Votre question

[Résolu] cheval de troie et aware par msn

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Septembre 2007 18:14:56

bonjour,

voilà par le biais de msn j'ai attrapé un virus qui ralentit mon PC et m'ouvre des fenêtres publicitaires sans arrêt (tu veux voir mes photos de vacances et ma fille à cliqué sur oui et depuis je suis infecté) !! à priori avast a trouvé 2 "cheval de troie" et 1 aware, il m'a conseillé de les mettre en quarantaine ce que j'ai fait mais à chaque fois que j'allume mon PC ils reviennent !
j'ai vu sur votre forum que chaque cas est particulier c'est pourquoi je vous demande de bien vouloir m'aider mais je suis de niveau débutant.
Comptant sur une bonne âme pour m'aider à nettoyer mon PC

merci
ptitloup68

Autres pages sur : resolu cheval troie aware msn

a b 8 Sécurité
26 Septembre 2007 18:18:17

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
26 Septembre 2007 18:35:44

voilà le rapport en espérant que je ne me suis pas trompé dans les consignes
MSNFix 1.521

C:\Documents and Settings\PC\Mes documents\MSNFix\MSNFix
Fix exécuté le 26/09/2007 - 18:24:20,67 By PC
mode normal

************************ Recherche les fichiers présents

... C:\autorun.inf
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\system32\dllvirtual.exe

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\autorun.inf
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\system32\dllvirtual.exe



************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\PortableRoboForm.exe] A5764F626C391725245346E1A67EAA7F
[C:\windows-live-messenger_windows_live_messenger_8.1.0178.00_francais_19367.exe] 11D712DFC8557EAA1AF28D49FFE9DC07

==> SVP merci d'envoyer le fichier C:\DOCUME~1\PC\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 26092007_18295717.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
Contenus similaires
26 Septembre 2007 20:03:25

c'est fait et que dois-je faire maintenant ?
merci
a b 8 Sécurité
26 Septembre 2007 20:12:11

Supprime ces fichiers :
C:\PortableRoboForm.exe
C:\windows-live-messenger_windows_live_messenger_8.1.0178.00_francais_19367.exe

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
26 Septembre 2007 20:22:57

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:31, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\OpiStat\OpiStat\OpiStat.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\XCSyncML.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\program files\mailskinner\mailskinner.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\system32\XCSyncML.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ndankawx.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.downlo...
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7962 bytes
a b 8 Sécurité
26 Septembre 2007 20:23:34

Il y a encore des infections.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    26 Septembre 2007 20:49:06


    VundoFix V6.5.9

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 20:26:46 26/09/2007

    Listing files found while scanning....

    C:\windows\system32\gebcy.dll
    C:\WINDOWS\system32\hggdawx.dll
    C:\WINDOWS\system32\ndankawx.dll
    C:\WINDOWS\system32\xwaknadn.ini
    C:\windows\system32\ycbeg.bak1
    C:\windows\system32\ycbeg.bak2
    C:\windows\system32\ycbeg.ini

    Beginning removal...

    Attempting to delete C:\windows\system32\gebcy.dll
    C:\windows\system32\gebcy.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\hggdawx.dll
    C:\WINDOWS\system32\hggdawx.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ndankawx.dll
    C:\WINDOWS\system32\ndankawx.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\xwaknadn.ini
    C:\WINDOWS\system32\xwaknadn.ini Has been deleted!

    Attempting to delete C:\windows\system32\ycbeg.bak1
    C:\windows\system32\ycbeg.bak1 Has been deleted!

    Attempting to delete C:\windows\system32\ycbeg.bak2
    C:\windows\system32\ycbeg.bak2 Has been deleted!

    Attempting to delete C:\windows\system32\ycbeg.ini
    C:\windows\system32\ycbeg.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\windows\system32\gebcy.dll
    C:\windows\system32\gebcy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hggdawx.dll
    C:\WINDOWS\system32\hggdawx.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ndankawx.dll
    C:\WINDOWS\system32\ndankawx.dll Has been deleted!

    Attempting to delete C:\windows\system32\ycbeg.ini
    C:\windows\system32\ycbeg.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.9

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 20:37:35 26/09/2007

    Listing files found while scanning....

    C:\windows\system32\hggdawx.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\hggdawx.dll
    C:\windows\system32\hggdawx.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    26 Septembre 2007 20:51:10

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:49:11, on 26/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
    C:\Program Files\OpiStat\OpiStat\OpiStat.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\XCSyncML.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MessengerSkinner\MessengerSkinner.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\program files\mailskinner\mailskinner.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {2C98B1FB-43B8-474C-BFB5-E4F6801300C6} - C:\WINDOWS\system32\gebcy.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\system32\XCSyncML.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.downlo...
    O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 8403 bytes
    a b 8 Sécurité
    26 Septembre 2007 20:56:37

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    &

    Désinstalle correctement Avast! pour le remplacer par AntiVir.
    Pourquoi changer ? Avast! vs AntiVir

    Fais un scan complet puis poste le rapport en fin d'analyse.
    AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
    26 Septembre 2007 22:01:20

    voilà déjà le rapport combofix
    ComboFix 07-09-21.2 - "PC" 2007-09-26 21:00:08.1 - NTFSx86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.34 [GMT 2:00]
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\check_LSA7.txt
    C:\DOCUME~1\PC\APPLIC~1\FunWebProducts
    C:\DOCUME~1\PC\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\PC\APPLIC~1\MessengerSkinner\Userdata\defaultPack.cab
    C:\DOCUME~1\PC\APPLIC~1\MessengerSkinner\Userdata\Install_MessengerSkinner.zip
    C:\DOCUME~1\PC\APPLIC~1\MessengerSkinner\Userdata\languages.xml
    C:\DOCUME~1\PC\APPLIC~1\MessengerSkinner\Userdata\languages_v2.xml
    C:\DOCUME~1\PC\APPLIC~1\MessengerSkinner\Userdata\pack1.cab
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\PopSwatr\History\allowed
    C:\Program Files\FunWebProducts\PopSwatr\History\notallow
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0030DCE9.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00B3FE8D.urr
    C:\Program Files\FunWebProducts\Shared\00F3F2DD.dat
    C:\Program Files\FunWebProducts\Shared\012D4F12.dat
    C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\Hotbar
    C:\Program Files\mailskinner
    C:\Program Files\mailskinner\anim_0.gif
    C:\Program Files\mailskinner\anim_help.gif
    C:\Program Files\mailskinner\autosmiley.xml
    C:\Program Files\mailskinner\Conditions générales.url
    C:\Program Files\mailskinner\Confidentialité.url
    C:\Program Files\mailskinner\MailSkinner.exe
    C:\Program Files\mailskinner\OLSkinner.dll
    C:\Program Files\mailskinner\uninst.exe
    C:\Program Files\mailskinner\Website.url
    C:\Program Files\messengerskinner
    C:\Program Files\messengerskinner\download\defaultPack.cab
    C:\Program Files\messengerskinner\MessengerSkinner.exe
    C:\Program Files\messengerskinner\MessengerSkinner.url
    C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
    C:\Program Files\messengerskinner\resources\appconfig.xml
    C:\Program Files\messengerskinner\resources\btn.rgn
    C:\Program Files\messengerskinner\resources\btnBnr.rgn
    C:\Program Files\messengerskinner\resources\btnIn.rgn
    C:\Program Files\messengerskinner\resources\btnInNormal.bmp
    C:\Program Files\messengerskinner\resources\btnInOver.bmp
    C:\Program Files\messengerskinner\resources\btnNormal.bmp
    C:\Program Files\messengerskinner\resources\btnNormal.gif
    C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
    C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
    C:\Program Files\messengerskinner\resources\btnOver.bmp
    C:\Program Files\messengerskinner\resources\btnOver.gif
    C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
    C:\Program Files\messengerskinner\resources\btnOverBnr.gif
    C:\Program Files\messengerskinner\resources\languages.xml
    C:\Program Files\messengerskinner\resources\languages_v2.xml
    C:\Program Files\messengerskinner\uninst.exe
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\000E2036
    C:\Program Files\MyWebSearch\bar\Cache\0010A441
    C:\Program Files\MyWebSearch\bar\Cache\0010AD49
    C:\Program Files\MyWebSearch\bar\Cache\0010AF3D.bin
    C:\Program Files\MyWebSearch\bar\Cache\00143A0A.bin
    C:\Program Files\MyWebSearch\bar\Cache\00143C9A.bin
    C:\Program Files\MyWebSearch\bar\Cache\00143EEC.bin
    C:\Program Files\MyWebSearch\bar\Cache\0014416C.bin
    C:\Program Files\MyWebSearch\bar\Cache\001443CE.bin
    C:\Program Files\MyWebSearch\bar\Cache\001445D1.bin
    C:\Program Files\MyWebSearch\bar\Cache\00144787.bin
    C:\Program Files\MyWebSearch\bar\Cache\00144D24.bin
    C:\Program Files\MyWebSearch\bar\Cache\00144EDA.bin
    C:\Program Files\MyWebSearch\bar\Cache\001736B0.bin
    C:\Program Files\MyWebSearch\bar\Cache\001738E2.bin
    C:\Program Files\MyWebSearch\bar\Cache\00173AE6.bin
    C:\Program Files\MyWebSearch\bar\Cache\00173CBB.bin
    C:\Program Files\MyWebSearch\bar\Cache\001749BB.bin
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\resources\languages.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\sqlite3.dll
    C:\Program Files\webmediaplayer\uninst.exe
    C:\Program Files\webmediaplayer\WebMediaPlayer.url
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\msskinner
    C:\WINDOWS\msskinner\msbackup.dat
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\cdykxrlqnj.dat
    C:\WINDOWS\system32\cdykxrlqnj.exe
    C:\WINDOWS\system32\cdykxrlqnj_nav.dat
    C:\WINDOWS\system32\cdykxrlqnj_navps.dat
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\fkccta.dat
    C:\WINDOWS\system32\fkccta_nav.dat
    C:\WINDOWS\system32\fkccta_navps.dat
    C:\WINDOWS\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-08-26 to 2007-09-26 ))))))))))))))))))))))))))))))))))))
    .

    2007-09-26 20:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-26 20:43 325,632 --a------ C:\WINDOWS\system32\jgfkvrlxik.exe
    2007-09-26 20:26 <REP> d-------- C:\VundoFix Backups
    2007-09-26 20:19 <REP> d-------- C:\Program Files\Trend Micro
    2007-09-21 10:29 <REP> d-------- C:\WINDOWS\pss
    2007-09-16 21:52 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
    2007-09-13 20:42 345,088 --a------ C:\WINDOWS\system32\sbewfa.exe
    2007-09-12 20:11 276,992 --a------ C:\WINDOWS\system32\ullluox.exe
    2007-09-05 18:23 <REP> d-------- C:\DOCUME~1\PC\APPLIC~1\Magic Academy
    2007-09-04 21:27 63 --a------ C:\WINDOWS\system32\netwbix32.dll
    2007-09-04 21:27 270,336 --a------ C:\WINDOWS\system32\csrzof.exe
    2007-09-03 20:46 643,896 --a------ C:\PortableRoboForm.exe
    2007-09-03 20:46 <REP> d-------- C:\RoboForm
    2007-09-03 20:46 <REP> d-------- C:\My RoboForm Data

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-26 17:25 --------- d-------- C:\Program Files\eMule
    2007-09-19 15:55 --------- d-------- C:\Program Files\Zylom Games
    2007-09-18 20:50 --------- d-------- C:\DOCUME~1\PC\APPLIC~1\Zylom
    2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-09-05 22:26 --------- d-------- C:\Program Files\Kyodai Mahjongg 2006
    2007-09-05 22:26 --------- d-------- C:\Program Files\Gamenext
    2007-08-20 16:57 --------- d-------- C:\Program Files\Dial-a-fix-v0.60.0.24
    2007-08-17 23:01 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SpinTop Games
    2007-08-17 00:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
    2007-08-14 23:02 --------- d-------- C:\DOCUME~1\PC\APPLIC~1\PlayFirst
    2007-08-12 22:27 --------- d-------- C:\DOCUME~1\PC\APPLIC~1\Mysteryville2
    2007-08-03 21:12 --------- d-------- C:\Program Files\Fichiers communs\Real
    2007-07-31 22:57 --------- d-------- C:\DOCUME~1\PC\APPLIC~1\7Wonders
    2007-07-30 22:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
    2007-07-28 23:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
    2007-07-28 21:43 --------- d-------- C:\DOCUME~1\PC\APPLIC~1\My Games
    2007-07-11 15:30 774144 --a------ C:\Program Files\RngInterstitial.dll
    2007-07-11 14:23 18898288 --a------ C:\windows-live-messenger_windows_live_messenger_8.1.0178.00_francais_19367.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C98B1FB-43B8-474C-BFB5-E4F6801300C6}]
    C:\WINDOWS\system32\gebcy.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSPower"="SiSPower.dll" [2005-05-26 05:01 C:\WINDOWS\system32\SiSPower.dll]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]
    "My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "OpiStat"="C:\Program Files\OpiStat\OpiStat\OpiStat.exe" [2006-01-19 01:00]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "XCSyncML"="C:\WINDOWS\system32\XCSyncML.exe" [2005-07-14 10:07]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
    "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53]

    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
    Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-02-06 18:42:09]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= :\WINDOW

    R1 nmconpid;nmconpid;C:\WINDOWS\system32\drivers\nmconpid.sys
    S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\archbus.sys
    S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;C:\WINDOWS\system32\DRIVERS\archmdfl.sys
    S3 archmdm;NEC WMC USB_BJ1 Modem Drivers;C:\WINDOWS\system32\DRIVERS\archmdm.sys
    S3 archobex;NEC WMC USB_BJ1 OBEX Interface Drivers (WDM);C:\WINDOWS\system32\DRIVERS\archobex.sys
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-26 21:08:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-26 21:12:04 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-26 21:11
    .
    --- E O F ---
    et maintenant je vais relancer mon PC en mode sans échec car j'ai enlevé avast et mis antivir et dès que c'est fait je poste le rapport

    merci
    a b 8 Sécurité
    26 Septembre 2007 22:06:33

    Re,

    Oki :p 
    27 Septembre 2007 10:04:49

    bonjour,

    desolé de ne plus avoir donné signe de vie hier soir mais le scan a duré longtemps er du coup j'ai continué ce matin, alors voilà les rapports d'Antivir :


    AntiVir PersonalEdition Classic
    Report file date: jeudi 27 septembre 2007 09:12

    Scanning for 855675 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: PC
    Computer name: PC-CCEC73A3EE6F

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 21:48:59
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 21:49:00
    ANTIVIR2.VDF : 7.0.0.4 174592 Bytes 24/09/2007 21:49:00
    ANTIVIR3.VDF : 7.0.0.21 113664 Bytes 26/09/2007 21:49:00
    AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 26/09/2007 21:49:01
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 27 septembre 2007 09:12

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sistray.exe' - '1' Module(s) have been scanned
    Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'XCSyncML.exe' - '1' Module(s) have been scanned
    Scan process 'OpiStat.exe' - '1' Module(s) have been scanned
    Scan process 'SMax4.exe' - '1' Module(s) have been scanned
    Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    28 processes with 28 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '31' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Application Data\MixLies014\medianoun.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [INFO] The file was moved to '475f586d.qua'!
    C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Ciadoor.AR.200 Backdoor server programs
    [INFO] The file was moved to '474e5ff6.qua'!
    C:\VundoFix Backups\gebcy.dll.bad
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '475d600b.qua'!
    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: jeudi 27 septembre 2007 09:54
    Used time: 42:09 min

    The scan has been done completely.

    7761 Scanning directories
    219579 Files were scanned
    3 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    3 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    219576 Files not concerned
    1285 Archives were scanned
    1 Warnings
    0 Notes

    et voilà le rapport de hier soir :


    AntiVir PersonalEdition Classic
    Report file date: mercredi 26 septembre 2007 22:08

    Scanning for 1036370 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: PC
    Computer name: PC-CCEC73A3EE6F

    Version information:
    BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:32:40
    ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 11:32:46
    ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 16:21:02
    ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 06:22:36
    AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 16:09:10
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 26 septembre 2007 22:08

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '32' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Application Data\MixLies014\medianoun.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [INFO] The file was moved to '475ebca8.qua'!
    C:\Documents and Settings\Anaïs_2\Mes documents\InternetGameBox\uninst.exe
    [DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.1
    [INFO] The file was moved to '4763bd8e.qua'!
    C:\Documents and Settings\PC\Mes documents\ComboFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> setpath.cfexe
    [DETECTION] Contains suspicious code HEUR/Malware
    [INFO] The file was moved to '4767bdfa.qua'!
    C:\qoobox\Quarantine\C\Program Files\MailSkinner\MailSkinner.exe.vir
    [DETECTION] Is the Trojan horse TR/Skintrim.A.1
    [INFO] The file was moved to '4763ca6f.qua'!
    C:\qoobox\Quarantine\C\Program Files\MailSkinner\OLSkinner.dll.vir
    [DETECTION] Is the Trojan horse TR/Skintrim.A.2
    [INFO] The file was moved to '474dca5e.qua'!
    C:\qoobox\Quarantine\C\Program Files\MessengerSkinner\uninst.exe.vir
    [DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.7
    [INFO] The file was moved to '4763ca85.qua'!
    C:\VundoFix Backups\hggdawx.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '4761ca89.qua'!


    End of the scan: mercredi 26 septembre 2007 23:07
    Used time: 59:45 min

    The scan has been canceled!

    6055 Scanning directories
    183434 Files were scanned
    6 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    7 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    183428 Files not concerned
    1014 Archives were scanned
    1 Warnings
    0 Notes

    Y a-t'il encore des virus d'après toi ?

    merci
    a b 8 Sécurité
    27 Septembre 2007 15:40:04

    Reposte un rapport Hijackthis.
    28 Septembre 2007 00:28:08

    bsr,
    voilà mon rapport enfin celui de Hijackthis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:25:54, on 28/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\OpiStat\OpiStat\OpiStat.exe
    C:\WINDOWS\system32\XCSyncML.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {2C98B1FB-43B8-474C-BFB5-E4F6801300C6} - C:\WINDOWS\system32\gebcy.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe
    O4 - HKLM\..\Run: [XCSyncML] C:\WINDOWS\system32\XCSyncML.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.downlo...
    O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7562 bytes
    28 Septembre 2007 14:07:43

    Est-ce que mon PC est nettoyé maintenant ?

    et encore merci pour tout Angeldark
    a b 8 Sécurité
    28 Septembre 2007 18:29:13

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {2C98B1FB-43B8-474C-BFB5-E4F6801300C6} - C:\WINDOWS\system32\gebcy.dll (file missing)
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing) O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    28 Septembre 2007 18:46:58

    re,
    voilà c'est fait et encore merci pour tout car j'ai l'impression que mon PC à retrouvé une nouvelle jeunesse en vitesse ( c'est plus le grand père d'y a quelques jours lol )
    et Antivir fait très bien son travail mieux que Avast !! je vais le conseiller
    merci
    ptitloup68
    a b 8 Sécurité
    28 Septembre 2007 18:54:31

    D'autres questions ?
    28 Septembre 2007 18:59:07

    non tout est vraiment parfait maintenant et encore MERCI pour tout

    ptitloup68
    a b 8 Sécurité
    28 Septembre 2007 19:10:45

    Bon surf :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS