marcus66

merci pour tous

Bonsoir, tout a l'air de fonctionner, encore merci Pear pour tes conseils c'est la 1ere fois que je vais sur un forum pour demander de l'aide et je ne le regrette pas. Cela m'a evité de formater car c'est ce que j'aurai fait. c'est super d'avoir autants de conaissances, il faut s'y mettre quoi! Bonne soirée. ps:comment fait on pour mettre [résolu] au titre de mon sujet?

Bonjour, super travail Pear,mon pc ne bloque plus et je n'ai de message quand je surf sur le net, plus de trace de AVSystemCare. j'ai fait une recherche avec toolscleaner2 comme tu me le suggères, C:\Documents and Settings\marcisa\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\marcisa\Bureau\Nettoyage pc\Navilog1.lnk: trouvé ! C:\Documents and Settings\marcisa\Favoris\MARC\HijackThis: trouvé ! C:\Documents and Settings\marcisa\Recent\HijackThis.lnk: trouvé ! C:\Program Files\Navilog1: trouvé ! est ce que je peux supprimer ces lignes? que me conseille tu comme pare feux (facile d'utilisation) et comme anti virus(Avast ou antivir)

Voilà le rapport d'hijackthis, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:03, on 2008-03-24 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\karcher.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 5223 bytes Bonne journée.

Bonjour, voila le rapport de combo(du 1er coup) je fais des progrés. ComboFix 08-03-22.1 - marcisa 2008-03-24 10:46:50.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.739 [GMT 1:00] Endroit: C:\Documents and Settings\marcisa\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\marcisa\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\System32\3.tmp" C:\WINDOWS\system32\rqyonfif.ini . TimedOut: Windir.dat TimedOut: progfile.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\rqyonfif.ini . ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-23 11:24 . 2007-02-22 11:43 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys 2008-03-23 11:18 . 2008-03-23 11:18 <REP> d-------- C:\Program Files\Sophos 2008-03-20 19:13 . 2008-03-20 21:45 <REP> d-------- C:\Program Files\Navilog1 2008-03-20 12:34 . 2008-03-20 12:33 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-20 12:34 . 2008-03-20 12:34 2,557 --a------ C:\WINDOWS\unins000.dat 2008-03-20 12:29 . 2008-03-20 12:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-20 12:01 . 2008-03-20 12:01 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\Grisoft 2008-03-20 12:01 . 2008-03-20 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-20 12:01 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-20 11:26 . 2008-03-20 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-19 21:49 . 2008-03-19 21:49 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-18 19:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-03-18 19:18 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-03-14 23:45 . 2008-03-14 23:45 <REP> d-------- C:\Program Files\ratDVD 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Program Files\Micro Application 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\Micro Application 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Micro Application 2008-03-09 11:00 . 2008-03-10 10:54 <REP> d-------- C:\Program Files\Google 2008-03-07 22:44 . 2008-03-07 22:44 <REP> d-------- C:\Program Files\Ashampoo 2008-03-06 14:21 . 2008-03-07 13:35 <REP> d-------- C:\Program Files\Real Alternative 2008-03-06 14:21 . 2008-03-06 14:21 <REP> d-------- C:\Program Files\Media Player Classic 2008-02-27 12:23 . 2008-02-27 12:23 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\dvdcss 2008-02-24 09:27 . 2008-02-24 09:27 <REP> d-------- C:\Program Files\EA GAMES . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-22 21:59 --------- d-----w C:\Documents and Settings\marcisa\Application Data\uTorrent 2008-03-19 21:54 --------- d-----w C:\Program Files\a-squared Free 2008-03-19 19:01 --------- d-----w C:\Program Files\Microsoft Money 2008-03-18 20:33 --------- d-----w C:\Program Files\eMule 2008-03-14 18:15 --------- d-----w C:\Documents and Settings\marcisa\Application Data\AdobeUM 2008-03-09 10:00 --------- d-----w C:\Program Files\Java 2008-03-08 10:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-24 17:49 --------- d-----w C:\Program Files\Elaborate Bytes 2008-02-24 08:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-02-22 14:41 --------- d-----w C:\Program Files\Alcohol Soft 2008-02-21 19:07 --------- d-----w C:\Program Files\Electronic Arts 2008-02-21 17:37 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-02-19 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-02-17 19:23 --------- d-----w C:\Program Files\uTorrent 2008-02-17 19:02 --------- d-----w C:\Program Files\ATI Technologies 2008-02-17 18:16 --------- d-----w C:\Program Files\Lavalys 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\marcisa\Application Data\vlc 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Media Player Classic 2008-02-11 22:31 --------- d-----w C:\Program Files\directx 2008-02-11 21:47 --------- d-----w C:\Program Files\RegCleaner 2008-02-11 16:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-11 16:49 22,328 ----a-w C:\Documents and Settings\marcisa\Application Data\PnkBstrK.sys 2008-02-11 15:04 --------- d-----w C:\Program Files\Setup Files 2008-02-11 14:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-11 14:34 --------- d-----w C:\Documents and Settings\marcisa\Application Data\ATI 2008-02-10 18:05 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec 2008-02-10 18:02 --------- d-----w C:\Program Files\Pochette Express 2 2008-02-10 17:40 --------- d-----w C:\Program Files\AIDA32 - Enterprise System Information 2008-02-10 17:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-10 17:19 --------- d-----w C:\Program Files\VideoLAN 2008-02-10 09:04 --------- d-----w C:\Program Files\DVD Shrink 2008-02-10 08:47 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-10 08:42 --------- d-----w C:\Program Files\DVDFab Decrypter 2008-02-10 08:39 --------- d-----w C:\Documents and Settings\marcisa\Application Data\SlySoft 2008-02-10 08:25 --------- d-----w C:\Program Files\SlySoft 2008-02-10 08:20 --------- d-----w C:\Program Files\TechSmith 2008-02-10 08:18 --------- d-----w C:\Program Files\PicaView32 2008-02-10 08:18 --------- d-----w C:\Documents and Settings\marcisa\Application Data\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Program Files\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-02-10 08:06 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-02-10 08:06 --------- d-----w C:\Program Files\Ahead 2008-02-10 07:54 --------- d-----w C:\Program Files\Snapshot Viewer 2008-02-10 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2008-02-10 07:51 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Microsoft Web Folders 2008-02-10 07:49 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-09 20:56 --------- d-----w C:\Program Files\Lavasoft 2008-02-09 20:56 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Lavasoft 2008-02-09 20:53 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-02-09 20:53 --------- d-----w C:\Documents and Settings\marcisa\Application Data\TuneUp Software 2008-02-09 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-02-09 20:11 --------- d-----w C:\Program Files\CCleaner 2008-02-09 20:03 --------- d-----w C:\Program Files\CA 2008-02-09 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA 2008-02-09 19:38 --------- d-----w C:\Program Files\xp-AntiSpy 2008-02-09 19:25 --------- d-----w C:\Program Files\Alwil Software 2008-02-09 18:22 --------- d-----w C:\Program Files\MSI 2008-02-09 17:44 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Hewlett-Packard 2008-02-09 17:43 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-02-09 17:43 --------- d-----w C:\Program Files\Hewlett-Packard 2008-02-09 17:39 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2008-02-09 17:29 --------- d-----w C:\Program Files\VIA 2008-02-09 17:09 558,142 ----a-w C:\WINDOWS\java\Packages\JF5JF9VJ.ZIP 2008-02-09 17:09 155,995 ----a-w C:\WINDOWS\java\Packages\X7BDRZ5J.ZIP 2008-02-09 16:59 --------- d-----w C:\Program Files\Services en ligne . ((((((((((((((((((((((((((((( snapshot@2008-03-22_18.28.53.03 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-24 09:50:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 12:09 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-02-09 21:25 177416] "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-02-09 21:25 14088] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45 13312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] --a------ 2007-01-17 17:01 496640 C:\Program Files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] --a------ 1999-08-04 00:00 127040 C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-03-13 12:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pml Driver HPZ12"=3 (0x3) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "a2free"=2 (0x2) "TUWinStylerThemeSvc"=3 (0x3) "StarWindServiceAE"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "gusvc"=3 (0x3) R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2006-10-17 20:22] R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\System32\drivers\kbfilter.sys [2003-03-27 13:55] R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\System32\drivers\moufiltr.sys [2003-01-23 14:29] R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\System32\SAVRKBootTasks.sys [2007-02-22 11:43] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A2040677-7FD0-86A2-8D18-A0A738BCF2EF}] C:\Program Files\Mozilla Firefox\firefos.exe s . Contents of the 'Scheduled Tasks' folder "2008-03-09 17:44:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1202579011.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-03-21 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-24 10:50:42 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe . ************************************************************************** . Completion time: 2008-03-24 10:52:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-24 09:52:35 ComboFix2.txt 2008-03-22 17:35:28 ComboFix3.txt 2008-03-22 17:29:10 je te fais suivre celui de hijackthis.

Bonsoir, oups désolé voila le rapport. ComboFix 08-03-22.1 - marcisa 2008-03-23 11:40:12.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.733 [GMT 1:00] Endroit: C:\Documents and Settings\marcisa\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\marcisa\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\Program Files\AVSystemCare\pgs.exe C:\WINDOWS\NAVIGMA.INI C:\WINDOWS\System32\pcpjpcgn.dll C:\WINDOWS\system32\pydfspua.ini C:\WINDOWS\system32\unormyyx.ini C:\WINDOWS\System32\xyymronu.dll . TimedOut: Windir.dat TimedOut: progfile.dat ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\NAVIGMA.INI C:\WINDOWS\system32\pydfspua.ini C:\WINDOWS\system32\unormyyx.ini . ((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))) . 2008-03-23 11:24 . 2007-02-22 11:43 18,816 --------- C:\WINDOWS\system32\SAVRKBootTasks.sys 2008-03-23 11:18 . 2008-03-23 11:18 <REP> d-------- C:\Program Files\Sophos 2008-03-20 19:13 . 2008-03-20 21:45 <REP> d-------- C:\Program Files\Navilog1 2008-03-20 12:34 . 2008-03-20 12:33 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-20 12:34 . 2008-03-20 12:34 2,557 --a------ C:\WINDOWS\unins000.dat 2008-03-20 12:29 . 2008-03-20 12:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-20 12:21 . 2008-03-20 12:45 414 ---hs---- C:\WINDOWS\system32\rqyonfif.ini 2008-03-20 12:01 . 2008-03-20 12:01 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\Grisoft 2008-03-20 12:01 . 2008-03-20 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-20 12:01 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-20 11:26 . 2008-03-20 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-19 21:49 . 2008-03-19 21:49 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-18 19:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-03-18 19:18 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-03-14 23:45 . 2008-03-14 23:45 <REP> d-------- C:\Program Files\ratDVD 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Program Files\Micro Application 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\Micro Application 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Micro Application 2008-03-09 11:00 . 2008-03-10 10:54 <REP> d-------- C:\Program Files\Google 2008-03-07 22:44 . 2008-03-07 22:44 <REP> d-------- C:\Program Files\Ashampoo 2008-03-06 14:21 . 2008-03-07 13:35 <REP> d-------- C:\Program Files\Real Alternative 2008-03-06 14:21 . 2008-03-06 14:21 <REP> d-------- C:\Program Files\Media Player Classic 2008-02-27 12:23 . 2008-02-27 12:23 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\dvdcss 2008-02-24 09:27 . 2008-02-24 09:27 <REP> d-------- C:\Program Files\EA GAMES . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-22 21:59 --------- d-----w C:\Documents and Settings\marcisa\Application Data\uTorrent 2008-03-19 21:54 --------- d-----w C:\Program Files\a-squared Free 2008-03-19 19:01 --------- d-----w C:\Program Files\Microsoft Money 2008-03-18 20:33 --------- d-----w C:\Program Files\eMule 2008-03-14 18:15 --------- d-----w C:\Documents and Settings\marcisa\Application Data\AdobeUM 2008-03-09 10:00 --------- d-----w C:\Program Files\Java 2008-03-08 10:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-24 17:49 --------- d-----w C:\Program Files\Elaborate Bytes 2008-02-24 08:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-02-22 14:41 --------- d-----w C:\Program Files\Alcohol Soft 2008-02-21 19:07 --------- d-----w C:\Program Files\Electronic Arts 2008-02-21 17:37 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-02-19 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-02-17 19:23 --------- d-----w C:\Program Files\uTorrent 2008-02-17 19:02 --------- d-----w C:\Program Files\ATI Technologies 2008-02-17 18:16 --------- d-----w C:\Program Files\Lavalys 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\marcisa\Application Data\vlc 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Media Player Classic 2008-02-11 22:31 --------- d-----w C:\Program Files\directx 2008-02-11 21:47 --------- d-----w C:\Program Files\RegCleaner 2008-02-11 16:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-11 16:49 22,328 ----a-w C:\Documents and Settings\marcisa\Application Data\PnkBstrK.sys 2008-02-11 15:04 --------- d-----w C:\Program Files\Setup Files 2008-02-11 14:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-11 14:34 --------- d-----w C:\Documents and Settings\marcisa\Application Data\ATI 2008-02-10 18:05 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec 2008-02-10 18:02 --------- d-----w C:\Program Files\Pochette Express 2 2008-02-10 17:40 --------- d-----w C:\Program Files\AIDA32 - Enterprise System Information 2008-02-10 17:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-10 17:19 --------- d-----w C:\Program Files\VideoLAN 2008-02-10 09:04 --------- d-----w C:\Program Files\DVD Shrink 2008-02-10 08:47 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-10 08:42 --------- d-----w C:\Program Files\DVDFab Decrypter 2008-02-10 08:39 --------- d-----w C:\Documents and Settings\marcisa\Application Data\SlySoft 2008-02-10 08:25 --------- d-----w C:\Program Files\SlySoft 2008-02-10 08:20 --------- d-----w C:\Program Files\TechSmith 2008-02-10 08:18 --------- d-----w C:\Program Files\PicaView32 2008-02-10 08:18 --------- d-----w C:\Documents and Settings\marcisa\Application Data\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Program Files\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-02-10 08:06 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-02-10 08:06 --------- d-----w C:\Program Files\Ahead 2008-02-10 07:54 --------- d-----w C:\Program Files\Snapshot Viewer 2008-02-10 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2008-02-10 07:51 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Microsoft Web Folders 2008-02-10 07:49 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-09 20:56 --------- d-----w C:\Program Files\Lavasoft 2008-02-09 20:56 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Lavasoft 2008-02-09 20:53 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-02-09 20:53 --------- d-----w C:\Documents and Settings\marcisa\Application Data\TuneUp Software 2008-02-09 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-02-09 20:11 --------- d-----w C:\Program Files\CCleaner 2008-02-09 20:03 --------- d-----w C:\Program Files\CA 2008-02-09 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA 2008-02-09 19:38 --------- d-----w C:\Program Files\xp-AntiSpy 2008-02-09 19:25 --------- d-----w C:\Program Files\Alwil Software 2008-02-09 18:22 --------- d-----w C:\Program Files\MSI 2008-02-09 17:44 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Hewlett-Packard 2008-02-09 17:43 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-02-09 17:43 --------- d-----w C:\Program Files\Hewlett-Packard 2008-02-09 17:39 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2008-02-09 17:29 --------- d-----w C:\Program Files\VIA 2008-02-09 17:09 558,142 ----a-w C:\WINDOWS\java\Packages\JF5JF9VJ.ZIP 2008-02-09 17:09 155,995 ----a-w C:\WINDOWS\java\Packages\X7BDRZ5J.ZIP 2008-02-09 16:59 --------- d-----w C:\Program Files\Services en ligne . ((((((((((((((((((((((((((((( snapshot@2008-03-22_18.28.53.03 ))))))))))))))))))))))))))))))))))))))))) . + 2008-03-23 10:43:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 12:09 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-02-09 21:25 177416] "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-02-09 21:25 14088] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45 13312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] --a------ 2007-01-17 17:01 496640 C:\Program Files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] --a------ 1999-08-04 00:00 127040 C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-03-13 12:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pml Driver HPZ12"=3 (0x3) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "a2free"=2 (0x2) "TUWinStylerThemeSvc"=3 (0x3) "StarWindServiceAE"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "gusvc"=3 (0x3) R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2006-10-17 20:22] R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\System32\drivers\kbfilter.sys [2003-03-27 13:55] R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\System32\drivers\moufiltr.sys [2003-01-23 14:29] R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\System32\SAVRKBootTasks.sys [2007-02-22 11:43] S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\System32\3.tmp [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A2040677-7FD0-86A2-8D18-A0A738BCF2EF}] C:\Program Files\Mozilla Firefox\firefos.exe s . Contents of the 'Scheduled Tasks' folder "2008-03-09 17:44:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1202579011.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-03-21 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-23 11:44:14 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\C:\WINDOWS\System32\3.tmp" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe . ************************************************************************** . Completion time: 2008-03-23 11:46:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-23 10:46:13 ComboFix2.txt 2008-03-22 17:35:28 ComboFix3.txt 2008-03-22 17:29:10 Merci pour ta patience .

Bonjour j'ai suivi tes recommandations,mais pas moyens de coller les lignes dans le bloc notes de combofix. Quand tu m'as demandé le scan de combofix la premiere fois,j'ai cliqué sur le.exe pour le lancer mais par contre je n'ai pas eu a taper sur 1 pour demarrer le scan. Est ce normal? Il va vraiment falloir que je prenne des cours!

Je ne sais plus comment faire.J'ai enlevé combofix comme indiqué, et j'ai recommencé la procedure,mais rien a faire quand je lance combofix une fenétre s'ouvre et la je n'ai pas le temps de coller les lignes car il demarre en autoscan. La je suis perdu.

Bonjour, je n'arrive pas a copier/coller les lignes dans le bloc note. quand je clic sur combofix il s'ouvre et me demarre un scan. L'icone de combofix sur mon bureau n'est pas en .exe est ce normal? il y a quelque chose que j'ai dû mal faire. Désolé!

Bonsoir, quand je fais la manip suivante: "Démarrer" >> "Exécuter" >> copier/coller cette ligne et clique Ok : "%Userprofile%\Bureau\Combofix.exe" /KillAll le bloc note s'ouvre mais combofix refait un scan.

Bonsoir Pear, je te poste le rapport de combofix,j'ai lu le guide sur l'utilisation avant de lancer combofix " est ce normal que mon pc est redemarré apres le scan le rapport a été fait apres le redemarrage". ComboFix 08-03-20.5 - marcisa 2008-03-21 20:25:19.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.661 [GMT 1:00] Endroit: C:\Documents and Settings\marcisa\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM23292696.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bxifgllm.ini C:\WINDOWS\system32\cdsaxwwn.ini C:\WINDOWS\system32\irngxnmy.dll C:\WINDOWS\system32\khffgfc.dll C:\WINDOWS\system32\mllgfixb.dll C:\WINDOWS\system32\nwwxasdc.dll C:\WINDOWS\system32\quliixdk.dll C:\WINDOWS\system32\ssqqnol.dll C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\topiuwio.dll C:\WINDOWS\system32\tuvwwts.dll C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\uvvwa.ini C:\WINDOWS\system32\uvvwa.ini2 C:\WINDOWS\system32\vyadd.ini C:\WINDOWS\system32\vyadd.ini2 C:\WINDOWS\system32\xxrdbefh.dll . ((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 ))))))))))))))))))))))))))))))) . 2008-03-20 21:47 . 2008-03-20 21:48 <REP> d-------- C:\rapport Navilog 2008-03-20 19:13 . 2008-03-20 21:45 <REP> d-------- C:\Program Files\Navilog1 2008-03-20 12:34 . 2008-03-20 12:33 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-20 12:34 . 2008-03-20 12:34 2,557 --a------ C:\WINDOWS\unins000.dat 2008-03-20 12:29 . 2008-03-20 12:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-20 12:21 . 2008-03-20 12:45 414 ---hs---- C:\WINDOWS\system32\rqyonfif.ini 2008-03-20 12:01 . 2008-03-20 12:01 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\Grisoft 2008-03-20 12:01 . 2008-03-20 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-20 12:01 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-20 11:26 . 2008-03-20 12:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-20 09:43 . 2008-03-20 09:43 1,541,151 ---hs---- C:\WINDOWS\system32\unormyyx.ini 2008-03-19 21:49 . 2008-03-19 21:49 <REP> d-------- C:\WINDOWS\ERUNT 2008-03-19 09:58 . 2008-03-20 18:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-19 09:38 . 2008-03-20 09:38 1,541,091 ---hs---- C:\WINDOWS\system32\pydfspua.ini 2008-03-18 19:18 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-03-18 19:18 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-03-14 23:45 . 2008-03-14 23:45 <REP> d-------- C:\Program Files\ratDVD 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Program Files\Micro Application 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\Micro Application 2008-03-09 17:30 . 2008-03-09 17:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Micro Application 2008-03-09 17:30 . 2008-03-09 17:30 40 --a------ C:\WINDOWS\NAVIGMA.INI 2008-03-09 11:00 . 2008-03-10 10:54 <REP> d-------- C:\Program Files\Google 2008-03-07 22:44 . 2008-03-07 22:44 <REP> d-------- C:\Program Files\Ashampoo 2008-03-06 14:21 . 2008-03-07 13:35 <REP> d-------- C:\Program Files\Real Alternative 2008-03-06 14:21 . 2008-03-06 14:21 <REP> d-------- C:\Program Files\Media Player Classic 2008-02-27 12:23 . 2008-02-27 12:23 <REP> d-------- C:\Documents and Settings\marcisa\Application Data\dvdcss 2008-02-24 09:27 . 2008-02-24 09:27 <REP> d-------- C:\Program Files\EA GAMES 2008-02-22 15:41 . 2008-02-22 15:41 <REP> d-------- C:\Program Files\Alcohol Soft 2008-02-22 15:41 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys 2008-02-22 15:41 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys 2008-02-21 20:50 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-21 20:50 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-21 20:07 . 2008-02-21 20:07 <REP> d-------- C:\Program Files\Electronic Arts 2008-02-21 18:40 . 2008-02-21 18:40 <REP> d-------- C:\WINDOWS\Sun 2008-02-21 18:40 . 2008-03-09 11:00 <REP> d-------- C:\Program Files\Java 2008-02-21 18:40 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-02-21 18:37 . 2008-02-21 18:37 <REP> d-------- C:\Program Files\Fichiers communs\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-21 16:19 --------- d-----w C:\Documents and Settings\marcisa\Application Data\uTorrent 2008-03-19 21:54 --------- d-----w C:\Program Files\a-squared Free 2008-03-19 19:01 --------- d-----w C:\Program Files\Microsoft Money 2008-03-18 20:33 --------- d-----w C:\Program Files\eMule 2008-03-14 18:15 --------- d-----w C:\Documents and Settings\marcisa\Application Data\AdobeUM 2008-03-08 10:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-24 17:49 --------- d-----w C:\Program Files\Elaborate Bytes 2008-02-24 08:25 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-02-19 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-02-17 19:23 --------- d-----w C:\Program Files\uTorrent 2008-02-17 19:02 --------- d-----w C:\Program Files\ATI Technologies 2008-02-17 18:16 --------- d-----w C:\Program Files\Lavalys 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\marcisa\Application Data\vlc 2008-02-13 17:41 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Media Player Classic 2008-02-11 22:31 --------- d-----w C:\Program Files\directx 2008-02-11 21:47 --------- d-----w C:\Program Files\RegCleaner 2008-02-11 16:49 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-11 16:49 22,328 ----a-w C:\Documents and Settings\marcisa\Application Data\PnkBstrK.sys 2008-02-11 16:49 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-02-11 16:47 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-02-11 15:04 --------- d-----w C:\Program Files\Setup Files 2008-02-11 14:47 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-11 14:34 --------- d-----w C:\Documents and Settings\marcisa\Application Data\ATI 2008-02-10 18:05 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec 2008-02-10 18:02 --------- d-----w C:\Program Files\Pochette Express 2 2008-02-10 17:40 --------- d-----w C:\Program Files\AIDA32 - Enterprise System Information 2008-02-10 17:29 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-02-10 17:19 --------- d-----w C:\Program Files\VideoLAN 2008-02-10 09:04 --------- d-----w C:\Program Files\DVD Shrink 2008-02-10 08:47 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-02-10 08:42 --------- d-----w C:\Program Files\DVDFab Decrypter 2008-02-10 08:39 --------- d-----w C:\Documents and Settings\marcisa\Application Data\SlySoft 2008-02-10 08:25 --------- d-----w C:\Program Files\SlySoft 2008-02-10 08:20 --------- d-----w C:\Program Files\TechSmith 2008-02-10 08:18 --------- d-----w C:\Program Files\PicaView32 2008-02-10 08:18 --------- d-----w C:\Documents and Settings\marcisa\Application Data\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Program Files\ACD Systems 2008-02-10 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-02-10 08:06 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-02-10 08:06 --------- d-----w C:\Program Files\Ahead 2008-02-10 07:54 --------- d-----w C:\Program Files\Snapshot Viewer 2008-02-10 07:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT 2008-02-10 07:51 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Microsoft Web Folders 2008-02-10 07:49 --------- d-----w C:\Program Files\microsoft frontpage 2008-02-09 20:56 --------- d-----w C:\Program Files\Lavasoft 2008-02-09 20:56 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Lavasoft 2008-02-09 20:53 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-02-09 20:53 --------- d-----w C:\Documents and Settings\marcisa\Application Data\TuneUp Software 2008-02-09 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-02-09 20:11 --------- d-----w C:\Program Files\CCleaner 2008-02-09 20:03 --------- d-----w C:\Program Files\CA 2008-02-09 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA 2008-02-09 19:38 --------- d-----w C:\Program Files\xp-AntiSpy 2008-02-09 19:25 --------- d-----w C:\Program Files\Alwil Software 2008-02-09 18:22 --------- d-----w C:\Program Files\MSI 2008-02-09 17:44 --------- d-----w C:\Documents and Settings\marcisa\Application Data\Hewlett-Packard 2008-02-09 17:43 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2008-02-09 17:43 --------- d-----w C:\Program Files\Hewlett-Packard 2008-02-09 17:39 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2008-02-09 17:29 --------- d-----w C:\Program Files\VIA 2008-02-09 17:09 558,142 ----a-w C:\WINDOWS\java\Packages\JF5JF9VJ.ZIP 2008-02-09 17:09 155,995 ----a-w C:\WINDOWS\java\Packages\X7BDRZ5J.ZIP 2008-02-09 16:59 --------- d-----w C:\Program Files\Services en ligne 2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll 2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll 2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll 2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-01-22 13:42 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 12:09 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-02-09 21:25 177416] "QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-02-09 21:25 14088] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45 13312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwwts] tuvwwts.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\201a150a] C:\WINDOWS\System32\xyymronu.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVSystemCare] C:\Program Files\AVSystemCare\pgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM23292696] C:\WINDOWS\System32\pcpjpcgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor] --a------ 2007-01-17 17:01 496640 C:\Program Files\MSI\Live Update 3\LMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] --a------ 1999-08-04 00:00 127040 C:\Program Files\Microsoft Money\System\Money Express.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-03-13 12:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pml Driver HPZ12"=3 (0x3) "ATI Smart"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "a2free"=2 (0x2) "TUWinStylerThemeSvc"=3 (0x3) "StarWindServiceAE"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "gusvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 R0 videX32;videX32;C:\WINDOWS\System32\DRIVERS\videX32.sys [2006-10-17 20:22] R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\System32\drivers\kbfilter.sys [2003-03-27 13:55] R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\System32\drivers\moufiltr.sys [2003-01-23 14:29] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A2040677-7FD0-86A2-8D18-A0A738BCF2EF}] C:\Program Files\Mozilla Firefox\firefos.exe s . Contents of the 'Scheduled Tasks' folder "2008-03-09 17:44:02 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1202579011.job" - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I "2008-03-21 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-21 20:29:08 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe . ************************************************************************** . Completion time: 2008-03-21 20:31:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-21 19:31:16 J'ai installé la console de recupération avec mon cd comme demandé sur le guide et je voulais savoir a quelle moment m'en servir et comment? Par moment mon pc se bloque tous les icones du bureau disparaisent"soit ils reviennent sur le bureau,soitje suis obligé de faire un reset". J'espere que je ne vais pas être obligé de formater. En tous cas je te remercie beaucoup pour ton aide. A bientôt.

Bonsoir, voilà le rapport Navilog: Search Navipromo version 3.5.0 commencé le 20/03/2008 à 21:40:36,84 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2800.1106 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\marcisa\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\marcisa\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\marcisa\menudm~1\progra~1" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans "C:\Documents and Settings\marcisa\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\WINDOWS\system32 : * Dans "C:\Documents and Settings\marcisa\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! 4)Recherche fichiers connus : C:\WINDOWS\system32\uttss.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! C:\WINDOWS\system32\uvvwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! C:\WINDOWS\system32\vyadd.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 20/03/2008 à 21:42:42,21 *** Dans Hijackthis une fois selectionné les 7 lignes et clic sur fix checked, j'ai 2 lignes qui ne s'èffacent pas: O2 - BHO: (no name) - {91223DE9-F8E6-4FFD-8889-BE6784C18696} - C:\WINDOWS\System32\tuvwwts.dll O2 - BHO: (no name) - {E0792132-3270-4686-89C6-C90CB5CE71ED} - C:\WINDOWS\System32\ssttu.dll Je t'envois le rapport combofix et hijackthis demain car la je dois partir au travail. je bosse de nuit. Bonne soirée et merci.a+

bonsoir, j'ai telechargé nouvelle version d'hijackthis je te poste le rapport, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:49:04, on 20/03/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\karcher.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {60e39330-2bfb-797a-10c4-69e5fae546d7} - {7d645eaf-5e96-4c01-a797-bfb203393e06} - C:\WINDOWS\System32\irngxnmy.dll O2 - BHO: (no name) - {91223DE9-F8E6-4FFD-8889-BE6784C18696} - C:\WINDOWS\System32\tuvwwts.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: (no name) - {C748F991-75C0-4DFD-A079-D9D818095792} - C:\WINDOWS\System32\ddayv.dll (file missing) O2 - BHO: (no name) - {D78D2EF5-08C5-4086-A11F-A36783F74069} - C:\WINDOWS\System32\awvvu.dll (file missing) O2 - BHO: (no name) - {E0792132-3270-4686-89C6-C90CB5CE71ED} - C:\WINDOWS\System32\ssttu.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [201a150a] rundll32.exe "C:\WINDOWS\System32\mllgfixb.dll",b O4 - HKLM\..\Run: [bM23292696] Rundll32.exe "C:\WINDOWS\System32\quliixdk.dll",s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O20 - Winlogon Notify: tuvwwts - C:\WINDOWS\SYSTEM32\tuvwwts.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 5460 bytes par contre quand je clic-droit sur l'icone de navilog1 je n'ai pas "Exécuter en tant qu'administrateur". il est vrai que je ne suis pas trés calé. je te remercie pour ton aide.

voila pear je te poste les 3 rapports SmitFraudFix v2.08 Rapport fait à 21:16:44,37 le 19/03/2008 Executé à partir de C:\Documents and Settings\marcisa\Mes documents\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport Rapport SDFix: SDFix: Version 1.159 Run by marcisa on 19/03/2008 at 21:51 Microsoft Windows XP [version 5.1.2600] Running From: C:\NOUVEA~1\SDFix Checking Services : Name: dhlp Path: System32\Drivers\dhlp.sys dhlp - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe - Deleted Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 21:56:45 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:ea,c3,8d,8f,c8,d9,36,2a,17,a3,2f,a0,e5,e1,bd,b6,11,52,85,d1,1d,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40] "ujdew"=hex:20,02,00,00,ab,6a,2c,a3,7a,eb,6c,4a,17,58,a1,d1,e1,eb,8c,b1,d3,.. "ljej40"=hex:d5,bc,45,69,b8,05,b7,a5,16,a7,9b,c5,47,a7,2f,d2,25,14,c7,9b,6c,.. "ljej41"=hex:39,bc,45,69,c0,05,b7,a5,17,a7,9a,c5,46,a7,2f,d2,25,14,c7,9b,3c,.. "ljej42"=hex:39,bc,45,69,c0,05,b7,a5,17,a7,9a,c5,46,a7,2f,d2,25,14,c7,9b,3c,.. "ljej43"=hex:39,bc,45,69,c0,05,b7,a5,17,a7,9a,c5,46,a7,2f,d2,25,14,c7,9b,3c,.. "ljej44"=hex:39,bc,45,69,c0,05,b7,a5,17,a7,9a,c5,46,a7,2f,d2,25,14,c7,9b,3c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000000 "ujdew"=hex:ea,c3,8d,8f,c8,d9,36,2a,17,a3,2f,a0,e5,e1,bd,b6,11,52,85,d1,1d,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "DisplayName"="Alcohol 120%" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000000 "TracesSuccessful"=dword:00000000 "LastTraceFailure"=dword:00000000 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: Remaining Files : File Backups: - C:\NOUVEA~1\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 6 Mar 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Finished! rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:02:26, on 19/03/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [201a150a] rundll32.exe "C:\WINDOWS\System32\aupsfdyp.dll",b O4 - HKLM\..\Run: [bM23292696] Rundll32.exe "C:\WINDOWS\System32\qpdhlrph.dll",s O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: *.onerateld.com O15 - Trusted Zone: *.safetydownload.com O15 - Trusted Zone: *.trustedantivirus.com O15 - Trusted Zone: *.virusschlacht.com O15 - Trusted Zone: *.avsystemcare.com (HKLM) O15 - Trusted Zone: *.onerateld.com (HKLM) O15 - Trusted Zone: *.safetydownload.com (HKLM) O15 - Trusted Zone: *.trustedantivirus.com (HKLM) O15 - Trusted Zone: *.virusschlacht.com (HKLM) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe j'espere que je n'ai rien oublie.

Bonsoir, merci pour tes conseils voici le rapport de smitfraudfix SmitFraudFix v2.08 Rapport fait à 20:28:53,76 le 19/03/2008 Executé à partir de C:\Documents and Settings\marcisa\Mes documents\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\marcisa\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport je vais fairel'option 2 ainsi que les autres étapes que tu me conseilles apres je te posterai les rapports.