radiat28

bonsoir je voulais te remercier pour le coup de main merci

bonsoir je te poste les rapports comme prevu sauf que je n ai pas trouve le fichier texte %systeme%\Tcleaner.txt donc je te met ce qui etait dans la fenetre de toolscleaner -->- Recherche: C:\Vundofix backups: trouvé ! C:\Qoobox: trouvé ! C:\Documents and Settings\bouvier\Mes documents\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\bouvier\Mes documents\SmitFraudfix: trouvé ! C:\Documents and Settings\bouvier\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\bouvier\Bureau\vundoFix.exe: trouvé ! C:\Documents and Settings\bouvier\Bureau\virtumondebegone\VirtumundoBeGone.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\bouvier\Mes documents\SmitFraudFix.exe: supprimé ! C:\Documents and Settings\bouvier\Bureau\ComboFix.exe: supprimé ! C:\Documents and Settings\bouvier\Bureau\vundoFix.exe: supprimé ! C:\Documents and Settings\bouvier\Bureau\virtumondebegone\VirtumundoBeGone.exe: supprimé ! C:\Vundofix backups: supprimé ! C:\Qoobox: supprimé ! C:\Documents and Settings\bouvier\Mes documents\SmitFraudfix: supprimé ! et voici le rapport de antivir AntiVir PersonalEdition Classic Report file date: dimanche 18 novembre 2007 11:38 Scanning for 932510 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: bouvier Computer name: BOUVIER Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:56 ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 15:55:56 ANTIVIR3.VDF : 7.0.0.226 98304 Bytes 16/11/2007 22:13:38 AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 14/11/2007 15:55:58 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:02 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 18 novembre 2007 11:38 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '31' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: dimanche 18 novembre 2007 13:21 Used time: 1:43:07 min The scan has been done completely. 4471 Scanning directories 137274 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 137274 Files not concerned 1343 Archives were scanned 1 Warnings 18 Notes

bonsoir je te poste le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:21:56, on 16/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\SPYWAR~2\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Documents and Settings\bouvier\Bureau\scanner\scanner.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173728534186 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 6239 bytes

bosoir je nai pas de rapport vundofix car il na rien trouve

bonjour cijoint le rapport de viturmondebegone [11/15/2007, 16:05:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\bouvier\Bureau\virtumondebegone\VirtumundoBeGone.exe" ) [11/15/2007, 16:06:03] - Detected System Information: [11/15/2007, 16:06:03] - Windows Version: 5.1.2600, Service Pack 2 [11/15/2007, 16:06:03] - Current Username: bouvier (Admin) [11/15/2007, 16:06:03] - Windows is in SAFE mode with Networking. [11/15/2007, 16:06:03] - Searching for Browser Helper Objects: [11/15/2007, 16:06:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader) [11/15/2007, 16:06:03] - BHO 2: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher) [11/15/2007, 16:06:03] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/15/2007, 16:06:03] - BHO 4: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [11/15/2007, 16:06:03] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [11/15/2007, 16:06:03] - BHO 6: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [11/15/2007, 16:06:03] - Finished Searching Browser Helper Objects [11/15/2007, 16:06:03] - Finishing up... [11/15/2007, 16:06:03] - Nothing found! Exiting...

combix n a rien trouver, demain je fais virtumondebegone

VOILA LE RAPPORT DE COMBOFIX ET PENDANT L ANALYSE, ANTIVIRE A TROUVER PLUSIEUR FOIS trojan horse tr/inject.jt merci encore pour ton aideComboFix 07-11-08.1 - bouvier 2007-11-14 22:57:13.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.199 [GMT 1:00] Running from: C:\Documents and Settings\bouvier\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\bouvier\Bureau\CFScript * Created a new restore point FILE C:\WINDOWS\SYSTEM32\fhiii.bak1 C:\WINDOWS\SYSTEM32\fhiii.bak2 C:\WINDOWS\SYSTEM32\hjiii.bak1 C:\WINDOWS\SYSTEM32\kmnnn.bak1 C:\WINDOWS\SYSTEM32\kmnnn.bak2 C:\WINDOWS\SYSTEM32\monmp.bak1 C:\WINDOWS\SYSTEM32\npsru.bak1 C:\WINDOWS\SYSTEM32\onppo.bak1 C:\WINDOWS\SYSTEM32\onppo.bak2 C:\WINDOWS\SYSTEM32\psvyb.bak1 C:\WINDOWS\SYSTEM32\psvyb.bak2 C:\WINDOWS\SYSTEM32\psvyb.ini2 C:\WINDOWS\system32\rifafxcu.dll C:\WINDOWS\SYSTEM32\rqsut.bak1 C:\WINDOWS\SYSTEM32\rqsut.bak2 C:\WINDOWS\SYSTEM32\rqsut.ini2 C:\WINDOWS\SYSTEM32\ttvwa.bak1 C:\WINDOWS\SYSTEM32\ttvwa.bak2 C:\WINDOWS\SYSTEM32\ttvwa.ini2 C:\WINDOWS\SYSTEM32\tvvwa.ini2 C:\WINDOWS\SYSTEM32\tvxyb.bak1 C:\WINDOWS\SYSTEM32\wadgh.bak1 C:\WINDOWS\SYSTEM32\wayxx.bak1 C:\WINDOWS\SYSTEM32\wayxx.bak2 C:\WINDOWS\SYSTEM32\yabay.bak1 . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SYSTEM32\fhiii.bak1 C:\WINDOWS\SYSTEM32\fhiii.bak2 C:\WINDOWS\SYSTEM32\hjiii.bak1 C:\WINDOWS\SYSTEM32\kmnnn.bak1 C:\WINDOWS\SYSTEM32\kmnnn.bak2 C:\WINDOWS\SYSTEM32\monmp.bak1 C:\WINDOWS\SYSTEM32\npsru.bak1 C:\WINDOWS\SYSTEM32\onppo.bak1 C:\WINDOWS\SYSTEM32\onppo.bak2 C:\WINDOWS\SYSTEM32\psvyb.bak1 C:\WINDOWS\SYSTEM32\psvyb.bak2 C:\WINDOWS\SYSTEM32\psvyb.ini2 C:\WINDOWS\SYSTEM32\rqsut.bak1 C:\WINDOWS\SYSTEM32\rqsut.bak2 C:\WINDOWS\SYSTEM32\rqsut.ini2 C:\WINDOWS\SYSTEM32\ttvwa.bak1 C:\WINDOWS\SYSTEM32\ttvwa.bak2 C:\WINDOWS\SYSTEM32\ttvwa.ini2 C:\WINDOWS\SYSTEM32\tvvwa.ini2 C:\WINDOWS\SYSTEM32\tvxyb.bak1 C:\WINDOWS\SYSTEM32\wadgh.bak1 C:\WINDOWS\SYSTEM32\wayxx.bak1 C:\WINDOWS\SYSTEM32\wayxx.bak2 C:\WINDOWS\SYSTEM32\yabay.bak1 . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))))))) . 2007-11-14 21:34 <REP> d-------- C:\WINDOWS\LastGood 2007-11-14 20:53 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 16:45 <REP> d-------- C:\Program Files\Avira 2007-11-14 16:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-13 15:53 <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web 2007-11-12 23:16 <REP> d-------- C:\Documents and Settings\bouvier\Application Data\Uniblue 2007-11-12 22:33 2,164 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-11-12 22:31 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe 2007-11-12 22:30 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe 2007-11-12 22:30 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-11-12 22:30 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-11-12 22:29 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-11-12 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-12 10:11 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Dossier de téléchargement Share-to-Web 2007-11-11 12:20 <REP> d-------- C:\Program Files\a-squared Free 2007-11-09 16:45 <REP> d-------- C:\Program Files\CCleaner 2007-11-09 15:44 96,768 --a------ C:\WINDOWS\SlantAdj.dll 2007-11-09 15:44 73,216 --a------ C:\WINDOWS\ADE.DLL 2007-11-09 15:44 3,136 --a------ C:\WINDOWS\Ade001.bin 2007-11-06 21:38 157,696 --a------ C:\WINDOWS\SYSTEM32\paqsp.dll 2007-11-06 21:38 157,696 --a------ C:\WINDOWS\SYSTEM32\dllcache\paqsp.dll 2007-11-02 19:13 <REP> d-------- C:\Documents and Settings\christopher\Application Data\Spyware Terminator 2007-10-30 16:32 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Spyware Terminator 2007-10-29 20:55 138,752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys 2007-10-29 20:53 <REP> d-------- C:\Program Files\WinClamAVShield 2007-10-29 20:50 <REP> d-------- C:\Program Files\Spyware Terminator 2007-10-29 20:50 <REP> d-------- C:\Documents and Settings\bouvier\Application Data\Spyware Terminator 2007-10-29 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2007-10-29 19:45 <REP> d-------- C:\VundoFix Backups 2007-10-28 23:02 <REP> d--hs---- C:\FOUND.012 2007-10-27 22:55 <REP> d-------- C:\Program Files\RegistrySmart 2007-10-27 22:55 <REP> d-------- C:\Documents and Settings\bouvier\Application Data\RegistrySmart 2007-10-25 22:33 <REP> d--hs---- C:\FOUND.011 2007-10-23 23:58 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2007-10-23 23:11 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll 2007-10-23 23:11 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat 2007-10-23 23:11 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll 2007-10-23 23:11 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll 2007-10-23 23:11 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll 2007-10-23 23:11 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll 2007-10-23 23:11 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll 2007-10-23 23:11 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe 2007-10-23 23:10 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr 2007-10-23 23:03 33,792 --a------ C:\WINDOWS\SYSTEM32\dllcache\custsat.dll 2007-10-21 17:18 <REP> d--hs---- C:\FOUND.010 2007-10-21 16:31 <REP> d-------- C:\Program Files\Alwil Software 2007-10-17 23:41 <REP> d--hs---- C:\FOUND.009 2007-10-16 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-15 22:33 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2007-10-15 18:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-10-15 18:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-10-15 18:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-10-15 18:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-10-15 18:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-10-15 18:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-10-15 18:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-10-15 18:04 <REP> d-------- C:\WINDOWS\pss . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-08 22:10 --------- d-----w C:\Program Files\Google 2007-10-08 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-06 09:24 --------- d-----w C:\Program Files\SAGEM 2007-09-26 21:52 --------- d-----w C:\Documents and Settings\christopher\Application Data\Dossier de téléchargement Share-to-Web 2007-09-26 21:51 --------- d-----w C:\Documents and Settings\christopher\Application Data\Dossier de téléchargement Share-to-Web 2007-09-18 17:03 4,288 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys 2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll 2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll 2007-09-17 19:22 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll 2007-09-17 19:22 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll 2007-09-17 16:12 --------- d-----w C:\Documents and Settings\bouvier\Application Data\ACD Systems 2007-09-14 13:38 --------- d-----w C:\Documents and Settings\anthony\Application Data\Dossier de téléchargement Share-to-Web 2007-09-12 00:14 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe 2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll 2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll 2007-08-22 13:57 1,498,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll 2007-08-22 13:57 1,056,768 ------w C:\WINDOWS\SYSTEM32\dllcache\danim.dll 2007-08-22 13:57 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll 2007-08-21 17:06 18,880 ----a-w C:\Documents and Settings\bouvier\Application Data\GDIPFONTCACHEV1.DAT 2007-08-21 07:17 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll 2007-08-21 07:17 683,520 ------w C:\WINDOWS\SYSTEM32\dllcache\inetcomm.dll 2007-08-21 01:26 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll 2007-08-21 01:26 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll 2007-08-20 14:29 3,584,512 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll 2007-08-20 10:59 824,832 ------w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll 2007-08-20 10:59 671,232 ------w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll 2007-08-20 10:59 477,696 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll 2007-08-20 10:59 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\iernonce.dll 2007-08-20 10:59 384,512 ------w C:\WINDOWS\SYSTEM32\dllcache\iedkcs32.dll 2007-08-20 10:59 27,648 ------w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll 2007-08-20 10:59 232,960 ------w C:\WINDOWS\SYSTEM32\dllcache\webcheck.dll 2007-08-20 10:59 230,400 ------w C:\WINDOWS\SYSTEM32\dllcache\ieaksie.dll 2007-08-20 10:59 214,528 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll 2007-08-20 10:59 193,024 ------w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll 2007-08-20 10:59 153,088 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakeng.dll 2007-08-20 10:59 132,608 ------w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll 2007-08-20 10:59 124,928 ------w C:\WINDOWS\SYSTEM32\dllcache\advpack.dll 2007-08-20 10:59 105,984 ------w C:\WINDOWS\SYSTEM32\dllcache\url.dll 2007-08-20 10:59 102,400 ------w C:\WINDOWS\SYSTEM32\dllcache\occache.dll 2007-08-20 10:59 1,152,000 ------w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll 2007-08-17 11:22 63,488 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe 2007-08-17 11:22 625,152 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe 2007-08-17 08:34 161,792 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll 2007-08-15 23:33 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe 2007-08-15 23:33 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll 2007-08-15 23:33 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll 2007-08-15 23:33 120,056 ------w C:\WINDOWS\SYSTEM32\pxcpyi64.exe 2007-08-15 23:33 118,520 ------w C:\WINDOWS\SYSTEM32\pxinsi64.exe 2007-08-15 23:33 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll 2007-08-15 23:31 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll 2007-08-15 23:31 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll 2007-08-15 23:31 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll 2007-08-15 23:31 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll 2007-08-15 23:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll 2007-08-15 23:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll 2007-06-22 22:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-03-05 20:03 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2007-03-05 19:41 271 --sh--w C:\Program Files\desktop.ini 2007-03-05 19:41 23,506 ---h--w C:\Program Files\folder.htt 2004-08-19 23:09:46 50,688 --sh--w C:\WINDOWS\twain_32.dll 2001-08-24 11:00:00 94,864 --sh--w C:\WINDOWS\twain.dll 2004-08-19 23:10:02 12,288 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe 2004-08-19 23:09:30 1,028,096 --sh--w C:\WINDOWS\SYSTEM32\mfc42.dll 2007-03-29 16:19:00 104 --sh--r C:\WINDOWS\SYSTEM32\6F97C92780.sys 2004-08-19 23:09:34 343,040 --sh--w C:\WINDOWS\SYSTEM32\msvcrt.dll 2004-08-19 23:09:36 83,456 --sh--w C:\WINDOWS\SYSTEM32\olepro32.dll 2004-08-19 23:09:34 413,696 --sh--w C:\WINDOWS\SYSTEM32\msvcp60.dll 2004-08-19 23:09:34 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemTray"="SysTray.Exe" [2001-08-24 12:00 C:\WINDOWS\SYSTEM32\systray.exe] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-23 13:08] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-22 22:47] "SpywareTerminator"="C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" [2007-10-29 20:51] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-14 16:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-08 23:10:29] NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-06-22 22:50:17] AOL 9.0 Ic“ne AOL.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-03-15 18:47:03] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "AtiPTA"=Atiptaxx.exe "AOLSAV"=C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAGENT.EXE "AOLDialer"=C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys R3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys S3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys S3 FALSTAFF;USB Storage Adapter ;C:\WINDOWS\system32\DRIVERS\FALSTAFF.SYS S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-11-07 18:00:02 C:\WINDOWS\Tasks\Démarrage du programme de réglages.job" "2007-11-14 21:36:04 C:\WINDOWS\Tasks\Planificateur pour la collecte de données PCHealth.job" "2007-11-14 20:09:12 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2007-11-14 21:56:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2007-11-03 02:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 23:03:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-14 23:05:03 C:\ComboFix2.txt ... 2007-11-14 21:10 . --- E O F ---

bonsoir et merci pour ton aide j ai fait comme tu m a dit j ai retire 3 protections vire avast et mis antivir ci joint le rapport de combofix comme prevu ComboFix 07-11-08.1 - bouvier 2007-11-14 20:57:32.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.191 [GMT 1:00] Running from: C:\Documents and Settings\bouvier\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\start.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))))))) . 2007-11-14 20:53 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 16:45 <REP> d-------- C:\Program Files\Avira 2007-11-14 16:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-13 15:53 <REP> C:\Documents and Settings\Administrateur\Application Data\Dossier de t‚l‚chargement Share-to-Web 2007-11-12 23:16 <REP> d-------- C:\Documents and Settings\bouvier\Application Data\Uniblue 2007-11-12 22:33 2,164 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2007-11-12 22:31 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe 2007-11-12 22:30 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe 2007-11-12 22:30 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2007-11-12 22:30 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2007-11-12 22:29 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-11-12 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-12 10:11 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Dossier de t‚l‚chargement Share-to-Web 2007-11-11 12:20 <REP> d-------- C:\Program Files\a-squared Free 2007-11-09 16:45 <REP> d-------- C:\Program Files\CCleaner 2007-11-09 15:44 96,768 --a------ C:\WINDOWS\SlantAdj.dll 2007-11-09 15:44 73,216 --a------ C:\WINDOWS\ADE.DLL 2007-11-09 15:44 3,136 --a------ C:\WINDOWS\Ade001.bin 2007-11-06 21:38 157,696 --a------ C:\WINDOWS\SYSTEM32\paqsp.dll 2007-11-06 21:38 157,696 --a------ C:\WINDOWS\SYSTEM32\dllcache\paqsp.dll 2007-11-02 19:13 <REP> d-------- C:\Documents and Settings\christopher\Application Data\Spyware Terminator 2007-10-30 16:32 <REP> d-------- C:\Documents and Settings\anthony\Application Data\Spyware Terminator 2007-10-29 20:55 138,752 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sp_rsdrv2.sys 2007-10-29 20:53 <REP> d-------- C:\Program Files\WinClamAVShield 2007-10-29 20:50 <REP> d-------- C:\Program Files\Spyware Terminator 2007-10-29 20:50 <REP> d-------- C:\Documents and Settings\bouvier\Application Data\Spyware Terminator 2007-10-29 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2007-10-29 19:45 <REP> d-------- C:\VundoFix Backups 2007-10-28 23:03 187,628 ---hs---- C:\WINDOWS\SYSTEM32\rqsut.ini2 2007-10-28 23:02 <REP> d--hs---- C:\FOUND.012 2007-10-27 22:55 <REP> d-------- C:\Program Files\RegistrySmart 2007-10-27 22:55 <REP> d-------- C:\Documents and Settings\bouvier\Application Data\RegistrySmart 2007-10-25 22:33 <REP> d--hs---- C:\FOUND.011 2007-10-23 23:58 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2007-10-23 23:11 6,058,496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll 2007-10-23 23:11 2,455,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dat 2007-10-23 23:11 459,264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll 2007-10-23 23:11 383,488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll 2007-10-23 23:11 267,776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll 2007-10-23 23:11 63,488 --------- C:\WINDOWS\SYSTEM32\dllcache\icardie.dll 2007-10-23 23:11 52,224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll 2007-10-23 23:11 13,824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe 2007-10-23 23:10 <REP> d-------- C:\WINDOWS\SYSTEM32\fr-fr 2007-10-23 23:03 33,792 --a------ C:\WINDOWS\SYSTEM32\dllcache\custsat.dll 2007-10-21 17:18 <REP> d--hs---- C:\FOUND.010 2007-10-21 16:31 <REP> d-------- C:\Program Files\Alwil Software 2007-10-17 23:41 <REP> d--hs---- C:\FOUND.009 2007-10-16 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-15 22:33 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2007-10-15 18:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-10-15 18:10 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-10-15 18:10 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-10-15 18:10 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-10-15 18:10 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-10-15 18:10 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-10-15 18:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-10-15 18:04 <REP> d-------- C:\WINDOWS\pss . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 15:43 193,837 --sh--w C:\WINDOWS\SYSTEM32\rqsut.bak2 2007-11-13 14:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Dossier de téléchargement Share-to-Web 2007-11-12 09:11 --------- d-----w C:\Documents and Settings\anthony\Application Data\Dossier de téléchargement Share-to-Web 2007-10-08 22:10 --------- d-----w C:\Program Files\Google 2007-10-08 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-10-06 11:49 6,363 --sh--w C:\WINDOWS\SYSTEM32\rqsut.bak1 2007-10-06 09:24 --------- d-----w C:\Program Files\SAGEM 2007-09-30 16:16 6,440 --sh--w C:\WINDOWS\SYSTEM32\npsru.bak1 2007-09-29 15:18 24,306 --sh--w C:\WINDOWS\SYSTEM32\wayxx.bak2 2007-09-29 14:01 6,440 --sh--w C:\WINDOWS\SYSTEM32\yabay.bak1 2007-09-28 19:23 6,440 --sh--w C:\WINDOWS\SYSTEM32\wayxx.bak1 2007-09-28 15:01 7,085 --sh--w C:\WINDOWS\SYSTEM32\onppo.bak2 2007-09-27 14:15 6,440 --sh--w C:\WINDOWS\SYSTEM32\onppo.bak1 2007-09-26 21:52 --------- d-----w C:\Documents and Settings\christopher\Application Data\Dossier de téléchargement Share-to-Web 2007-09-26 21:51 --------- d-----w C:\Documents and Settings\christopher\Application Data\Dossier de téléchargement Share-to-Web 2007-09-26 18:56 6,440 --sh--w C:\WINDOWS\SYSTEM32\tvxyb.bak1 2007-09-26 15:15 6,480 --sh--w C:\WINDOWS\SYSTEM32\fhiii.bak2 2007-09-25 22:31 6,440 --sh--w C:\WINDOWS\SYSTEM32\fhiii.bak1 2007-09-25 16:43 6,550 --sh--w C:\WINDOWS\SYSTEM32\tvvwa.ini2 2007-09-19 21:54 6,480 --sh--w C:\WINDOWS\SYSTEM32\kmnnn.bak2 2007-09-19 17:52 6,440 --sh--w C:\WINDOWS\SYSTEM32\hjiii.bak1 2007-09-19 13:45 6,440 --sh--w C:\WINDOWS\SYSTEM32\kmnnn.bak1 2007-09-18 17:03 4,288 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys 2007-09-17 20:08 6,550 --sh--w C:\WINDOWS\SYSTEM32\ttvwa.ini2 2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll 2007-09-17 19:23 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll 2007-09-17 19:22 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll 2007-09-17 19:22 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll 2007-09-17 16:13 6,480 --sh--w C:\WINDOWS\SYSTEM32\ttvwa.bak2 2007-09-17 16:12 --------- d-----w C:\Documents and Settings\bouvier\Application Data\ACD Systems 2007-09-16 18:02 6,440 --sh--w C:\WINDOWS\SYSTEM32\ttvwa.bak1 2007-09-15 18:22 7,358 --sh--w C:\WINDOWS\SYSTEM32\psvyb.ini2 2007-09-14 13:43 6,440 --sh--w C:\WINDOWS\SYSTEM32\monmp.bak1 2007-09-14 13:38 --------- d-----w C:\Documents and Settings\anthony\Application Data\Dossier de téléchargement Share-to-Web 2007-09-13 17:27 7,288 --sh--w C:\WINDOWS\SYSTEM32\psvyb.bak2 2007-09-12 00:14 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe 2007-09-10 21:49 7,421 --sh--w C:\WINDOWS\SYSTEM32\psvyb.bak1 2007-09-09 15:50 6,480 --sh--w C:\WINDOWS\SYSTEM32\wadgh.bak1 2007-08-22 13:57 474,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shlwapi.dll 2007-08-22 13:57 152,064 ------w C:\WINDOWS\SYSTEM32\dllcache\cdfview.dll 2007-08-22 13:57 1,498,624 ------w C:\WINDOWS\SYSTEM32\dllcache\shdocvw.dll 2007-08-22 13:57 1,056,768 ------w C:\WINDOWS\SYSTEM32\dllcache\danim.dll 2007-08-22 13:57 1,023,488 ------w C:\WINDOWS\SYSTEM32\dllcache\browseui.dll 2007-08-21 17:06 18,880 ----a-w C:\Documents and Settings\bouvier\Application Data\GDIPFONTCACHEV1.DAT 2007-08-21 07:17 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll 2007-08-21 07:17 683,520 ------w C:\WINDOWS\SYSTEM32\dllcache\inetcomm.dll 2007-08-21 01:26 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll 2007-08-21 01:26 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll 2007-08-20 14:29 3,584,512 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll 2007-08-20 10:59 824,832 ------w C:\WINDOWS\SYSTEM32\dllcache\wininet.dll 2007-08-20 10:59 671,232 ------w C:\WINDOWS\SYSTEM32\dllcache\mstime.dll 2007-08-20 10:59 477,696 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll 2007-08-20 10:59 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\iernonce.dll 2007-08-20 10:59 384,512 ------w C:\WINDOWS\SYSTEM32\dllcache\iedkcs32.dll 2007-08-20 10:59 27,648 ------w C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll 2007-08-20 10:59 232,960 ------w C:\WINDOWS\SYSTEM32\dllcache\webcheck.dll 2007-08-20 10:59 230,400 ------w C:\WINDOWS\SYSTEM32\dllcache\ieaksie.dll 2007-08-20 10:59 214,528 ------w C:\WINDOWS\SYSTEM32\dllcache\dxtrans.dll 2007-08-20 10:59 193,024 ------w C:\WINDOWS\SYSTEM32\dllcache\msrating.dll 2007-08-20 10:59 153,088 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakeng.dll 2007-08-20 10:59 132,608 ------w C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll 2007-08-20 10:59 124,928 ------w C:\WINDOWS\SYSTEM32\dllcache\advpack.dll 2007-08-20 10:59 105,984 ------w C:\WINDOWS\SYSTEM32\dllcache\url.dll 2007-08-20 10:59 102,400 ------w C:\WINDOWS\SYSTEM32\dllcache\occache.dll 2007-08-20 10:59 1,152,000 ------w C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll 2007-08-17 11:22 63,488 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe 2007-08-17 11:22 625,152 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe 2007-08-17 08:34 161,792 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll 2007-08-15 23:33 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe 2007-08-15 23:33 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll 2007-08-15 23:33 129,784 ------w C:\WINDOWS\SYSTEM32\pxafs.dll 2007-08-15 23:33 120,056 ------w C:\WINDOWS\SYSTEM32\pxcpyi64.exe 2007-08-15 23:33 118,520 ------w C:\WINDOWS\SYSTEM32\pxinsi64.exe 2007-08-15 23:33 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll 2007-08-15 23:31 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll 2007-08-15 23:31 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll 2007-08-15 23:31 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll 2007-08-15 23:31 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll 2007-08-15 23:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll 2007-08-15 23:31 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll 2007-06-22 22:06 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT 2007-03-05 20:03 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2007-03-05 19:41 271 --sh--w C:\Program Files\desktop.ini 2007-03-05 19:41 23,506 ---h--w C:\Program Files\folder.htt 2004-08-19 23:09:46 50,688 --sh--w C:\WINDOWS\twain_32.dll 2001-08-24 11:00:00 94,864 --sh--w C:\WINDOWS\twain.dll 2004-08-19 23:10:02 12,288 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe 2004-08-19 23:09:30 1,028,096 --sh--w C:\WINDOWS\SYSTEM32\mfc42.dll 2007-03-29 16:19:00 104 --sh--r C:\WINDOWS\SYSTEM32\6F97C92780.sys 2004-08-19 23:09:34 343,040 --sh--w C:\WINDOWS\SYSTEM32\msvcrt.dll 2004-08-19 23:09:36 83,456 --sh--w C:\WINDOWS\SYSTEM32\olepro32.dll 2004-08-19 23:09:34 413,696 --sh--w C:\WINDOWS\SYSTEM32\msvcp60.dll 2004-08-19 23:09:34 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0522b44-e479-4b86-98e2-c909a774aaea}] C:\WINDOWS\system32\rifafxcu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemTray"="SysTray.Exe" [2001-08-24 12:00 C:\WINDOWS\SYSTEM32\systray.exe] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-23 13:08] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-22 22:47] "SpywareTerminator"="C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" [2007-10-29 20:51] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-14 16:55] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 04:00] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "AtiPTA"=Atiptaxx.exe "AOLSAV"=C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAGENT.EXE "AOLDialer"=C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys R3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys S3 Dot4 HPH09;Dot4 HPH09;C:\WINDOWS\system32\DRIVERS\hphid409.sys S3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09;C:\WINDOWS\system32\DRIVERS\hphipr09.sys S3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09);C:\WINDOWS\system32\Drivers\hphs2k09.sys S3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys S3 FALSTAFF;USB Storage Adapter ;C:\WINDOWS\system32\DRIVERS\FALSTAFF.SYS S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-07 18:00:02 C:\WINDOWS\Tasks\Démarrage du programme de réglages.job" "2007-11-14 19:36:04 C:\WINDOWS\Tasks\Planificateur pour la collecte de données PCHealth.job" "2007-11-14 20:09:12 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE "2007-11-14 19:56:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" "2007-11-03 02:30:02 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 21:08:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-14 21:10:45 - machine was rebooted . --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:25:01, on 13/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\AOL 9.0\aoltray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\SPYWAR~2\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\bouvier\Bureau\scanner\scanner.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C0BBEA7B-2C51-430E-A89A-5E9E299F8F52} - C:\WINDOWS\system32\tusqr.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?68dd6ea1b76f48c39c3b0a46adfb4be8 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?68dd6ea1b76f48c39c3b0a46adfb4be8 O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173728534186 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0036695.dat O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9761 bytes

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:57:42, on 13/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\AOL 9.0\aoltray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\SPYWAR~2\sp_rsser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\bouvier\Bureau\scanner\scanner.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {C0BBEA7B-2C51-430E-A89A-5E9E299F8F52} - C:\WINDOWS\system32\tusqr.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [spywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?68dd6ea1b76f48c39c3b0a46adfb4be8 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?68dd6ea1b76f48c39c3b0a46adfb4be8 O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173728534186 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0036695.dat O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9794 bytes

pouvez vous m aidez merci