE75.tmp </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temp\flaE83.tmp </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temp\~DF608F.tmp </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temp\~DF609C.tmp </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temp\~DFDC20.tmp </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temp\~DFDC81.tmp </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temporary Internet Files\Content.IE5\2HYGDMO6\fb9b141ffa1c37456fea775e0f403dde[1] </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temporary Internet Files\Content.IE5\2HYGDMO6\NEW2_300x250_mychannel_fr[1].gif </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\NTUSER.DAT </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\My PC\ntuser.dat.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\NetworkService\Cookies\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\NetworkService\NTUSER.DAT </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Documents and Settings\NetworkService\ntuser.dat.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\itouch_crash_info.txt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\chandir.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\chandir.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\chn.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\chn.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\D0000000.FCS </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\inuse.txt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\L0000034.FCS </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\main.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_die.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_die.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_dnd.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_dnd.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_ext.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_ext.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_rcv.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\prs_rcv.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\storydb.dat </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\Program Files\Logitech\Desktop Messenger\8876480\Users\My PC\Data\storydb.idx </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\System Volume Information\MountPointManagerRemoteDatabase </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\System Volume Information\_restore{7EAD736E-A6C4-458B-B532-86B2ACDFE1EE}\RP192\change.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\Debug\PASSWD.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\SchedLgU.Txt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\SoftwareDistribution\EventCache\{A4770E12-3063-42F1-8BD4-38FBE1107857}.bin </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\SoftwareDistribution\ReportingEvents.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\Sti_Trace.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\CatRoot2\edb.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\CatRoot2\tmp.edb </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\AppEvent.Evt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\default </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\default.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\Internet.evt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\SAM </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\SAM.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\SecEvent.Evt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\SECURITY </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\SECURITY.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\software </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\software.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\SysEvent.Evt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\system </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\system.LOG </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\h323log.txt </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\wiadebug.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\wiaservc.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>C:\WINDOWS\WindowsUpdate.log </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td height='20'>D:\System Volume Information\MountPointManagerRemoteDatabase </td>
    <td>L'objet est verrouillé </td>
    <td>ignoré </td>
    </tr>
    <tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
    <tr height='20'>
    <td colspan='3' height='20'><b>Analyse terminée.</b></td>
    </tr>
    </table>
    </body>
    </html>


    et hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:04:12, on 17/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\Program Files\Ideazon\Zboard Software\Driver\Zboard.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\My PC\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ArchosLink] C:\Program Files\Archos\ArchosLink\ArchosLink.exe /swmin
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKLM\..\Policies\Explorer\Run: [ZboardTray] "C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe" /autolaunch
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: &Souscrire avec ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\My PC\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://media2.selfcast.com/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - http://m6video.m6.fr/1click/install/files/installer2.ca...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_aac.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 12742 bytes
    17 Octobre 2007 20:58:04

    re

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\My PC\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] 0.0.15.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://di.imgag.com/imgag/cp/install/Crusher.cab


    Clique sur Fix checked (en bas à gauche)

    Supprime tous les programmes installés pour la désinfection.
    Tu peux garder AVG - antispyware qui est le meilleur antispyware du moment. Au bout de 30 jours, tu perdras le bouclier résident et les mises à jours automatiques. Mais tu pourras le garder et le passer régulièrement en faisant les mises à jours manuellement.

    ~Tu devrais également utiliser régulièrement Ccleaner. (au moins toutes les semaines):


    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    18 Octobre 2007 17:16:25

    C'est fait , je vous remercie énormément et je suis très heureux que mon ordi soit devenus clean , je vous remercie infiniment ;) 
    18 Octobre 2007 17:29:43

    bon surf :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS