nico327

OK, c'est fait !! Encore une fois merci beaucoup pour ton aide ! C'est vraiment la misère ces virus ! J'espère que j'ai plus en avoir de sitot ! De toute façon je vais faire beaucoup plus attention. Donc, plus aucune procédure a effectué si j'ai bien saisi ? C'est trop sympa de ta part de m'avoir accorder du temps pour m'aider. Merci !!!

OK, j'ai relancé HijackThis pour supprimer le fichier que tu m'as indiqué. C'est bon, cela a fonctionné. A priori, ce n'était qu' Antivir qui bloquait coté mises à jour. Mais je sais que j'ai déjà eu de nombreux problèmes de mises à jour avec certains de mes logiciels depuis quelques temps. J'espère qu'il n'y en aura plus désormais. Finalement, si j'ai bien compris, je ne devrais plus avoir de virus pour l'instant ? Autre question, mon fond d'écran reste celui que j'ai depuis la "grosse infection". Il correspond à l ' 'Active Desktop'. Cela n'indique-t-il pas que des virus sont encore présents ? Dernière remarque: il fallait à un certain moment utiliser 'Combofix'. Depuis, on en a pas reparlé. On en a plus besoin ? Merci d'avance.

Est-ce que tu sais d'où peuvent provenir tous ces virus, ou au moins la plupart ? J'ai mis ci dessous le nouveau rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:32, on 2008-09-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\DOCUME~1\Philippe\LOCALS~1\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AC31C65C-D693-48C1-9686-AA64EAA24D0E} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f156991baca24e22beade2a60df2dc16 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f156991baca24e22beade2a60df2dc16 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www2.tellmemorecampus.com/bin/tol9inst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: yjadso.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 15028 bytes

J'ai enfin réussi à faire les mises à jour grace à ta méthode. J'ai donc également pu faire un scan complet de mon ordinateur. J'ai mis ci -dessous le rapport qu' 'Antivir' me fournit : Avira AntiVir Personal Report file date: 2008-09-11 22:10 Scanning for 1609795 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: FELINCE Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 2008-08-12 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 12:36:36 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 13:53:28 ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 2008-08-31 15:53:44 ANTIVIR3.VDF : 7.0.6.148 334848 Bytes 2008-09-11 14:26:34 Engineversion : 8.1.1.28 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-02 12:36:34 AESCRIPT.DLL : 8.1.0.70 319866 Bytes 2008-09-03 14:22:34 AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-15 13:58:46 AERDL.DLL : 8.1.1.1 397683 Bytes 2008-09-03 14:22:34 AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-15 13:58:46 AEOFFICE.DLL : 8.1.0.23 196987 Bytes 2008-09-03 14:22:34 AEHEUR.DLL : 8.1.0.51 1397111 Bytes 2008-09-03 14:22:34 AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-05-29 12:08:42 AEGEN.DLL : 8.1.0.36 315764 Bytes 2008-08-18 16:05:36 AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-07-31 12:02:16 AECORE.DLL : 8.1.1.11 172406 Bytes 2008-09-03 14:22:32 AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-18 09:20:50 AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 09:28:01 AVREP.DLL : 7.0.0.1 155688 Bytes 2008-06-30 14:35:20 AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-09-11 22:10 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'MemCheck.exe' - '1' Module(s) have been scanned Scan process 'IEMonitor.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'lxddcoms.exe' - '1' Module(s) have been scanned Scan process 'LockServ.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'LockMon.exe' - '1' Module(s) have been scanned Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned Scan process 'QuickDCF2.exe' - '1' Module(s) have been scanned Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned Scan process 'IDMan.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'CTDetect.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'lxddamon.exe' - '1' Module(s) have been scanned Scan process 'lxddmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned Scan process 'BisonBar.exe' - '1' Module(s) have been scanned Scan process 'eRAgent.exe' - '1' Module(s) have been scanned Scan process 'eDSloader.exe' - '1' Module(s) have been scanned Scan process 'ePresentation.exe' - '1' Module(s) have been scanned Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned Scan process 'LManager.exe' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 69 processes with 69 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '91' files ). Starting the file scan: Begin scan in 'C:\' <FELINCE> C:\3wcxx91.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '492c7be6.qua'! C:\b.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '492c7ba2.qua'! C:\d.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '492c7ba5.qua'! C:\d6fagcs8.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '492f7bb1.qua'! C:\ekugb3.bat [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '493e7be6.qua'! C:\h.cmd [DETECTION] Is the TR/Onlinegames.B.29 Trojan [NOTE] The file was moved to '492c7baa.qua'! C:\hiberfil.sys [WARNING] The file could not be opened! C:\i.cmd [DETECTION] Is the TR/Onlinegames.B.30 Trojan [NOTE] The file was moved to '483fd6b3.qua'! C:\i.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '492e7baa.qua'! C:\m1t8ta.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '493d7bae.qua'! C:\nideiect.com [DETECTION] Is the TR/Onlinegames.B.37 Trojan [NOTE] The file was moved to '492d7be6.qua'! C:\pagefile.sys [WARNING] The file could not be opened! C:\ranvrgn.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49377bde.qua'! C:\rthrw.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49317bf2.qua'! C:\semo2x.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49367be3.qua'! C:\t.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '492c7bac.qua'! C:\x.com [DETECTION] Is the TR/Onlinegames.B.21 Trojan [NOTE] The file was moved to '492c7bad.qua'! C:\xfoolavp.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49387be6.qua'! C:\xn1i9x.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48fa7bee.qua'! C:\xpbkh.com [DETECTION] Is the TR/Onlinegames.B.23 Trojan [NOTE] The file was moved to '492b7bf0.qua'! C:\xyw9tmdj.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49407bfa.qua'! C:\y82td3td.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48fb7bb9.qua'! C:\ylr.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '493b7bed.qua'! C:\yo2mq6.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48fb7bf1.qua'! C:\Documents and Settings\Philippe\Local Settings\Temp\xdx9qx7p.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49417d8f.qua'! C:\Documents and Settings\Philippe\Mes documents\autres\Acrobat_professional\PANTHEON\pdx-ac7p.exe [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm [NOTE] The file was moved to '49417de4.qua'! C:\Documents and Settings\Philippe\Mes documents\Formation Ingé\Informatique\Macromedia Studio 8 Fr (dreamweaver 8 - Fireworks 8 - Flash + Kegen.ace [0] Archive type: ACE --> Le concept.doc [WARNING] No further files can be extracted from this archive. The archive will be closed C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000504.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.142 dropper [NOTE] The file was moved to '48f9840c.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000505.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4d55.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000506.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f9840d.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000507.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4d56.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000508.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f9840e.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000509.bat [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4d57.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000510.cmd [DETECTION] Is the TR/Onlinegames.B.29 Trojan [NOTE] The file was moved to '48f98400.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000511.cmd [DETECTION] Is the TR/Onlinegames.B.30 Trojan [NOTE] The file was moved to '48f9840f.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000512.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ef4d48.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000513.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f98411.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000514.com [DETECTION] Is the TR/Onlinegames.B.37 Trojan [NOTE] The file was moved to '49ef4d4a.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000515.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f98410.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000516.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ef4d49.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000517.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f98412.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000518.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f98413.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000519.com [DETECTION] Is the TR/Onlinegames.B.21 Trojan [NOTE] The file was moved to '49ef4d4c.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000520.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f98415.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000521.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4d4b.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000522.com [DETECTION] Is the TR/Onlinegames.B.23 Trojan [NOTE] The file was moved to '48f98414.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000523.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ef4d4d.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000524.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4d4e.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000525.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f98417.qua'! C:\system volume information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000526.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f98416.qua'! C:\WINDOWS\eimsn.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Prorat.U.1 back-door program [NOTE] The file was moved to '49368450.qua'! C:\WINDOWS\exge.exe [DETECTION] Is the TR/Zlob.cts.48 Trojan [NOTE] The file was moved to '4930845f.qua'! C:\WINDOWS\Pplugin10xa.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Dumaru.E back-door program [NOTE] The file was moved to '4935845a.qua'! C:\WINDOWS\Pplugin4.exe [DETECTION] Is the TR/PSW.LdPinch.FI.2 Trojan [NOTE] The file was moved to '482131cb.qua'! C:\WINDOWS\PpluginCd.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Prorat.19.P.5 back-door program [NOTE] The file was moved to '4935845b.qua'! C:\WINDOWS\system32\help.exe.tmp [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49358657.qua'! C:\WINDOWS\system32\Instmsng.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/Prorat.U.1 back-door program [NOTE] The file was moved to '493c8663.qua'! Begin scan in 'D:\' <ACERDATA> D:\semo2x.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '4936870e.qua'! D:\nideiect.com [DETECTION] Is the TR/Onlinegames.B.37 Trojan [NOTE] The file was moved to '492d8712.qua'! D:\d.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '492c86d8.qua'! D:\xfoolavp.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49388710.qua'! D:\u.bat [DETECTION] Is the TR/PWS.Online.NXF.2 Trojan [NOTE] The file was moved to '492b86d8.qua'! D:\ylr.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '493b8717.qua'! D:\juok3st.bat [DETECTION] Is the TR/Onlinegames.B.12 Trojan [NOTE] The file was moved to '49388720.qua'! D:\xn1i9x.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48fa8719.qua'! D:\m1t8ta.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '493d86dd.qua'! D:\h.cmd [DETECTION] Is the TR/Onlinegames.B.29 Trojan [NOTE] The file was moved to '492c86da.qua'! D:\d6fagcs8.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '492f86e2.qua'! D:\oufddh.exe [DETECTION] Is the TR/Onlinegames.B.16 Trojan [NOTE] The file was moved to '492f8721.qua'! D:\i.cmd [DETECTION] Is the TR/Onlinegames.B.30 Trojan [NOTE] The file was moved to '492c86db.qua'! D:\x.com [DETECTION] Is the TR/Onlinegames.B.21 Trojan [NOTE] The file was moved to '483f2bc4.qua'! D:\3wcxx91.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '492c8724.qua'! D:\gumkrhf.bat [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49368723.qua'! D:\ekugb3.bat [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '493e8719.qua'! D:\b.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '492c86dd.qua'! D:\y82td3td.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48fb86e7.qua'! D:\i.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '492e86de.qua'! D:\xpbkh.com [DETECTION] Is the TR/Onlinegames.B.23 Trojan [NOTE] The file was moved to '492b8720.qua'! D:\gjn2pjlw.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4937871a.qua'! D:\yo2mq6.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48fb871f.qua'! D:\rthrw.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49318725.qua'! D:\ranvrgn.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49378712.qua'! D:\xyw9tmdj.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4940872a.qua'! D:\t.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '492c86e0.qua'! D:\ntde1ect.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '492d8726.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000533.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f986e2.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000534.com [DETECTION] Is the TR/Onlinegames.B.37 Trojan [NOTE] The file was moved to '48f986e3.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000535.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fbc.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000536.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f986e5.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000537.bat [DETECTION] Is the TR/PWS.Online.NXF.2 Trojan [NOTE] The file was moved to '48f986e4.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000538.exe [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fbd.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000539.bat [DETECTION] Is the TR/Onlinegames.B.12 Trojan [NOTE] The file was moved to '48f986e6.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000540.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fbf.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000541.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fbe.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000542.cmd [DETECTION] Is the TR/Onlinegames.B.29 Trojan [NOTE] The file was moved to '48f986e7.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000543.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fb0.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000544.exe [DETECTION] Is the TR/Onlinegames.B.16 Trojan [NOTE] The file was moved to '48f98698.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000545.cmd [DETECTION] Is the TR/Onlinegames.B.30 Trojan [NOTE] The file was moved to '49ef4fc1.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000546.com [DETECTION] Is the TR/Onlinegames.B.21 Trojan [NOTE] The file was moved to '48f9869a.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000547.cmd [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fc3.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000548.bat [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f986e9.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000549.bat [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fb2.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000550.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f986eb.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000551.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '49ef4fb4.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000552.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f986e8.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000553.com [DETECTION] Is the TR/Onlinegames.B.23 Trojan [NOTE] The file was moved to '49ef4fb1.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000554.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f986ea.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000555.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ef4fb3.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000556.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f986ed.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000557.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ef4fb6.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000558.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f986ec.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000559.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49ef4fb5.qua'! D:\System Volume Information\_restore{7D0A09CF-FCEC-40B1-949D-E158943906CC}\RP8\A0000560.com [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan [NOTE] The file was moved to '48f986ee.qua'! End of the scan: 2008-09-11 23:04 Used time: 54:02 Minute(s) The scan has been done completely. 10752 Scanning directories 488039 Files were scanned 110 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 110 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 487927 Files not concerned 8879 Archives were scanned 3 Warnings 110 Notes Que dois-je faire maintenant ?? Merci d'avance.

