lyrco

Ok merci pour ta disponibilité et ta réactivité super boulot pour un super site

C'est bon pour C:\WINDOWS\system32\FreezeScreenSaver.exe Voila les rapports demandés Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2096 Windows 5.1.2600 Service Pack 3 09/05/2009 00:36:10 mbam-log-2009-05-09 (00-36-10).txt Type de recherche: Examen rapide Eléments examinés: 118362 Temps écoulé: 9 minute(s), 26 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:39:45, on 09/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU" O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [innxvpjm] C:\Documents and Settings\STEPH\Mes documents\F?nts\?srss.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220702492203 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153326480359 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe -- End of file - 13650 bytes

merci pour ta rapidité je n'ai pas réussi à supprimer C:\WINDOWS\system32\FreezeScreenSaver.exe (accès refusé) sinon voilà ce que tu as demandé Search Navipromo version 3.7.6 commencé le 08/05/2009 à 23:26:20,17 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3400+ ) BIOS : Default System BIOS USER : STEPH ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.26 (Activated) Firewall : Norton Internet Worm Protection 2006 (Activated) A:\ (USB) C:\ (Local Disk) - FAT32 - Total:114 Go (Free:62 Go) D:\ (Local Disk) - FAT32 - Total:114 Go (Free:90 Go) E:\ (CD or DVD) F:\ (USB) G:\ (Local Disk) - NTFS - Total:931 Go (Free:806 Go) H:\ (USB) I:\ (USB) P:\ (USB) Recherche executé en mode normal *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\STEPH\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ISABELLE\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\STEPH\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ISABELLE\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\STEPH\menud+~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\STEPH\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ISABELLE\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : ibvidwjexr.dat trouvé ! * Dans "C:\Documents and Settings\STEPH\locals~1\applic~1" : * Dans "C:\DOCUME~1\ISABELLE\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 08/05/2009 à 23:28:27,25 *** Clean Navipromo version 3.7.6 commencé le 08/05/2009 à 23:29:33,79 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3400+ ) BIOS : Default System BIOS USER : STEPH ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.26 (Activated) Firewall : Norton Internet Worm Protection 2006 (Activated) A:\ (USB) C:\ (Local Disk) - FAT32 - Total:114 Go (Free:62 Go) D:\ (Local Disk) - FAT32 - Total:114 Go (Free:90 Go) E:\ (CD or DVD) F:\ (USB) G:\ (Local Disk) - NTFS - Total:931 Go (Free:806 Go) H:\ (USB) I:\ (USB) P:\ (USB) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\STEPH\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ISABELLE\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\STEPH\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ISABELLE\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\STEPH\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ISABELLE\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\STEPH\menud+~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\STEPH\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * ibvidwjexr.dat trouvé ! Copie ibvidwjexr.dat réalisée avec succès ! ibvidwjexr.dat supprimé ! * Dans "C:\Documents and Settings\STEPH\locals~1\applic~1" * * Dans "C:\DOCUME~1\ISABELLE\locals~1\applic~1" * * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 08/05/2009 à 23:33:37,62 *** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:36:31, on 08/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU" O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [innxvpjm] C:\Documents and Settings\STEPH\Mes documents\F?nts\?srss.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220702492203 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153326480359 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe -- End of file - 13677 bytes

Bonjour, par moment l'UC utilisée est à 100% et le pc rame surtout quand je suis dans l'explorateur (je sais pas si cela un rapport), après avoir lu divers conseils j'ai effectué un scan avec antivir qui n'a rien trouvé,une défragmentation ce qui ne résoud pas le problème,une mise à jour d'IE ,un scan avec spybot et ccleaner et enfin avec malwarebytes qui a trouvé des registres infectés mais le problème persiste (copie du rapport ci-dessous). Je ne sais pas si je suis infecté ou si c'est autre chose je vous joins le rapport Hijacktis et vous remercie d'avance pour l'aide apportée Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2092 Windows 5.1.2600 Service Pack 3 08/05/2009 15:34:53 mbam-log-2009-05-08 (15-34-53).txt Type de recherche: Examen complet (C:\|D:\|G:\|) Eléments examinés: 250688 Temps écoulé: 1 hour(s), 12 minute(s), 14 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 9 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrkq32 (Dialer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{320d180e-08a2-1036-1028-050914050021} (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\ISABELLE\Local Settings\Application Data\xqtgvlok_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\ISABELLE\Local Settings\Application Data\xqtgvlok_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\ISABELLE\Local Settings\Application Data\xqtgvlok.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winrkq32.dll (Dialer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ibvidwjexr_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ibvidwjexr_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully. Logfile of HijackThis v1.99.1 Scan saved at 22:19:04, on 08/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\FreezeScreenSaver.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Azureus\Azureus.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll O2 - BHO: (no name) - {024B3A20-7427-4CA5-B08A-D43F11F2915F} - (no file) O2 - BHO: (no name) - {05E92FBF-9482-4F2A-9C9A-AB3FD8474C43} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {0ACF00E0-C1E4-4F6B-B290-10AC7505C47A} - (no file) O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O2 - BHO: (no name) - {2B291838-3302-4190-86B8-5C5251484FFE} - (no file) O2 - BHO: (no name) - {40827935-BB86-E20E-A04A-9A2B22C08B97} - (no file) O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: (no name) - {730C9560-5081-0052-A1EA-70D5FD7DB0C4} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: (no name) - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - (no file) O3 - Toolbar: (no name) - {157B91D9-D643-403b-92FE-FB48DA68D6C4} - (no file) O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU" O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220702492203 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153326480359 O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/StarsAmatrik.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

OK c'est super ca fonctionne un GROS merci pour tout le temps que tu m'as consacré pour mon problème avec microsoft office 10 il me demande un fichier msi mais je n'ai plus les cd, je vais me débrouiller, j'ai déjà trop abusé de ton temps encore merci pour tout !!!!!! et longue vie à votre site

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ffuetvyl ******************* Script file located at: \??\C:\WINDOWS\system32\ccgxjmxf.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\System32\gfhkj.ini2 deleted successfully. File C:\WINDOWS\System32\gfhkj.bak2 deleted successfully. File C:\WINDOWS\System32\mcrh.tmp deleted successfully. OK File C:\WINDOWS\System32\gfhkj.ini deleted successfully. File C:\WINDOWS\System32\gfhkj.tmp deleted successfully. File C:\WINDOWS\System32\gfhkj.bak1 deleted successfully. File C:\WINDOWS\System32\jkhfg.dll deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gfhkj not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gfhkj failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkhfg deleted successfully. Completed script processing. ******************* Finished! Terminate. Incident Status Location Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

OK tous les fichiers ont disparu

ok seul les fichiers .exe ont disparu,il me reste ceux là C:\WINDOWS\System32\gfhkj.ini2 C:\WINDOWS\System32\gfhkj.bak2 C:\WINDOWS\System32\mcrh.tmp C:\WINDOWS\System32\gfhkj.ini C:\WINDOWS\System32\gfhkj.tmp C:\WINDOWS\System32\gfhkj.bak1 C:\WINDOWS\System32\jkhfg.dll

Désolé mais je suis un peu perdu, tu parles de quels fichiers ,ceux du cadre REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkhfg] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gfhkj ou autre chose ?

Ok je n'ai pas eu d'erreurs apparentes

Désolé, je suis parti travaillé voilà ce que tu m'as demandé.Par contre j'ai un doute sur une manip car tu m'as demandé de copier une liste avec des fichiers C:\WINDOWS\System32 mais tu ne m'as pas demandé de la coller quelque part C:\WINDOWS\System32\gfhkj.ini2 -->23/07/2006 10:31:12 C:\WINDOWS\System32\eRLog.ini -->23/07/2006 10:30:54 C:\WINDOWS\System32\nvapps.xml -->23/07/2006 10:30:40 C:\WINDOWS\System32\wpa.dbl -->23/07/2006 10:30:32 C:\WINDOWS\System32\gfhkj.bak2 -->23/07/2006 10:19:48 C:\WINDOWS\System32\omroxxhm.exe -->23/07/2006 10:19:48 C:\WINDOWS\System32\brtnvuli.exe -->23/07/2006 10:13:30 C:\WINDOWS\System32\mcrh.tmp -->22/07/2006 23:19:54 C:\WINDOWS\System32\ihlqgset.exe -->22/07/2006 23:19:50 C:\WINDOWS\System32\medxhfss.exe -->22/07/2006 23:15:12 C:\WINDOWS\System32\tymwlcqc.exe -->22/07/2006 21:33:06 C:\WINDOWS\System32\cwsiseeb.exe -->22/07/2006 20:39:00 C:\WINDOWS\System32\ikhcore.log -->20/07/2006 21:44:30 C:\WINDOWS\System32\PerfStringBackup.INI -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfh00C.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfc00C.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfh009.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfc009.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\gfhkj.ini -->17/07/2006 21:29:08 C:\WINDOWS\System32\gfhkj.tmp -->17/07/2006 21:01:36 C:\WINDOWS\System32\LuResult.txt -->17/07/2006 20:39:46 C:\WINDOWS\System32\gfhkj.bak1 -->15/07/2006 20:58:06 C:\WINDOWS\System32\jkhfg.dll -->15/07/2006 20:57:34 C:\WINDOWS\System32\MRT.exe -->07/07/2006 03:21:46 C:\WINDOWS\System32\WgaLogon.dll -->19/06/2006 16:20:42 C:\WINDOWS\0-wlancfg.log -->23/07/2006 10:30:44 C:\WINDOWS\wiadebug.log -->23/07/2006 10:30:16 C:\WINDOWS\0.log -->23/07/2006 10:30:06 C:\WINDOWS\bootstat.dat -->23/07/2006 10:30:04 C:\WINDOWS\WindowsUpdate.log -->23/07/2006 10:29:08 C:\WINDOWS\SchedLgU.Txt -->23/07/2006 10:29:06 C:\WINDOWS\wiaservc.log -->23/07/2006 10:29:06 C:\WINDOWS\EPISMF00.SWB -->23/07/2006 10:15:04 C:\WINDOWS\dp2_log.txt -->23/07/2006 10:05:26 C:\WINDOWS\6-wlancfg.log -->22/07/2006 23:25:52 C:\WINDOWS\setupapi.log -->22/07/2006 23:05:36 C:\WINDOWS\win.ini -->22/07/2006 22:19:00 C:\WINDOWS\system.ini -->22/07/2006 22:19:00 C:\WINDOWS\setupact.log -->22/07/2006 20:23:08 C:\WINDOWS\setuperr.log -->22/07/2006 20:23:06 Le volume dans le lecteur C s'appelle STEPH & ISA Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Program Files 16/12/2005 13:50 <REP> . 16/12/2005 13:50 <REP> .. 23/01/2005 11:52 <REP> Fichiers communs 23/01/2005 11:55 <REP> Windows NT 23/01/2005 11:55 <REP> MSN 23/01/2005 11:55 <REP> MSN Gaming Zone 23/01/2005 11:55 <REP> Messenger 23/01/2005 11:55 <REP> Windows Media Player 23/01/2005 11:55 <REP> Online Services 23/01/2005 11:56 <REP> ComPlus Applications 23/01/2005 11:56 <REP> Internet Explorer 23/01/2005 11:56 <REP> Outlook Express 23/01/2005 11:56 <REP> NetMeeting 23/01/2005 11:56 <REP> Movie Maker 23/01/2005 11:57 <REP> Services en ligne 23/01/2005 11:58 <REP> microsoft frontpage 23/01/2005 11:58 <REP> xerox 30/04/2006 20:25 990ÿ208 awent40.exe 30/04/2006 20:38 <REP> WinZip 30/04/2006 22:05 <REP> K-Lite Codec Pack 23/01/2005 12:10 <REP> Adobe 23/01/2005 12:11 <REP> NewTech Infosystems 23/01/2005 12:13 <REP> CyberLink 23/01/2005 12:13 <REP> Symantec 23/01/2005 12:14 <REP> Norton AntiVirus 23/01/2005 12:16 <REP> AMD 10/02/2006 12:24 <REP> Java 10/02/2006 12:26 <REP> Acer 10/02/2006 13:12 <REP> Inventel 10/02/2006 15:23 <REP> Wanadoo 17/03/2006 13:55 <REP> Wanadoo Messager 30/04/2006 23:21 <REP> Realtek AC97 22/07/2006 19:17 382ÿ938 SmitfraudFix.zip 25/03/2006 00:17 <REP> eBay 02/04/2006 10:47 <REP> MSN Toolbar Suite 18/03/2006 14:28 <REP> filesubmit 18/03/2006 14:28 <REP> _ArcadeDownloadFolder 19/07/2006 18:47 <REP> Lavasoft 04/04/2006 20:59 <REP> InstantTouch 06/04/2006 12:56 <REP> LG Electronics 06/04/2006 12:13 <REP> LG PC Suite 07/04/2006 23:40 <REP> VideoLAN 25/05/2006 21:53 <REP> Minilyrics 12/02/2006 13:03 <REP> EPSON 04/07/2006 23:12 <REP> WinRAR 12/02/2006 13:27 <REP> ABBYY FineReader 6.0 Sprint 15/07/2006 17:57 <REP> Alcohol Soft 20/07/2006 19:26 <REP> CCleaner 04/07/2006 23:15 <REP> Activision Value 15/07/2006 17:57 <REP> Alcohol Toolbar 22/07/2006 11:50 <REP> Spybot - Search & Destroy 17/07/2006 19:30 34ÿ465ÿ804 NAV061220FR.exe 18/07/2006 20:43 <REP> Le Mystere de la Momie Demo 22/07/2006 15:25 <REP> Hijackthis 22/07/2006 19:18 <REP> SmitfraudFix 12/02/2006 17:42 <REP> Livecom 14/02/2006 14:17 <REP> Yahoo! 18/02/2006 10:48 <REP> Microsoft Office 18/02/2006 10:58 <REP> DVD Shrink 18/02/2006 11:09 <REP> Winamp 18/02/2006 11:12 <REP> eMule 01/03/2006 20:12 54 delir.gio 28/02/2006 14:18 <REP> WinLemm 03/03/2006 12:22 <REP> MSN Messenger 03/03/2006 12:22 <REP> MSN Apps 05/03/2006 22:44 <REP> Google 05/03/2006 22:45 774ÿ144 RngInterstitial.dll 10/03/2006 16:29 <REP> Freeze.com 14/03/2006 10:53 <REP> Vimicro 14/03/2006 15:26 <REP> EvilLyrics 5 fichier(s) 36ÿ613ÿ148 octets 65 R‚p(s) 12ÿ075ÿ925ÿ504 octets libres Le volume dans le lecteur C s'appelle STEPH & ISA Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Program Files\fichiers communs 16/12/2005 13:50 <REP> . 16/12/2005 13:50 <REP> .. 23/01/2005 11:52 <REP> Microsoft Shared 23/01/2005 11:52 <REP> SpeechEngines 23/01/2005 11:52 <REP> ODBC 23/01/2005 11:56 <REP> System 23/01/2005 11:56 <REP> MSSoap 23/01/2005 11:56 <REP> Services 23/01/2005 12:05 <REP> InstallShield 23/01/2005 12:10 <REP> Adobe 23/01/2005 12:11 <REP> NewTech Infosystems 23/01/2005 12:12 <REP> muvee Technologies 23/01/2005 12:13 <REP> Symantec Shared 10/02/2006 12:24 <REP> Java 10/02/2006 12:25 <REP> ArcSoft 15/07/2006 20:52 <REP> {320D180E-08A2-1036-1028-050914050021} 18/02/2006 10:49 <REP> Designer 05/03/2006 22:44 <REP> Real 18/03/2006 14:28 <REP> NSV 14/04/2006 19:46 <REP> Ahead 0 fichier(s) 0 octets 20 R‚p(s) 12ÿ075ÿ925ÿ504 octets libres Le volume dans le lecteur C s'appelle STEPH & ISA Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\ 17/03/1997 02:07 275ÿ968 Awecp32.exe 22/04/1998 01:00 24ÿ576 Updpnpnt.exe 2 fichier(s) 300ÿ544 octets 0 R‚p(s) 12ÿ075ÿ925ÿ504 octets libres c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27670DD0.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35880211.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37347E3A.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\373E7C30.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46EE36EB.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\470806CF.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\471958BD.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486C6747.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48701143.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F021C3C.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCB60CF.EXE c:\Documents and Settings\STEPH\Local Settings\Temporary Internet Files\Content.IE5\0DT9GEIP\ewido-setup_4.0.0.172a[1].exe c:\Documents and Settings\STEPH\Local Settings\Temporary Internet Files\Content.IE5\6G89S2CD\VundoFix[1].exe c:\Documents and Settings\STEPH\Mes documents\winamp513_full.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\AniUtil.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\cursorxp_free.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\CurXPCpl.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\CurXPUtil.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\SCREENSAVER\Steelers2005.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcchkid.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcrmv.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcrmv64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcrmv9x.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcupd.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\AlcUpd64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\ALCXDEV.EXE c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\ChCfg.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\GETDXVER.EXE c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\SetCDfmt.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\setup.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\alcrmv.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\alcrmv64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\ChCfg.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\CPLUtl64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\RTLCPL.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\SoundMan.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\hijackthis[1]\HijackThis.exe c:\Documents and Settings\STEPH\Bureau\KillBox.exe c:\Documents and Settings\STEPH\Bureau\VundoFix.exe c:\Documents and Settings\STEPH\Bureau\chercher\LFiles.exe c:\Documents and Settings\STEPH\Bureau\clean\pskill.exe c:\Documents and Settings\STEPH\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\msnsearch.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\TFR26.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\Wise~tmp.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\__ArcadeDownloadFoler__demolitionderbyandfigure8race_FR_rf\RealOneArcadeBundle.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\FWSetup\Install.exe c:\Documents and Settings\ISABELLE\Local Settings\Temporary Internet Files\Content.IE5\GHK34VC7\WinAntiVirusPro2006FreeInstall_fr[1].exe c:\Documents and Settings\ISABELLE\Mes documents\Mes images\incredimail_install.exe c:\Documents and Settings\ISABELLE\Mes documents\Mes images\Install_MSN_Messenger.EXE c:\Documents and Settings\ISABELLE\Mes documents\Mes images\magicballs.exe c:\Documents and Settings\ISABELLE\Mes documents\Mes images\SweetImSetup.exe c:\Documents and Settings\ISABELLE\Mes documents\Jeux\chillon.exe c:\Documents and Settings\ISABELLE\Mes documents\Jeux\snake.exe c:\Documents and Settings\ISABELLE\Mes documents\Jeux\PacManiac\PacManiac.exe c:\Documents and Settings\ISABELLE\Bureau\Lemmings Revolution.exe c:\Documents and Settings\ISABELLE\Bureau\isacarrefour\psa30se_fr_fr.exe c:\Documents and Settings\ISABELLE\Bureau\isacarrefour\ytb612_efgsip.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14790073.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\364F0336.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39D12907.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46DB3B01.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46F50AE4.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\470F5AC8.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48806331.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4886372A.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD55EC5.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD17344.DLL c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\ISABELLE\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler

j'ai fait un essai mais malheuresement le problème n'a pas disparu.De plus, je ne plus lancer Excel et Word correctement car il me demande le CD de microsoft office.

A priori il ne détecte plus rien No infected files were found.

Je pense n'avoir rien oublié Logfile of HijackThis v1.99.1 Scan saved at 21:34:13, on 22/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\FreezeScreenSaver.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Inventel\Gateway\wlancfg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\WINDOWS\VM303_STI.EXE C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?10e936e3e8f84f2392d6d82063152d55 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/f7d832f8b5...e172efae_35.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153326480359 O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/StarsAmatrik.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: SPBBCSvc - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe VundoFix V5.1.4 Checking Java version... Java version is 1.5.0.6 Scan started at 21:23:14 22/07/2006 Listing files found while scanning.... C:\WINDOWS\system32\Drivers\DP.sys VundoFix V5.1.4 Checking Java version... Java version is 1.5.0.6 Scan started at 21:25:17 22/07/2006 Listing files found while scanning.... C:\WINDOWS\system32\Drivers\DP.sys Beginning removal... VundoFix V5.1.4 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Java version is 1.5.0.6 Scan started at 21:28:00 22/07/2006 Listing files found while scanning.... C:\WINDOWS\system32\Drivers\DP.sys VundoFix V5.1.4 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Java version is 1.5.0.6 Scan started at 21:29:04 22/07/2006 Listing files found while scanning.... C:\WINDOWS\system32\Drivers\DP.sys Beginning removal... The process smss.exe was successfully stopped The process winlogon.exe could not be stopped Vundofix may not be able to delete some files that were found. The process explorer.exe was successfully stopped The process iexplore.exe was successfully stopped The process rundll32.exe was successfully stopped Attempting to delete C:\WINDOWS\system32\Drivers\DP.sys C:\WINDOWS\system32\Drivers\DP.sys Has been deleted! Performing Repairs to the registry. Done! --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 20:34:32 22/07/2006 + Scan result: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined). HKU\S-1-5-21-222810038-3627866531-4045396111-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined). HKU\S-1-5-21-222810038-3627866531-4045396111-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : Cleaned with backup (quarantined). HKU\S-1-5-21-222810038-3627866531-4045396111-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\report\aggr_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\report\send_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined). C:\Documents and Settings\STEPH\Mes documents\Fοnts\сsrss.exe -> Adware.PurityScan : Cleaned with backup (quarantined). C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP213\A0033010.dll -> Adware.PurityScan : Cleaned with backup (quarantined). HKU\S-1-5-21-222810038-3627866531-4045396111-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\SearchMatch\searchMatchPages -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Weather -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Weather\AlertArchive.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Weather\WeatherOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Application Data\Starware\Weather\WeatherOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined). HKU\S-1-5-21-222810038-3627866531-4045396111-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined). HKU\S-1-5-21-222810038-3627866531-4045396111-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined). C:\WINDOWS\system32\jkhfg.dll -> Adware.Virtumonde : Cleaned with backup (quarantined). HKU\S-1-5-21-222810038-3627866531-4045396111-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined). C:\Documents and Settings\ISABELLE\Local Settings\Temp\Cookies\isabelle@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\STEPH\Cookies\steph@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned. C:\Documents and Settings\STEPH\Cookies\steph@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@cliks[1].txt -> TrackingCookie.Cliks : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@need2find[2].txt -> TrackingCookie.Need2find : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\ISABELLE\Local Settings\Temp\Cookies\isabelle@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@weborama[2].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\ISABELLE\Cookies\isabelle@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Recycled\Dc1.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\Recycled\Dc2.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\Recycled\Dc3.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\Recycled\Dc4.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\WINDOWS\system32\idroftjb.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined). C:\System Volume Information\_restore{18120FB7-1173-47C3-9BCD-321152D5F4E4}\RP215\A0033867.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). ::Report end SmitFraudFix v2.74 Rapport fait à 20:23:01,42, 22/07/2006 Executé à partir de C:\Program Files\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\components\flx?.dll supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Tout d'abord merci de me répondre et voici ce que tu m'as demandé SmitFraudFix v2.74 Rapport fait à 19:20:11,71, 22/07/2006 Executé à partir de C:\Program Files\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\components\flx?.dll PRESENT ! C:\WINDOWS\system32\components\flx??.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\STEPH\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STEPH\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "cinnamomum"="{93ac7c30-3878-4eaa-9420-7977285df5b1}" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin C:\WINDOWS\System32\gfhkj.ini2 -->22/07/2006 19:23:02 C:\WINDOWS\System32\idroftjb.exe -->22/07/2006 17:32:52 C:\WINDOWS\System32\gfhkj.bak2 -->22/07/2006 17:32:50 C:\WINDOWS\System32\eRLog.ini -->22/07/2006 17:31:24 C:\WINDOWS\System32\wpa.dbl -->22/07/2006 17:31:14 C:\WINDOWS\System32\nvapps.xml -->22/07/2006 17:30:50 C:\WINDOWS\System32\jieywsad.exe -->22/07/2006 17:28:56 C:\WINDOWS\System32\mcrh.tmp -->22/07/2006 17:28:00 C:\WINDOWS\System32\hiflcwfi.exe -->22/07/2006 17:27:12 C:\WINDOWS\System32\hqqxidgd.exe -->22/07/2006 15:41:04 C:\WINDOWS\System32\gmskftox.exe -->22/07/2006 15:24:20 C:\WINDOWS\System32\ikhcore.log -->20/07/2006 21:44:30 C:\WINDOWS\System32\PerfStringBackup.INI -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfh00C.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfc00C.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfh009.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\perfc009.dat -->19/07/2006 18:31:42 C:\WINDOWS\System32\gfhkj.ini -->17/07/2006 21:29:08 C:\WINDOWS\System32\gfhkj.tmp -->17/07/2006 21:01:36 C:\WINDOWS\System32\LuResult.txt -->17/07/2006 20:39:46 C:\WINDOWS\System32\wnsapisv.exe -->16/07/2006 12:30:12 C:\WINDOWS\System32\gfhkj.bak1 -->15/07/2006 20:58:06 C:\WINDOWS\System32\jkhfg.dll -->15/07/2006 20:57:34 C:\WINDOWS\System32\MRT.exe -->07/07/2006 03:21:46 C:\WINDOWS\System32\WgaLogon.dll -->19/06/2006 16:20:42 C:\WINDOWS\EPISMF00.SWB -->22/07/2006 19:12:10 C:\WINDOWS\dp2_log.txt -->22/07/2006 18:20:58 C:\WINDOWS\wiadebug.log -->22/07/2006 17:30:38 C:\WINDOWS\bootstat.dat -->22/07/2006 17:30:16 C:\WINDOWS\WindowsUpdate.log -->22/07/2006 17:29:18 C:\WINDOWS\SchedLgU.Txt -->22/07/2006 17:29:16 C:\WINDOWS\wiaservc.log -->22/07/2006 17:29:16 C:\WINDOWS\win.ini -->19/07/2006 18:22:42 C:\WINDOWS\system.ini -->19/07/2006 18:22:42 C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4781.exe -->15/07/2006 17:57:40 C:\WINDOWS\CoD.INI -->14/07/2006 10:22:12 C:\WINDOWS\CDMKR32.INI -->13/07/2006 21:03:26 C:\WINDOWS\iun506.exe -->04/07/2006 23:15:14 C:\WINDOWS\winamp.ini -->18/05/2006 22:07:26 C:\WINDOWS\wininit.ini -->30/04/2006 18:23:22 Le volume dans le lecteur C s'appelle STEPH & ISA Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Program Files 16/12/2005 13:50 <REP> . 16/12/2005 13:50 <REP> .. 23/01/2005 11:52 <REP> Fichiers communs 23/01/2005 11:55 <REP> Windows NT 23/01/2005 11:55 <REP> MSN 23/01/2005 11:55 <REP> MSN Gaming Zone 23/01/2005 11:55 <REP> Messenger 23/01/2005 11:55 <REP> Windows Media Player 23/01/2005 11:55 <REP> Online Services 23/01/2005 11:56 <REP> ComPlus Applications 23/01/2005 11:56 <REP> Internet Explorer 23/01/2005 11:56 <REP> Outlook Express 23/01/2005 11:56 <REP> NetMeeting 23/01/2005 11:56 <REP> Movie Maker 23/01/2005 11:57 <REP> Services en ligne 23/01/2005 11:58 <REP> microsoft frontpage 23/01/2005 11:58 <REP> xerox 30/04/2006 20:25 990ÿ208 awent40.exe 30/04/2006 20:38 <REP> WinZip 30/04/2006 22:05 <REP> K-Lite Codec Pack 23/01/2005 12:10 <REP> Adobe 23/01/2005 12:11 <REP> NewTech Infosystems 23/01/2005 12:13 <REP> CyberLink 23/01/2005 12:13 <REP> Symantec 23/01/2005 12:14 <REP> Norton AntiVirus 23/01/2005 12:16 <REP> AMD 10/02/2006 12:24 <REP> Java 10/02/2006 12:26 <REP> Acer 10/02/2006 13:12 <REP> Inventel 10/02/2006 15:23 <REP> Wanadoo 17/03/2006 13:55 <REP> Wanadoo Messager 30/04/2006 23:21 <REP> Realtek AC97 22/07/2006 19:17 382ÿ938 SmitfraudFix.zip 25/03/2006 00:17 <REP> eBay 02/04/2006 10:47 <REP> MSN Toolbar Suite 18/03/2006 14:28 <REP> filesubmit 18/03/2006 14:28 <REP> _ArcadeDownloadFolder 19/07/2006 18:47 <REP> Lavasoft 04/04/2006 20:59 <REP> InstantTouch 06/04/2006 12:56 <REP> LG Electronics 06/04/2006 12:13 <REP> LG PC Suite 07/04/2006 23:40 <REP> VideoLAN 25/05/2006 21:53 <REP> Minilyrics 12/02/2006 13:03 <REP> EPSON 04/07/2006 23:12 <REP> WinRAR 12/02/2006 13:27 <REP> ABBYY FineReader 6.0 Sprint 15/07/2006 17:57 <REP> Alcohol Soft 20/07/2006 19:26 <REP> CCleaner 04/07/2006 23:15 <REP> Activision Value 15/07/2006 17:57 <REP> Alcohol Toolbar 22/07/2006 11:50 <REP> Spybot - Search & Destroy 17/07/2006 19:30 34ÿ465ÿ804 NAV061220FR.exe 18/07/2006 20:43 <REP> Le Mystere de la Momie Demo 22/07/2006 15:25 <REP> Hijackthis 22/07/2006 19:18 <REP> SmitfraudFix 12/02/2006 17:42 <REP> Livecom 14/02/2006 14:17 <REP> Yahoo! 18/02/2006 10:48 <REP> Microsoft Office 18/02/2006 10:58 <REP> DVD Shrink 18/02/2006 11:09 <REP> Winamp 18/02/2006 11:12 <REP> eMule 01/03/2006 20:12 54 delir.gio 28/02/2006 14:18 <REP> WinLemm 03/03/2006 12:22 <REP> MSN Messenger 03/03/2006 12:22 <REP> MSN Apps 05/03/2006 22:44 <REP> Google 05/03/2006 22:45 774ÿ144 RngInterstitial.dll 10/03/2006 16:29 <REP> Freeze.com 14/03/2006 10:53 <REP> Vimicro 14/03/2006 15:26 <REP> EvilLyrics 5 fichier(s) 36ÿ613ÿ148 octets 65 R‚p(s) 12ÿ153ÿ913ÿ344 octets libres Le volume dans le lecteur C s'appelle STEPH & ISA Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\Program Files\fichiers communs 16/12/2005 13:50 <REP> . 16/12/2005 13:50 <REP> .. 23/01/2005 11:52 <REP> Microsoft Shared 23/01/2005 11:52 <REP> SpeechEngines 23/01/2005 11:52 <REP> ODBC 23/01/2005 11:56 <REP> System 23/01/2005 11:56 <REP> MSSoap 23/01/2005 11:56 <REP> Services 23/01/2005 12:05 <REP> InstallShield 23/01/2005 12:10 <REP> Adobe 23/01/2005 12:11 <REP> NewTech Infosystems 23/01/2005 12:12 <REP> muvee Technologies 23/01/2005 12:13 <REP> Symantec Shared 10/02/2006 12:24 <REP> Java 10/02/2006 12:25 <REP> ArcSoft 17/03/2006 13:47 278ÿ528 FDEUnInstaller.exe 15/07/2006 20:52 <REP> {320D180E-08A2-1036-1028-050914050021} 18/02/2006 10:49 <REP> Designer 05/03/2006 22:44 <REP> Real 18/03/2006 14:28 <REP> NSV 14/04/2006 19:46 <REP> Ahead 1 fichier(s) 278ÿ528 octets 20 R‚p(s) 12ÿ153ÿ946ÿ112 octets libres Le volume dans le lecteur C s'appelle STEPH & ISA Le num‚ro de s‚rie du volume est 320D-180E R‚pertoire de C:\ 17/03/1997 02:07 275ÿ968 Awecp32.exe 22/04/1998 01:00 24ÿ576 Updpnpnt.exe 2 fichier(s) 300ÿ544 octets 0 R‚p(s) 12ÿ153ÿ946ÿ112 octets libres c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27670DD0.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35880211.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37347E3A.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\373E7C30.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46EE36EB.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\470806CF.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\471958BD.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\486C6747.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48701143.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F021C3C.exe c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FCB60CF.EXE c:\Documents and Settings\STEPH\Mes documents\winamp513_full.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\AniUtil.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\cursorxp_free.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\CurXPCpl.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\ICONES\Curseur XP\CurXPUtil.exe c:\Documents and Settings\STEPH\Mes documents\Mes images\SCREENSAVER\Steelers2005.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcchkid.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcrmv.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcrmv64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcrmv9x.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\alcupd.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\AlcUpd64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\ALCXDEV.EXE c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\ChCfg.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\GETDXVER.EXE c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\SetCDfmt.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\setup.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\alcrmv.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\alcrmv64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\ChCfg.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\CPLUtl64.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\RTLCPL.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\WDM_A386[1]\WDM_A386\WDM\SoundMan.exe c:\Documents and Settings\STEPH\Mes documents\Unzipped\hijackthis[1]\HijackThis.exe c:\Documents and Settings\STEPH\Mes documents\F?nts\?srss.exe c:\Documents and Settings\STEPH\Bureau\chercher\LFiles.exe c:\Documents and Settings\STEPH\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\msnsearch.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\TFR26.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\Wise~tmp.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\__ArcadeDownloadFoler__demolitionderbyandfigure8race_FR_rf\RealOneArcadeBundle.exe c:\Documents and Settings\ISABELLE\Local Settings\Temp\FWSetup\Install.exe c:\Documents and Settings\ISABELLE\Local Settings\Temporary Internet Files\Content.IE5\GHK34VC7\WinAntiVirusPro2006FreeInstall_fr[1].exe c:\Documents and Settings\ISABELLE\Mes documents\Mes images\incredimail_install.exe c:\Documents and Settings\ISABELLE\Mes documents\Mes images\Install_MSN_Messenger.EXE c:\Documents and Settings\ISABELLE\Mes documents\Mes images\magicballs.exe c:\Documents and Settings\ISABELLE\Mes documents\Mes images\SweetImSetup.exe c:\Documents and Settings\ISABELLE\Mes documents\Jeux\chillon.exe c:\Documents and Settings\ISABELLE\Mes documents\Jeux\snake.exe c:\Documents and Settings\ISABELLE\Mes documents\Jeux\PacManiac\PacManiac.exe c:\Documents and Settings\ISABELLE\Bureau\Lemmings Revolution.exe c:\Documents and Settings\ISABELLE\Bureau\isacarrefour\psa30se_fr_fr.exe c:\Documents and Settings\ISABELLE\Bureau\isacarrefour\ytb612_efgsip.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14790073.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\364F0336.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39D12907.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46DB3B01.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46F50AE4.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\470F5AC8.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48806331.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4886372A.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD55EC5.dll c:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD17344.DLL c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\ISABELLE\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler

Bonjour à tous je viens de découvrir ce site et c'est vraiment sympa d'apporter de l'aide à des débutants. Voilà mon problème, suite à des téléchargements, j'ai récupéré des spy ainsi que des trojans. Ce qui m'arrive est étrange car lorsque j'ai une seule session de connecter, je n'ai pas de problèmes excepté l'apparition à l'écran de publicité de spywares etc.. Lorsque je connecte la deuxième session, je ne peux pas lancer l'internet explorer ou l'explorateur windows, la corbeille etc ( les icones du bureau disparaissent ainsi que la barre de tache puis réapparaissent lorsque je lance ces applications), de plus si je me remets sur la première session, je ne plus utiliser internet explorer, explorateur (le même phénomène se produit) Par contre,les applications comme Winamp,Excel,Word etc.. se lancent sans problème sur les 2 sessions. J'ai utilisé Ad-Aware,CC Cleaner,spybot,norton 2006 mais le problème persiste j'ai donc suivi la procédure pré nettoyage d'un PC infécté est voilà le résultat Logfile of HijackThis v1.99.1 Scan saved at 15:34:12, on 22/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\WINDOWS\system32\FreezeScreenSaver.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Inventel\Gateway\wlancfg.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\Acer eMode Management\AspireService.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\WINDOWS\VM303_STI.EXE C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL R3 - URLSearchHook: (no name) - <default> - (no file) R3 - URLSearchHook: (no name) - {40827935-BB86-E20E-A04A-9A2B22C08B97} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: Alcohol Toolbar - {DC59A0D4-0ED6-4A73-B356-1B977F2A7725} - C:\Program Files\Alcohol Toolbar\v3.0.0.0\AudioGizmo_Toolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?10e936e3e8f84f2392d6d82063152d55 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?10e936e3e8f84f2392d6d82063152d55 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferimento.biz/l/f7d832f8b5...e172efae_35.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153326480359 O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/StarsAmatrik.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - AppInit_DLLs: C:\WINDOWS\system32\wowexec.dll O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file) O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe Merci d'avance pour le temps consacré et l'aide apportée