Se connecter / S'enregistrer
Votre question

A l'aide adware virtumonde!!!

Tags :
  • Adware
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Juillet 2007 20:24:30

Voila mon antivirus (bullguard) me dit qu'il a repéré un virus "adware virtumonde". Il me dit que je ne suis pas infecté, mais il ne sait pas le réparer ou le supprimer que dois-je faire???

Autres pages sur : aide adware virtumonde

a b 8 Sécurité
4 Juillet 2007 22:08:31

Un bonjour ?

Bullguard n'est pas un bon antivirus.

Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.

Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :

  • Edition / Sélectionner tout
  • Edition / Copier
  • Clique-Droit / Coller dans ta réponse

    AIDE : Tuto en vidéo sur Hijackthis
    4 Juillet 2007 22:25:51

    Oui désolé, ca me stresse tellement ce virus que j'en perd mes bonnes manières!!! Grand bonjour à tous et encore merci de votre aide!!!

    Voila ce que j'obtiens

    Logfile of HijackThis v1.99.1
    Scan saved at 22:23:55, on 4/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ZipGenius 6\zipgenius.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZGTemp\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.public.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Office network : Le pc de sophie pour ses 20 ans
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A8D3D5E0-3AC1-64B3-6CB7-1A220F04A437} - C:\DOCUME~1\ADMINI~1\APPLIC~1\COMPBA~1\burnsurf.exe (file missing)
    O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\yayyxww.dll
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Administrateur\Mes documents\jeux\ErrorSafeScannerInstall_fr.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HelpHole] C:\DOCUME~1\ADMINI~1\APPLIC~1\PEAK64~1\Boob Bait.exe
    O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
    O4 - HKCU\..\Run: [ChocolatierSetup.exe] C:\DOCUME~1\ADMINI~1\MESDOC~1\jeux\CHOCOL~1.EXE /r
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AA760512-9BD8-4B1B-9E7A-DD9BBE3CF119} - http://front.boonty.com/Prometheus/PandoraX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.c...
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: yayyxww - C:\WINDOWS\SYSTEM32\yayyxww.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

    Encore merci!!!
    Contenus similaires
    4 Juillet 2007 22:27:20

    ah oui j'utilise mozilla firefox et non pas internet explorer

    Merciiii :) 
    a b 8 Sécurité
    4 Juillet 2007 22:35:26

    Re,

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    4 Juillet 2007 22:55:56

    Merci beaucoup, je ferais ça demain sans faute!!

    Bonne soirée.
    a b 8 Sécurité
    5 Juillet 2007 11:39:49

    Ok, pas de problème :) 
    5 Juillet 2007 15:58:23

    Bonjour,

    Voila ce que j'obtiens avec vundo


    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Scan started at 22:54:18 4/07/2007

    Listing files found while scanning....


    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Scan started at 15:43:23 5/07/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\yayyxww.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\yayyxww.dll
    C:\WINDOWS\system32\yayyxww.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.4

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Scan started at 15:49:05 5/07/2007

    Listing files found while scanning....

    C:\windows\system32\yayyxww.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\yayyxww.dll
    C:\windows\system32\yayyxww.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    5 Juillet 2007 15:59:45

    Et voila le rapport hijack

    Logfile of HijackThis v1.99.1
    Scan saved at 15:59:10, on 5/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ZipGenius 6\zipgenius.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZGTemp\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.public.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Office network : Le pc de sophie pour ses 20 ans
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A8D3D5E0-3AC1-64B3-6CB7-1A220F04A437} - C:\DOCUME~1\ADMINI~1\APPLIC~1\COMPBA~1\burnsurf.exe (file missing)
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Administrateur\Mes documents\jeux\ErrorSafeScannerInstall_fr.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HelpHole] C:\DOCUME~1\ADMINI~1\APPLIC~1\PEAK64~1\Boob Bait.exe
    O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
    O4 - HKCU\..\Run: [ChocolatierSetup.exe] C:\DOCUME~1\ADMINI~1\MESDOC~1\jeux\CHOCOL~1.EXE /r
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AA760512-9BD8-4B1B-9E7A-DD9BBE3CF119} - http://front.boonty.com/Prometheus/PandoraX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.c...
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

    Merci
    a b 8 Sécurité
    5 Juillet 2007 16:43:37

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    5 Juillet 2007 22:13:56

    Re,

    Voila ce que j'obtiens

    "Administrateur" - 2007-07-05 22:33:01 - ComboFix 07-07-04.4 - Service Pack 2


    ((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))


    2007-07-05 22:22 528 --a------ C:\CFCleanUp.bat
    2007-07-05 17:24 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-04 22:54 <REP> d-------- C:\VundoFix Backups
    2007-07-04 22:13 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
    2007-07-04 21:19 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-07-04 21:17 0 --a------ C:\WINDOWS\nsreg.dat
    2007-07-04 20:42 <REP> d-------- C:\Program Files\Yahoo!
    2007-07-04 20:42 <REP> d-------- C:\Program Files\CCleaner
    2007-07-04 14:51 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Gamelab
    2007-07-04 13:09 <REP> d-------- C:\Program Files\bfgclient
    2007-07-04 13:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
    2007-07-03 00:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
    2007-07-03 00:25 164 --a------ C:\install.dat
    2007-07-03 00:24 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Webroot
    2007-07-02 23:35 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-06-27 21:47 <REP> d-------- C:\Program Files\Zylom Games
    2007-06-25 16:02 <REP> d-------- C:\Program Files\DivX
    2007-06-25 12:57 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
    2007-06-25 12:57 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
    2007-06-25 12:57 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
    2007-06-25 12:57 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
    2007-06-25 12:57 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
    2007-06-25 12:57 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2007-06-25 12:57 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
    2007-06-22 16:33 <REP> d-------- C:\Program Files\iPod
    2007-06-20 22:54 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sandlot Games
    2007-06-15 16:31 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Canvas Multi-Media
    2007-06-10 14:06 <REP> d-------- C:\Program Files\Windows Live
    2007-06-06 11:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\My Games
    2007-06-06 11:29 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\gemsweeperextractedgfx


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-05 14:41:35 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Zylom
    2007-07-04 18:59:28 -------- d-----w C:\Program Files\Google
    2007-07-04 11:09:08 -------- d-----w C:\Program Files\Fichiers communs\Real
    2007-07-04 11:08:00 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
    2007-07-04 10:59:07 -------- d-----w C:\Program Files\Picasa2
    2007-07-02 22:19:10 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-02 22:09:12 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\BullGuard
    2007-06-29 17:35:48 -------- d-----w C:\Program Files\Oberon Media
    2007-06-27 19:49:03 -------- d-----w C:\Program Files\Shockwave.com
    2007-06-26 12:17:26 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-25 11:31:52 -------- d-----w C:\Program Files\Electronic Arts
    2007-06-22 14:35:16 -------- d-----w C:\Program Files\iTunes
    2007-06-22 14:24:23 -------- d-----w C:\Program Files\QuickTime
    2007-06-22 14:18:32 -------- d-----w C:\Program Files\Apple Software Update
    2007-06-16 11:54:05 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\PlayFirst
    2007-06-14 14:03:56 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Beep Industries
    2007-06-10 12:06:10 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-05-28 12:17:48 186 ----a-w C:\WINDOWS\popcinfo.dat
    2007-05-24 09:16:40 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Ohana Games
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2006-09-09 09:59:41 56 --sh--r C:\WINDOWS\system32\97682A230D.sys
    2006-09-09 09:59:48 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2001-03-02 12:02 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8D3D5E0-3AC1-64B3-6CB7-1A220F04A437}]
    C:\DOCUME~1\ADMINI~1\APPLIC~1\COMPBA~1\burnsurf.exe