Bonsoir, depuis le dernier message posté, j'ai essayé d'effectuer les mises à jour de l'antivirus Antivir mais cela ne fonctionne pas. Je l'ai bien fait en désactivant mon pare-feu, et j'ai essayé à plusieurs reprises de désinstaller puis réinstaller. Mais rien à faire, toujours le meme message qui me dit que la connection a échoué. N'existe-t-il pas un moyen manuel de faire cette mise à jour : j'entends pas là aller directement sur le site ou autre chose que de cliquer droit puis 'start update'. Merci d'avance. PS : depuis avant-hier, je n'ai rien fait d'autre de plus que ce que tu m'avais indiqué. Je me suis arreté à l'étape de mise à jour de l'antivirus. Et je n'ai donc pas fait d'analyse de mon ordinateur avec Antivir.

Ok !! On remet tout cela à demain, et comme tu dis, " le sommeil, c'est sacré" !!! J'ai déjà installer Antivir. Aucun problème. Sauf que je ne comprend pas pourquoi il n'arrive pas à faire les mises à jour... Meme si ma connexion internet fonctionne très bien,lorsque je demande une mise à jour ('Start Update') il m'indique : Status : Internet connection failed Je pense que l'on verra cela demain. Une fois de plus, merci beaucoup pour toute l'aide apportée !!!!

Oui, ce serait bien si on pouvait remettre cela à demain. En ce qui concerne l'antivirus 'Antivir', cela ne pose pas de problème si je l'installe dès maintenant ? Parce que s'il n'y en a pas, je l'installe de suite. Merci.

J'ai bien suivi les instructions ! A priori, cela a fonctionné mais aucun message de confirmation n'est apparu... En ce qui concerne les antivirus, ce serait sympa si tu pouvais m'en conseiller quelques uns bien efficaces et gratuits. Je connais bien sur Avast, McAfee... mais je suis pas sur de leur efficacité. Autre question : est-ce fini quand à la désinfection de mon ordinateur ?? Dans le cas contraire, que faut il faire ? Merci encore.

Voici ce que contient le fichier créé par 'OTMoveIt2' : File/Folder C:\WINDOWS\system32\amvo.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09092008_233519

Depuis environ une demi-heure, j'ai essayé la méthode indiquée (avec 'ComboFix' qui est toujours sur le bureau). Mais toujours le meme resultat. Le processeur semble s'arreter des que l'étape est lancée... La méthode lance donc bien ComboFix mais pas de résultats concluants. Que dois-je faire ?? Merci.

Depuis le dernier message posté, j'essaye de lancer 'ComboFix', mais toujours le meme problème : il reste bloqué à l'étape 8. En ce qui concerne l'antivirus, il est vrai que je n'en ai plus. En fait, je l'ai supprimé pour pouvoir en réinstaller un autre. Mais depuis, j'ai eu tous ces problèmes. