chouchou95

Voici le rapport de OTMoveIt.exe File/Folder C:\WINDOWS\System32\iwssv32.exe not found. File/Folder C:\WINDOWS\System32\sqvx5gamet2.exe not found. File/Folder C:\Program Files\Fichiers communs\winctl.dll not found. Created on 07/13/2007 20:23:22 + Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 20:27:53, on 13/07/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183235248983 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Autre question, vous me dites que je peux demander une MAJ de SDFIX, mais comment fait-on ?

J'ai effacé les 2 fichiers msccsed.exe + dcmsxe.exe rapport antivir, j'ai supprimé les fichiers en quarantaine : AntiVir PersonalEdition Classic Report file date: mercredi 4 juillet 2007 19:50 Scanning for 863833 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (plain) [5.1.2600] Username: pascale Computer name: MAISON Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21/05/2007 17:46:08 ANTIVIR2.VDF : 6.39.0.76 1002496 Bytes 29/06/2007 17:46:09 ANTIVIR3.VDF : 6.39.0.96 121344 Bytes 04/07/2007 17:46:09 AVEWIN32.DLL : 7.4.0.37 2482688 Bytes 04/07/2007 17:46:09 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.13 360488 Bytes 04/07/2007 17:46:10 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 4 juillet 2007 19:50 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'lanceur.exe' - '1' Module(s) have been scanned Scan process 'MOTIVE~1.EXE' - '1' Module(s) have been scanned Scan process 'mpbtn.exe' - '1' Module(s) have been scanned Scan process 'lecompagnonclub.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'gnotify.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'CFD.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'Wf2k.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'SAgent2.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Start scanning boot sectors: Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '30' files ). Starting the file scan: Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\xx1232255.exe [DETECTION] Contains signature of the worm WORM/Zhelatin.Gen [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\1.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\10.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\11.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\12.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de5b.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\13.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\14.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de65.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\16.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\18.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de70.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\1A.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\1B.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de82.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\1D.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\1E.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de8d.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\2.dllb [DETECTION] Is the Trojan horse TR/Dldr.BraveSent.N [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\2.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.87 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\20.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\21.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\22.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de8a.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\24.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de8f.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\26.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\27.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9de98.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\29.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\2A.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9dea8.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\2B.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9deab.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\2C.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\2D.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9deb4.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\2F.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\3.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\30.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9deac.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\32.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.bwr.4 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\34.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\35.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\37.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46b9debf.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\3B.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\3C.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.bwr.7 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\4.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46ffdebf.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\6.dllb [DETECTION] Is the Trojan horse TR/Small.DBY.LH.8 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\6.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.87 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\7.dllb [DETECTION] Is the Trojan horse TR/Dldr.Tibs.DL [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\7.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\8.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46ffdecd.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\A.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46ffded0.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\B.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.87 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\C.tmp [DETECTION] Is the Trojan horse TR/Dldr.Agent.brk.73 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temp\D.tmp [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46ffded9.qua'! C:\Documents and Settings\pascale\Local Settings\Temp\v5x4.ga2me [DETECTION] Is the Trojan horse TR/Peed.OL.16 [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\K5YB4XMV\giteleschaumes[1].htm [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud [iNFO] The file was moved to '46ffdf54.qua'! C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\P5XPW61T\chambres[1].html [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\P5XPW61T\giteleschaumes[1] [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud [iNFO] The file was deleted! C:\Documents and Settings\pascale\Local Settings\Temporary Internet Files\Content.IE5\XDNIDWFG\conseilspratiques[1].html [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud [iNFO] The file was deleted! C:\WINDOWS\system32\logi.exe.exe [DETECTION] Is the Trojan horse TR/Small.DBY.DB [iNFO] The file was deleted! C:\WINDOWS\system32\svchost.exe:exe.exe [DETECTION] Is the Trojan horse TR/Obfuscated.GL.38 [iNFO] The file was deleted! C:\WINDOWS\system32\drivers\asc3550u.sys [DETECTION] Is the Trojan horse TR/Proxy.Agent.MX.2 [iNFO] The file was deleted! Begin scan in 'D:\' <Vidéos et Musique> Begin scan in 'E:\' < Photo Jeux Films1> Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: mercredi 4 juillet 2007 20:37 Used time: 46:44 min The scan has been done completely. 2782 Scanning directories 194231 Files were scanned 53 viruses and/or unwanted programs were found 17 classified as suspicious: 35 files were deleted 0 files were repaired 18 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 194161 Files not concerned 3102 Archives were scanned 1 Warnings 33 Notes 0 Hidden objects were found Rapport SDFIX SDFix: Version 1.89 Run by pascale on 04/07/2007 at 21:01 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: runtime runtime2 ImagePath: \??\C:\WINDOWS\System32\drivers\runtime.sys \??\C:\WINDOWS\System32\drivers\runtime2.sys runtime2 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\Documents and Settings\pascale\Application Data\Install.dat - Deleted C:\WINDOWS\system32\5_exception.nls - Deleted C:\WINDOWS\system32\mstscex.dll - Deleted C:\WINDOWS\system32\oleauth32.dll - Deleted C:\WINDOWS\wpcjmd.log - Deleted Removing Temp Files... ADS Check: Checking C:\WINDOWS C:\WINDOWS No streams found. Checking C:\WINDOWS\system32 C:\WINDOWS\system32 No streams found. Checking C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Checking C:\WINDOWS\system32\ntoskrnl.exe C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\System32\\regpmdnw.exe"="C:\\WINDOWS\\System32\\regpmdnw.exe:*:Enabled:Server" "C:\\WINDOWS\\System32\\dllpzzrv.exe"="C:\\WINDOWS\\System32\\dllpzzrv.exe:*:Enabled:Server" "C:\\WINDOWS\\System32\\svchost.exe"="C:\\WINDOWS\\System32\\svchost.exe:*:Enabled:svchost" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\WINDOWS\\System32\\regpmdnw.exe"="C:\\WINDOWS\\System32\\regpmdnw.exe:*:Enabled:Server" "C:\\WINDOWS\\System32\\dllpzzrv.exe"="C:\\WINDOWS\\System32\\dllpzzrv.exe:*:Enabled:Server" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: C:\paging.sys C:\WINDOWS\LastGood.Tmp\INF\oem1.inf C:\WINDOWS\LastGood.Tmp\INF\oem1.PNF C:\WINDOWS\LastGood.Tmp\INF\oem2.inf C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF C:\WINDOWS\LastGood.Tmp\INF\oem3.inf C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF C:\WINDOWS\LastGood.Tmp\INF\oem4.inf C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF C:\WINDOWS\LastGood.Tmp\INF\oem5.inf C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF Finished Rapport Combofix : "pascale" - 2007-07-04 21:23:45 - ComboFix 07-07-04.4 [sAFE MODE] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP C:\DOCUME~1\pascale\APPLIC~1\Microsoft\20509.dat C:\Documents and Settings\All Users.\documents\settings ((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 ))))))))))))))))))))))))))))))) 2007-07-04 21:22 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-04 21:00 <REP> d-------- C:\WINDOWS\ERUNT 2007-07-04 19:38 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic 2007-07-03 22:20 <REP> d-------- C:\Program Files\Lavasoft 2007-07-03 22:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-07-03 22:19 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-07-03 18:57 <REP> d-------- C:\WINDOWS\pss 2007-07-02 19:58 24,064 -r-hs---- C:\paging.sys 2007-07-02 19:58 24,064 --a------ C:\Program Files\Fichiers communs\winctl.dll 2007-07-01 14:02 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-06-30 23:21 17,180,760 --a------ C:\Program Files\antivir_workstation_win7u_en_h.exe 2007-06-30 20:17 1,272,712 --a------ C:\Program Files\WindowsXP-KB927891-v3-x86-FRA.exe 2007-06-30 19:55 553,687 --a------ C:\Program Files\RegCleaner.exe 2007-06-30 19:54 <REP> d-------- C:\Program Files\RegCleaner 2007-06-30 19:52 506,140 --a------ C:\Program Files\HijackThisFR.exe 2007-06-30 19:52 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise 2007-06-29 22:17 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-06-29 22:17 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-06-29 22:17 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-06-29 22:17 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-06-29 22:17 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-06-29 22:17 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-06-29 22:17 <REP> d-------- C:\Program Files\Spyware Doctor 2007-06-29 22:17 <REP> d-------- C:\DOCUME~1\pascale\APPLIC~1\PC Tools 2007-06-29 00:58 <REP> d-------- C:\DOCUME~1\pascale\APPLIC~1\Lavasoft 2007-06-28 16:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-04 19:10:42 48,856 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-04 19:10:42 368,076 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-01 18:59:02 -------- d-----w C:\Program Files\QuickTime 2007-07-01 18:57:35 -------- d-----w C:\Program Files\Messenger 2007-07-01 18:56:09 -------- d-----w C:\Program Files\Google 2007-06-30 21:59:11 -------- d-----w C:\Program Files\Hijackthis Version Française 2007-06-28 13:18:14 12,800 ----a-w C:\WINDOWS\system32\svchost.exe 2007-05-31 13:46:56 -------- d-----w C:\DOCUME~1\pascale\APPLIC~1\Ahead 2007-05-23 17:35:08 -------- d-----w C:\Program Files\Fichiers communs\Ahead 2007-05-23 17:35:06 -------- d-----w C:\Program Files\Nero 2007-05-22 19:01:53 -------- d-----w C:\Program Files\MSN Messenger 2007-05-22 18:26:13 -------- d-----w C:\Program Files\AskTBar 2007-05-18 08:40:49 -------- d-----w C:\DOCUME~1\pascale\APPLIC~1\Google 2007-05-16 15:27:05 19,392 ----a-w C:\DOCUME~1\pascale\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-04-28 20:40:03 14,861,256 ----a-w C:\Program Files\setupfre1.exe 2007-04-28 20:37:17 15,086,296 ----a-w C:\Program Files\setupfrepro.exe 2007-04-28 20:37:14 408,192 ----a-w C:\Program Files\aswclnr.exe 2007-04-21 10:32:01 19,127,288 ----a-w C:\Program Files\gcard.exe 2007-04-20 18:32:52 299,288 ----a-w C:\Program Files\GmailInstaller.exe 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 20:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-14 19:58:54 123,392 ----a-w C:\WINDOWS\system32\itss.dll 2007-04-14 19:52:55 257,536 ----a-w C:\WINDOWS\system32\mstask.dll 2007-04-14 19:52:54 9,728 ----a-w C:\WINDOWS\system32\mstinit.exe 2007-04-14 19:52:54 48,640 ----a-w C:\WINDOWS\system32\browser.dll 2007-04-14 19:52:54 161,280 ----a-w C:\WINDOWS\system32\schedsvc.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-04-09 20:29:17 6,652,812 ----a-w C:\Program Files\sld.codec.pack.2.2.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] 2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2001-04-16 17:39 37808 --------- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}] 2007-05-22 19:23 57344 --a------ C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-05-17 14:19 2436160 -ra------ c:\program files\google\googletoolbar1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] 2007-07-02 19:28 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinFast2KLoadDefault"="wf2kcpl.dll" [2002-10-24 14:43 C:\WINDOWS\system32\WF2KCPL.dll] "SoundMan"="SOUNDMAN.EXE" [2002-09-11 04:57 C:\WINDOWS\SOUNDMAN.EXE] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-05 21:00] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16] "nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe] "Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-16 22:24] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 14:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 08:14] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 18:11] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 19:28] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18] "ppsmcs"="sqvx5gamet2.exe" [] "beadsofti"="C:\WINDOWS\System32\iwssv32.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "{009541A0-3B00-1F1C-00F3-040224009C02}"="C:\Program Files\Fichiers communs\winctl.dll" [2007-07-02 19:58] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice] HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} rundll32 iesetup.dll,IEAccessUserInst ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-04 21:25:26 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Driver] "ImagePath"="\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgAsCln] "ImagePath"="System32\DRIVERS\AvgAsCln.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WINFOXIO] "ImagePath"="\??\C:\WINDOWS\System32\Drivers\WINFOXIO.SYS" Completion time: 2007-07-04 21:26:02 C:\ComboFix-quarantined-files.txt ... 2007-07-04 21:25 --- E O F --- Puis rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 21:27:49, on 04/07/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file) O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ppsmcs] sqvx5gamet2.exe O4 - HKCU\..\Run: [beadsofti] C:\WINDOWS\System32\iwssv32.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183235248983 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\WgaLogon.dll O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Fichiers communs\winctl.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe Et voilà le tour est joué. Mon pc réagit plus vite, c'est bon signe, non ? Suite de notre grande aventure ???

Voici le rapport : Logfile of HijackThis v1.99.1 Scan saved at 23:23:31, on 03/07/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing) O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [service Pack 1] C:\WINDOWS\System32\vexg6ame4.exe O4 - HKCU\..\Run: [ppsmcs] sqvx5gamet2.exe O4 - HKCU\..\Run: [resvsio] C:\WINDOWS\System32\atsdisc.exe O4 - HKCU\..\Run: [vcmicrec] C:\WINDOWS\System32\msccsed.exe O4 - HKCU\..\Run: [netasv2] C:\WINDOWS\System32\regpmdnw.exe O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\System32\dllpzzrv.exe O4 - HKCU\..\Run: [audlmne32] C:\WINDOWS\System32\dcmsxe.exe O4 - HKCU\..\Run: [beadsofti] C:\WINDOWS\System32\iwssv32.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183235248983 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\WgaLogon.dll O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Fichiers communs\winctl.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Ok c'est fait, voici le rapport, j'ai aussi suppimé les fichiers mis en quarantaine : Ad-Aware 2007 Build Log File Created on: 2007-07-03 22:31:01 Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef Computer name: MAISON Name of user performing scan: SYSTEM System information =========================== Number of processors: 1 Processor type: AMD Athlon XP 1800+ Memory Available: 65% Total Physical Memory: 536330240 Bytes Available Physical Memory: 346763264 Bytes Total Page File Size: 1311272960 Bytes Available On Page File: 1179619328 Bytes Total Virtual Memory: 2147352576 Bytes Available Virtual Memory: 2007429120 Bytes OS: Microsoft Windows XP (Build 2600) Ad-Aware 2007 Settings =========================== Skipping files larger than 1048576 kB Ignoring infections with lower TAI than: 3 Extended Ad-Aware 2007 Settings =========================== Unloading known modules during scan Ignoring spanned files when scanning cab archives Scanning registry for all users Using permanent archive caching Reanalyzing results after scanning before displaying results Trying to unload modules prior to removal Let Windows remove files currently in use at next reboot Removing quarantined objects after restore Logging Ad-Aware events Blocking Pop-Ups aggressively Deactivating Ad-Watch during scans Writeprotecting system files after repairs Including Ad-aware command line parameters in log file Include info about ignored objects in log file Including basic settings in log file Including advanced settings in log file Including user and computer name in log file Include reference summary in log file Creating log file for removal operations Including module info in log file Include Alternate Data Stream details in log file Create and save WebUpdate log file Databaseinfo =========================== Version number: 2 Build Number: 0 Build Date and Time: 2007/06/05 19:22:29 Scan Statistics =========================== Method: Smart Scan tracking cookies.............................: On Scan ADS filestreams..............................: Off Item Scanned: 74424 Infections Detected: 47 Infections Ignored: 0 Scan detailed statistics =========================== Type Critical Total Process Scan....: 0 0 Registry Scan...: 0 0 Registry PE Scan: 0 0 Hosts File Scan.: 0 0 File Scan.......: 0 0 Folder Scan.....: 0 0 LSP Scan........: 0 0 ADS Scan........: 0 0 Cookie Scan.....: 44 44 File Hash Scan..: 1 1 Infections Found =========================== Family Id: 723 Name: Tracking Cookie Category: DataMiner TAI:3 Item Id: 600000263 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat mediaplex.com svid / Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat doubleclick.net id / Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat estat.com e / Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat advertising.com ACID / Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat advertising.com F1 / Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat advertising.com BASE / Item Id: 600000187 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat advertising.com ROLL / Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1070847646/ Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat msnportal.112.2o7.net s_vi / Item Id: 600000101 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat overture.com CMUserData / Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat atdmt.com AA002 / Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat karavel.112.2o7.net s_vi / Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1068154444/ Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1068087675/ Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat weborama.fr AFFICHE_W / Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat weborama.fr wous / Item Id: 600000225 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat weborama.fr aimfarcapping / Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat fr.sitestat.com s1 /mdlfr/franceguide/ Item Id: 600000142 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat fr.sitestat.com c1 /mdlfr/ Item Id: 600000295 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat adtech.de CfP / Item Id: 600000295 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat adtech.de JEB2 / Item Id: 600000447 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat apmebf.com S / Item Id: 600000447 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat apmebf.com LCLK / Item Id: 600000234 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat tradedoubler.com TD_UNIQUE_IMP / Item Id: 600000234 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat tradedoubler.com TD_PIC / Item Id: 600000234 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat tradedoubler.com TradeDoublerGUID / Item Id: 600000234 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat tradedoubler.com TD_EH_0 / Item Id: 600000199 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat fe.lea.lycos.fr NGUserID / Item Id: 600000199 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat ads.multimania.lycos.fr DXPERT / Item Id: 600000199 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat ads.multimania.lycos.fr DXPERTRICH / Item Id: 600000199 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat ads.multimania.lycos.fr DXPERTSMALL / Item Id: 600000199 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat multimania.lycos.fr lycosUpdate / Item Id: 600000190 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.googleadservices.com Conversion /pagead/conversion/1071416564/ Item Id: 600000173 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat bluestreak.com id / Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat ad.yieldmanager.com uid / Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat ad.yieldmanager.com bh / Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat revsci.net NETID01 / Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat revsci.net NETSEGS_K05540 / Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat revsci.net rsi_cls_1000000 / Item Id: 600000415 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat revsci.net rsi_segs_1000000 / Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.smartadserver.com TestIfCookieP / Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.smartadserver.com pbw / Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.smartadserver.com pid / Item Id: 600000001 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\pascale\Cookies\index.dat www.smartadserver.com pbwmaj / Family Id: 478 Name: MegaSearch Toolbar Category: DataMiner TAI:4 Item Id: 9259 Value: File: C:\Program Files\Club-Internet\Le Compagnon Club\vendors\TONLFR\wwwcache\wt\fr\private\content\images\wait.gif Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0 Item Id: 1 Value: MRU Path: C:\Documents and Settings\pascale\Recent Count: 15 Item Id: 3 Value: MRU Registry Key: S-1-5-21-436374069-1592454029-682003330-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 6 Items Ignored During Scan =========================== Listing of running processes =========================== C:\WINDOWS\SYSTEM32\SMSS.EXE c:\windows\system32\smss.exe c:\windows\system32\ntdll.dll C:\WINDOWS\SYSTEM32\CSRSS.EXE c:\windows\system32\csrss.exe c:\windows\system32\ntdll.dll c:\windows\system32\csrsrv.dll c:\windows\system32\basesrv.dll c:\windows\system32\winsrv.dll c:\windows\system32\user32.dll c:\windows\system32\kernel32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\sxs.dll C:\WINDOWS\SYSTEM32\WINLOGON.EXE c:\windows\system32\winlogon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\authz.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\nddeapi.dll c:\windows\system32\profmap.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\psapi.dll c:\windows\system32\regapi.dll c:\windows\system32\secur32.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\msgina.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\comctl32.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\shsvcs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\ole32.dll c:\windows\system32\imagehlp.dll c:\windows\system32\winmm.dll c:\windows\system32\cscdll.dll c:\windows\system32\wlnotify.dll c:\windows\system32\winscard.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winspool.drv c:\windows\system32\mpr.dll c:\windows\system32\rsaenh.dll c:\windows\system32\uxtheme.dll c:\windows\system32\samlib.dll c:\windows\system32\cscui.dll c:\windows\system32\ntmarta.dll c:\windows\system32\wldap32.dll c:\windows\system32\comres.dll c:\windows\system32\oleaut32.dll c:\windows\system32\clbcatq.dll C:\WINDOWS\SYSTEM32\SERVICES.EXE c:\windows\system32\services.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\userenv.dll c:\windows\system32\scesrv.dll c:\windows\system32\authz.dll c:\windows\system32\umpnpmgr.dll c:\windows\system32\winsta.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\secur32.dll c:\windows\system32\eventlog.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\psapi.dll c:\windows\system32\wtsapi32.dll C:\WINDOWS\SYSTEM32\LSASS.EXE c:\windows\system32\lsass.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\lsasrv.dll c:\windows\system32\msvcrt.dll c:\windows\system32\secur32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\samsrv.dll c:\windows\system32\cryptdll.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\msasn1.dll c:\windows\system32\netapi32.dll c:\windows\system32\samlib.dll c:\windows\system32\mpr.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\wldap32.dll c:\windows\system32\msprivs.dll c:\windows\system32\kerberos.dll c:\windows\system32\msv1_0.dll c:\windows\system32\netlogon.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netman.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\atl.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\rtutils.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\winmm.dll c:\windows\system32\shell32.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\wmi.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\crypt32.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\userenv.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\schannel.dll c:\windows\system32\wdigest.dll c:\windows\system32\rsaenh.dll c:\windows\system32\scecli.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\rpcss.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\secur32.dll c:\windows\system32\userenv.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netman.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\winmm.dll c:\windows\system32\shell32.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\wmi.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\winrnr.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\program files\lavasoft\ad-aware 2007\aawservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\lavasoft\ad-aware 2007\ceapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\ole32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wldap32.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\wininet.dll c:\windows\system32\oleaut32.dll c:\program files\lavasoft\ad-aware 2007\update.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\ole32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\cryptsvc.dll c:\windows\system32\msvcrt.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\certcli.dll c:\windows\system32\atl.dll c:\windows\system32\wldap32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\secur32.dll c:\windows\system32\netapi32.dll c:\windows\system32\cryptui.dll c:\windows\system32\wininet.dll c:\windows\system32\shlwapi.dll c:\windows\system32\esent.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll c:\windows\system32\wbem\wmisvc.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\vssapi.dll c:\windows\system32\srsvc.dll c:\windows\system32\shell32.dll c:\windows\system32\comctl32.dll c:\windows\pchealth\helpctr\binaries\pchsvc.dll c:\windows\system32\winsta.dll c:\windows\system32\ntmarta.dll c:\windows\system32\dmserver.dll c:\windows\system32\setupapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\es.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wtsapi32.dll C:\WINDOWS\SYSTEM32\USERINIT.EXE c:\windows\system32\userinit.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\crypt32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\msasn1.dll c:\windows\system32\winspool.drv c:\windows\system32\secur32.dll C:\WINDOWS\EXPLORER.EXE c:\windows\explorer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\browseui.dll c:\windows\system32\shdocvw.dll c:\windows\system32\uxtheme.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\cscui.dll c:\windows\system32\cscdll.dll c:\windows\system32\themeui.dll c:\windows\system32\secur32.dll c:\windows\system32\msimg32.dll c:\windows\system32\userenv.dll c:\windows\system32\msutb.dll c:\windows\system32\msctf.dll c:\windows\system32\netapi32.dll c:\windows\system32\samlib.dll c:\windows\system32\ntshrui.dll c:\windows\system32\atl.dll c:\windows\system32\linkinfo.dll c:\windows\system32\setupapi.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netman.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\wldap32.dll c:\windows\system32\rtutils.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\winmm.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\wmi.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dnsapi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\msi.dll c:\windows\system32\wininet.dll c:\windows\system32\urlmon.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\comctl32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shell32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ole32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netman.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\winmm.dll c:\windows\system32\secur32.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\wmi.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dnsapi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\snmpapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\version.dll c:\windows\system32\mpr.dll c:\windows\system32\imm32.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\windows\system32\uxtheme.dll c:\windows\system32\apphelp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\userenv.dll c:\windows\system32\olepro32.dll End of Scan Section =========================== Je peux me permettre des questions ? Je vais charger combien de logiciels encore ( jusqu'à ce qu'il n'y ait plus de virus ? ) ? A chaque installation de logiciel, puis-je désintaller ces derniers ? Je suis en train de "pourrir" le pc, non ? Je crainds que cela n'empire la situation. Pouvez-vous me rassurer ?

*************************************************************************************************************************** Voici le rapport de clean : Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Script execute en mode sans echec 03/07/2007 a 19:02:13,43 Microsoft Windows XP [version 5.1.2600] *** Suppression des fichiers dans C: tentative de suppression de C:\StubInstaller.exe *** Suppression des fichiers dans C:\WINDOWS\ *** Suppression des fichiers dans C:\WINDOWS\system32 tentative de suppression de C:\WINDOWS\system32\dlh9jkd?q?.exe tentative de suppression de C:\WINDOWS\system32\vexg*e*.exe tentative de suppression de C:\WINDOWS\system32\vx.tll *** Suppression des fichiers dans C:\Program Files tentative de suppression de "C:\Program Files\Viewpoint\" *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! Concernant AVGas, je clique pour installer le logiciel, puis apparait la langue, puis la licence, plus l'emplacement à sélectionner sur le pc, puis il demande de patienter pendant l'installation .........et là il se bloque à 2 "barres vertes", même si je le laisse tourner pendant des heures Que dois-je faire maintenant ?

********************************************************************************************************************** voici le rapport de Clean : 02/07/2007 a 7:11:56,39 *** Recherche des fichiers dans C: C:\StubInstaller.exe FOUND *** Recherche des fichiers dans C:\WINDOWS\ *** Recherche des fichiers dans C:\WINDOWS\system32 C:\WINDOWS\system32\dlh9jkd?q?.exe FOUND C:\WINDOWS\system32\dlh9jkd?q?.exe FOUND C:\WINDOWS\system32\vexg*e*.exe FOUND C:\WINDOWS\system32\vx.tll FOUND *** Recherche des fichiers dans C:\Program Files "C:\Program Files\Viewpoint\" FOUND *** Fin du rapport ! Pour AVG anti-spy. J'ai pu le charger, mais je ne peux pas l'installer. l'installation se bloque !? Que dois-je faire ?

**************************************************************************************************************************** voilà le rapport de Panda : Incident Statut Analyse Outil indésirable:Application/MyWebSearch No Désinfecté C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Outil indésirable:Application/MyWebSearch No Désinfecté C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Virus:Malware Generic Désinfecté Système d’exploitation Virus:Malware Generic Désinfecté Système d’exploitation Virus:trj/abwiz.a Désinfecté Système d’exploitation Adware:adware/adsmart No Désinfecté c:\windows\system32\vx.tll Outil indésirable:application/mywebsearch No Désinfecté hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Virus:Malware Generic Désinfecté C:\Documents and Settings\All Users\Documents\Settings\bot.dll Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\pascale\Cookies\pascale@advertising[1].txt Spyware:Cookie/Mysearch No Désinfecté C:\Documents and Settings\pascale\Cookies\pascale@mysearch[2].txt Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\pascale\Cookies\pascale@toplist[1].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\pascale\Cookies\pascale@weborama[2].txt Virus:W32/Patchlog.C Désinfecté C:\Documents and Settings\pascale\Local Settings\Tempwl.tmp Virus:Malware Generic Désinfecté C:\Documents and Settings\pascale\Local Settings\Temp\vx1t1.game Virus:Trj/Downloader.MDW Désinfecté C:\Documents and Settings\pascale\Local Settings\Temp\vx1t3.game Virus:Malware Generic Désinfecté C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Virus:Malware Generic Désinfecté C:\WINDOWS\system32\vexga1me4t1.exe Je fais quoi maintenant ? P. Choureaux

Bonjour, J'ai découvert avec bonheur votre site et j'espère que vous allez pouvoir détruire ce/ces virus. J'ai Avast familial en anti-virus. Depuis hier, j'ai essayé divers logiciels y compris spyware doctor. ce dernier m'a effacé de nombreux chevaux de troie. Cependant, cela continue quand même. En ce moment même, le pc est infecté par Win32:Small-EPJ [Trj] et hier Win32:Small-BLF J'ai suivi la procédure expliqué sur votre site et voici le rapport de Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 14:06:31, on 01/07/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\WF2K.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Club-Internet\Le Compagnon Club\bin\lecompagnonclub.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE C:\WINDOWS\System32\rundll32.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [service Pack 1] C:\WINDOWS\System32\vexg6ame4.exe O4 - HKCU\..\Run: [ppsmcs] sqvx5gamet2.exe O4 - HKCU\..\Run: [resvsio] C:\WINDOWS\System32\atsdisc.exe O4 - HKCU\..\Run: [vcmicrec] C:\WINDOWS\System32\msccsed.exe O4 - HKCU\..\Run: [netasv2] C:\WINDOWS\System32\regpmdnw.exe O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\System32\dllpzzrv.exe O4 - HKCU\..\Run: [audlmne32] C:\WINDOWS\System32\dcmsxe.exe O4 - HKCU\..\Run: [beadsofti] C:\WINDOWS\System32\iwssv32.exe O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183235248983 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\WgaLogon.dll O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\System32\njcc.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe Merci encore de votre aide. Tous les ans, mon pc est affecté par un virus différent malgré l'usage d'un anti-virus. Quel est le meilleur sur le marché actuel ? Je finis toujours par réinstaller complètement mon PC. C'était avant de vous connaître, j'espère bien maintenant m'en sortir grâce à vous. P. Choureaux