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F62A47A7-4CA3-9D00-95A3-6724d43a9E8C}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-06-10 13:12 C:\WINDOWS\SOUNDMAN.EXE]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 03:52]
    "NI.UERSV_0001_LP"="C:\Documents and Settings\Administrateur\Mes documents\jeux\ErrorSafeScannerInstall_fr.exe" []
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 14:12]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 01:15]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-25 15:19]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "HelpHole"="C:\DOCUME~1\ADMINI~1\APPLIC~1\PEAK64~1\Boob Bait.exe" []
    "Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" []
    "MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2006-04-19 11:20]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-05-25 13:07]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
    "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2006-11-15 21:27]
    "ChocolatierSetup.exe"="C:\DOCUME~1\ADMINI~1\MESDOC~1\jeux\CHOCOL~1.exe" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    "Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
    path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
    backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
    backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\first draw dvd title]
    C:\Documents and Settings\All Users\Application Data\knob bend first draw\puresoft.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpHole]
    C:\DOCUME~1\ADMINI~1\APPLIC~1\PEAK64~1\Boob Bait.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iahzjskrg]
    c:\windows\system32\iahzjskrg.exe -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
    rundll32.exe p2esocks_1025.dll,InstantAccess

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    Logi_MwX.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
    RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bg5 BGMainSvc BsFileSpy BsMailProxy BsFirewall


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 15:00:00 C:\WINDOWS\tasks\AA1F97A491840C4C.job
    2007-07-05 20:10:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-05 22:36:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-05 22:37:28

    --- E O F ---

    Merci encore!
    a b 8 Sécurité
    6 Juillet 2007 11:47:38

    Re,

    Télécharge LopResearch.zip
    Dézippe-le sur ton Bureau uniquement.
    Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
    Un rapport sera généré, poste son contenu ici.
    6 Juillet 2007 15:32:54

    Bonjour,

    Voila ce que j'obtiens suite a lopresearch

    Rapport fait à 15:31:58,15 le ven. 06/07/2007

    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est B4CE-CCB4

    R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

    04/07/2007 22:13 <REP> Talkback
    04/07/2007 21:17 <REP> Mozilla
    04/07/2007 14:51 <REP> Gamelab
    03/07/2007 00:24 <REP> Webroot
    23/06/2007 17:51 15 config.tcf
    20/06/2007 22:54 <REP> Sandlot Games
    15/06/2007 16:31 <REP> Canvas Multi-Media
    06/06/2007 11:29 <REP> gemsweeperextractedgfx
    24/05/2007 11:16 <REP> Ohana Games
    10/04/2007 14:53 <REP> ScreenSeven
    18/03/2007 17:07 <REP> Screenshot Sender
    02/02/2007 18:55 <REP> Chicken Chase
    21/01/2007 14:22 <REP> Gaijin Ent
    29/12/2006 18:02 33 pcouffin.log
    29/12/2006 18:02 87608 ezpinst.exe
    29/12/2006 18:02 7824 pcouffin.cat
    29/12/2006 18:02 47360 pcouffin.sys
    29/12/2006 18:02 1144 pcouffin.inf
    19/11/2006 16:56 <REP> Bitbliss Studios
    15/11/2006 21:21 <REP> BullGuard
    05/10/2006 13:22 <REP> Balloon Express
    16/09/2006 19:30 <REP> iWin
    08/09/2006 19:05 <REP> Corel
    05/09/2006 11:26 <REP> ZipGenius
    17/08/2006 11:12 <REP> Beep Industries
    10/08/2006 11:16 <REP> Opera
    04/08/2006 15:18 <REP> Ahead
    04/08/2006 10:33 <REP> CopyToDvd
    04/08/2006 10:33 <REP> Vso
    25/07/2006 15:32 <REP> Norbyte
    19/06/2006 15:02 316 bbbconfig.dat
    19/06/2006 15:02 <REP> MysteryStudio
    16/06/2006 15:38 <REP> Google
    28/05/2006 11:59 2141 QuickZip45.ini
    20/05/2006 13:48 <REP> comp barb user
    15/05/2006 16:52 <REP> Jasc
    17/02/2006 17:28 <REP> 7Wonders
    13/02/2006 16:21 <REP> RealArcade
    13/01/2006 17:06 <REP> alawar
    07/01/2006 11:44 <REP> Azureus
    06/12/2005 20:29 <REP> Magic Match
    04/11/2005 19:14 <REP> EA
    30/08/2005 17:44 <REP> Raptisoft
    16/08/2005 15:04 <REP> Incredible Ink
    15/08/2005 12:15 <REP> vlc
    23/07/2005 20:25 <REP> Wildfire
    14/07/2005 17:08 <REP> Musicmatch
    09/06/2005 19:03 <REP> PlayFirst
    09/06/2005 19:03 <REP> Mind Control Software
    29/05/2005 00:00 <REP> Apple Computer
    23/05/2005 15:46 <REP> Real
    31/03/2005 12:46 3932214 Wallpaper.BMP
    22/02/2005 17:55 <REP> Lavasoft
    22/11/2004 22:52 <REP> funkitron
    19/10/2004 21:59 <REP> Peak64Lies
    16/10/2004 17:24 <REP> Help
    02/10/2004 17:45 <REP> Zylom
    30/09/2004 17:36 <REP> Adobe
    30/09/2004 17:36 <REP> InterTrust
    27/09/2004 18:57 <REP> Sun
    26/09/2004 11:15 <REP> Kazaa Lite
    26/09/2004 10:58 <REP> Copernic
    25/09/2004 12:12 <REP> Microsoft Web Folders
    25/09/2004 12:00 <REP> Macromedia
    25/09/2004 11:41 <REP> Symantec
    24/09/2004 18:24 <REP> Identities
    24/09/2004 18:24 62 desktop.ini
    24/09/2004 18:24 <REP> ..
    24/09/2004 18:24 <REP> .
    24/09/2004 18:24 <REP> Microsoft
    10 fichier(s) 4078717 octets
    60 R‚p(s) 69928534016 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est B4CE-CCB4

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    04/07/2007 13:09 <REP> BigFishGamesCache
    03/07/2007 00:29 <REP> PC Tools
    06/06/2007 11:29 <REP> My Games
    30/05/2007 13:50 <REP> NannyMania
    26/03/2007 12:23 <REP> InterAction studios
    11/01/2007 16:23 <REP> TangleBee - BigFish
    23/12/2006 11:39 <REP> HipSoft
    15/11/2006 21:21 <REP> BullGuard
    13/11/2006 18:19 <REP> EA
    02/11/2006 17:03 <REP> SpinTop Games
    13/10/2006 18:22 <REP> MumboJumbo
    05/10/2006 13:16 <REP> Forge of Games
    16/09/2006 19:30 <REP> iWin
    08/09/2006 19:06 <REP> InstallShield
    09/08/2006 22:00 <REP> Adobe Systems
    09/08/2006 21:50 <REP> Adobe
    25/07/2006 15:32 <REP> Norbyte
    17/05/2006 19:24 <REP> Windows Genuine Advantage
    28/10/2005 15:11 <REP> PlayFirst
    14/10/2005 18:51 <REP> Sandlot Games
    13/10/2005 21:01 1751 QTSBandwidthCache
    13/10/2005 20:59 <REP> Apple Computer
    12/09/2005 16:37 <REP> Oberon Media
    31/07/2005 18:09 <REP> Trymedia
    26/05/2005 15:29 <REP> Zylom
    23/05/2005 16:18 <REP> GameHouse
    18/05/2005 16:19 <REP> BOONTY
    16/05/2005 14:14 <REP> eXPert PDF
    13/05/2005 18:56 <REP> Messenger Plus!
    19/01/2005 21:23 <REP> Evalution Customer
    19/01/2005 19:15 <REP> SC Test Branding 1
    22/10/2004 19:55 <REP> Macrovision
    19/10/2004 21:59 <REP> knob bend first draw
    18/10/2004 16:07 <REP> Kazaa
    30/09/2004 17:36 <REP> OLYMPUS
    30/09/2004 17:32 <REP> QuickTime
    27/09/2004 17:42 <REP> ACD Systems
    25/09/2004 13:39 <REP> DVD Shrink
    25/09/2004 11:40 <REP> Symantec
    24/09/2004 19:07 62 desktop.ini
    24/09/2004 19:07 <REP> Microsoft
    24/09/2004 19:07 <REP> .
    24/09/2004 19:07 <REP> ..
    2 fichier(s) 1813 octets
    41 R‚p(s) 69928529920 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est B4CE-CCB4

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    24/09/2004 19:07 62 desktop.ini
    24/09/2004 19:07 <REP> ..
    24/09/2004 19:07 <REP> Microsoft
    24/09/2004 19:07 <REP> .
    1 fichier(s) 62 octets
    3 R‚p(s) 69928529920 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est B4CE-CCB4

    R‚pertoire de C:\WINDOWS\Tasks

    31/03/2007 16:58 284 AppleSoftwareUpdate.job
    20/05/2006 13:48 280 AA1F97A491840C4C.job
    24/09/2004 18:16 6 SA.DAT
    24/09/2004 18:14 65 desktop.ini
    24/09/2004 18:14 <REP> ..
    24/09/2004 18:14 <REP> .
    4 fichier(s) 635 octets
    2 R‚p(s) 69.928.529.920 octets libres

    ******************************************
    Listing des dossiers dans C:\Program Files

    Adobe
    Agnitum
    Ahead
    Apple Software Update
    AviSynth 2.5
    AvRack
    Baby Drive
    BFG
    bfgclient
    BullGuard Software
    CCleaner
    Common files
    Copernic Agent
    Cosmo Bots
    Custom Technology
    directx
    DivX
    DVD Shrink
    EA Games
    Electronic Arts
    eRightSoft
    EZFace
    Fichiers communs
    Foreignword
    FunWebProducts
    GIMP-2.0
    Google
    IncrediMail
    Internet Explorer
    iPod
    iTunes
    Jasc Software Inc
    Java
    Keronsoft
    KraiSoft
    Lavasoft
    Logitech
    messenger
    Messenger Plus! 3
    Messenger Plus! Live
    microsoft frontpage
    Microsoft Office
    Microsoft Visual Studio
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSN
    MSN Gaming Zone
    MSN Messenger
    Musicmatch
    Nero
    NetMeeting
    Oberon Media
    OLYMPUS
    Outlook Express
    Paint.NET
    PhotoFiltre
    photofiltre_photofiltre_6.2.5_francais_10731.exe
    Picasa2
    Pixiphot
    Pochette r12 ESSAI
    QuickTime
    Real
    Realtek Sound Manager
    Red Kawa
    ReflexiveArcade
    RngInterstitial.dll
    Services en ligne
    Shockwave.com
    Symantec
    SymNetDrv
    Trust
    Trymedia
    VIA
    VideoLAN
    Visage
    vso
    WallMaster
    WildTangent
    Windows Journal Viewer
    Windows Live
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    WinZip
    xerox
    Yahoo!
    ZipGenius 6
    zipgenius_zipgenius_6.0.2.1060_anglais_12759.exe
    Zylom Games
    ******************************************
    Recherche des dossiers/fichiers LOP

    C:\WINDOWS\tasks\AA1F97A491840C4C.job Présent !
    ******************************************
    Recherche d'infections connues

    Pas d'infection reconnue
    ******************************************
    Vérification du fichier HOSTS

    Fichier Hosts : Propre
    *************** Fin du Rapport - Version 0.9 ****************

    Vraiment merci encore!!! :) 
    a b 8 Sécurité
    6 Juillet 2007 15:45:33

    Désinstalle Bullguard puis reposte un rapport Hijackthis.
    6 Juillet 2007 15:50:28

    si je le désinstalle je n'aurais plus d'antivirus

    et je sais pas comment le remettre?!
    6 Juillet 2007 15:58:01

    sais tu me proposer un autre antivirus gratuit??? a la place de bullguard?
    a b 8 Sécurité
    6 Juillet 2007 16:39:53

    Antivir :) 
    7 Juillet 2007 16:25:39

    Hello,

    Voila ce que j'obtiens après la désinstallation de bullguard!!!


    Logfile of HijackThis v1.99.1
    Scan saved at 16:24:42, on 7/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ZipGenius 6\zipgenius.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZGTemp\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.public.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A8D3D5E0-3AC1-64B3-6CB7-1A220F04A437} - C:\DOCUME~1\ADMINI~1\APPLIC~1\COMPBA~1\burnsurf.exe (file missing)
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Administrateur\Mes documents\jeux\ErrorSafeScannerInstall_fr.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HelpHole] C:\DOCUME~1\ADMINI~1\APPLIC~1\PEAK64~1\Boob Bait.exe
    O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ChocolatierSetup.exe] C:\DOCUME~1\ADMINI~1\MESDOC~1\jeux\CHOCOL~1.EXE /r
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AA760512-9BD8-4B1B-9E7A-DD9BBE3CF119} - http://front.boonty.com/Prometheus/PandoraX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.c...
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

    a b 8 Sécurité
    7 Juillet 2007 17:24:05

    Et Antivir ?
    7 Juillet 2007 17:24:56

    je l'ai installé après le hijack
    7 Juillet 2007 17:29:39

    j'ai fait un scan et j'ai copié le rapport.

    Voila ce que j obtiens

    (je ne sais pas si c'est utile mais bon! lol)




    AntiVir PersonalEdition Classic
    Report file date: samedi 7 juillet 2007 16:41

    Scanning for 867668 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Administrateur
    Computer name: PERSONNE-CGUMDR

    Version information:
    BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
    AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
    AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
    LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
    LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
    ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21/05/2007 14:32:51
    ANTIVIR2.VDF : 6.39.0.76 1002496 Bytes 29/06/2007 14:32:51
    ANTIVIR3.VDF : 6.39.0.110 175104 Bytes 7/07/2007 14:32:51
    AVEWIN32.DLL : 7.4.0.39 2482688 Bytes 7/07/2007 14:32:52
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.13 360488 Bytes 7/07/2007 14:32:52
    AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
    AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
    AVARKT.DLL : 1.0.0.17 278568 Bytes 2/05/2007 10:32:26
    NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
    RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 7 juillet 2007 16:41

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'mmtask.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'iTouch.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'Lexpps.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'LexBceS.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    33 processes with 33 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!
    Boot sector 'F:\'
    [NOTE] In the drive 'F:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '22' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\VundoFix Backups\yayyxww.dll.bad
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was deleted!
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'D:\'
    Search path D:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: samedi 7 juillet 2007 17:20
    Used time: 39:23 min

    The scan has been done completely.

    6013 Scanning directories
    267951 Files were scanned
    1 viruses and/or unwanted programs were found
    0 classified as suspicious:
    1 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    267950 Files not concerned
    1895 Archives were scanned
    2 Warnings
    2 Notes
    0 Hidden objects were found

    a b 8 Sécurité
    7 Juillet 2007 18:21:47

    Reposte un rapport Hijackthis.
    7 Juillet 2007 18:26:03

    Voila


    Logfile of HijackThis v1.99.1
    Scan saved at 18:25:47, on 7/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ZipGenius 6\zipgenius.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZGTemp\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.public.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A8D3D5E0-3AC1-64B3-6CB7-1A220F04A437} - C:\DOCUME~1\ADMINI~1\APPLIC~1\COMPBA~1\burnsurf.exe (file missing)
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Administrateur\Mes documents\jeux\ErrorSafeScannerInstall_fr.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [HelpHole] C:\DOCUME~1\ADMINI~1\APPLIC~1\PEAK64~1\Boob Bait.exe
    O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ChocolatierSetup.exe] C:\DOCUME~1\ADMINI~1\MESDOC~1\jeux\CHOCOL~1.EXE /r
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {AA760512-9BD8-4B1B-9E7A-DD9BBE3CF119} - http://front.boonty.com/Prometheus/PandoraX.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.c...
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Evaluation Service - Evalution Customer - C:\Program Files\Fichiers communs\Evalution Customer Shared\Service\Evaluation Service FileName.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe

    a b 8 Sécurité
    7 Juillet 2007 18:36:36

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A8D3D5E0-3AC1-64B3-6CB7-1A220F04A437} - C:\DOCUME~1\ADMINI~1\APPLIC~1\COMPBA~1\burnsurf.exe (file missing)
    O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
    O4 - HKLM\..\Run: [NI.UERSV_0001_LP] "C:\Documents and Settings\Administrateur\Mes documents\jeux\ErrorSafeScannerInstall_fr.exe"
    O4 - HKCU\..\Run: [HelpHole] C:\DOCUME~1\ADMINI~1\APPLIC~1\PEAK64~1\Boob Bait.exe


    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\Documents and Settings\Administrateur\Application Data\gemsweeperextractedgfx
    C:\Documents and Settings\Administrateur\Application Data\Peak64Lies
    C:\Documents and Settings\Administrateur\Application Data\comp barb user
    C:\Documents and Settings\All Users\Application Data\knob bend first draw
    C:\Program Files\BullGuard Software
    C:\Program Files\FunWebProducts
    C:\WINDOWS\tasks\AA1F97A491840C4C.job


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    ->Informations sur le logiciel<-
    8 Juillet 2007 18:11:05

    Bonjour,

    Voila le rapport que j'obtiens!!!

    C:\Documents and Settings\Administrateur\Application Data\gemsweeperextractedgfx moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\Peak64Lies moved successfully.
    C:\Documents and Settings\Administrateur\Application Data\comp barb user moved successfully.
    C:\Documents and Settings\All Users\Application Data\knob bend first draw moved successfully.
    File/Folder C:\Program Files\BullGuard Software not found.
    C:\Program Files\FunWebProducts\Shared moved successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images moved successfully.
    C:\Program Files\FunWebProducts\ScreenSaver moved successfully.
    Folder move failed. C:\Program Files\FunWebProducts\PopSwatr\History\notallow scheduled to be moved on reboot.
    Folder move failed. C:\Program Files\FunWebProducts\PopSwatr\History\allowed scheduled to be moved on reboot.
    C:\Program Files\FunWebProducts\PopSwatr\History moved successfully.
    C:\Program Files\FunWebProducts\PopSwatr moved successfully.
    C:\Program Files\FunWebProducts\Installr moved successfully.
    C:\Program Files\FunWebProducts moved successfully.
    C:\WINDOWS\tasks\AA1F97A491840C4C.job moved successfully.

    Created on 07/08/2007 18:04:40


    encore et toujours merci pour l'aide!!!
    10 Juillet 2007 12:29:07

    Hello,

    Dois-je faire autre chose, ou mon problème est-il résolu???

    Merci
    10 Juillet 2007 14:01:30

    Bonjour


    Fais une analyse antivirus en ligne sur Kaspersky
    http://webscanner.kaspersky.fr/
    Clique sur Démarrer Online Scanner.
    Sélectionne le poste de travail comme analyse.
    Colle son rapport ici.
    10 Juillet 2007 14:28:15

    je n'arrive pas a faire aller ce programme.

    et je vais attendre la personne qui m'aide depuis le début!

    Mais merci quand même
    10 Juillet 2007 14:47:20

    y a rien a faire,

    quand je clique sur démarrer scan,
    la fenetre s'ouvre comme sur l'aide,

    mais ensuite j'ai une fenêtre qui s'ouvre chez moi en mettant connection à distance

    il la je déconnecte.

    donc ce programme ne fonctionne pas chez moi
    10 Juillet 2007 14:49:37

    il me fait travailler en hors connection

    que puis je faire d'autres?
    10 Juillet 2007 15:09:17

    Est tu passé par Internet Explorer ?
    10 Juillet 2007 16:15:27

    le lien panda fonctionne

    je suis en cours d'analyse

    j'envoie le rapport quand c'est fini

    merci
    11 Juillet 2007 10:55:43

    HI,

    Le lien panda fonctionne,

    Mais à chaque fois quand c'est terminé il me met qu'une erreur est survenue!!!

    Et l'autre lien ne fonctionne pas non plus!

    Désolé mais que puis-je faire d'autre?
    11 Juillet 2007 12:22:10

    ok je fais ca!
    11 Juillet 2007 14:42:32

    Voila ce que j'obtiens

    gendel32.exe C:\ Tool.Gendel
    11 Juillet 2007 22:46:35

    Est ce qu'il a été supprimé ?
    12 Juillet 2007 20:32:24

    bonjour,

    Oui j'ai réussi a la supprimer
    12 Juillet 2007 21:50:25

    As tu encore des dysfonctionnements ?
    13 Juillet 2007 18:50:20

    non aucun!

    C'est pour dire aussi que je pars en vacances demain très tot et que je ne serais pas de retour avant 15 jours!!!

    Donc si j'ai encore des problèmes je reviendrais à cette date là!!

    Encore merci pour l'aide apportée c'était vraiment superrrrr!!!

    Bye
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS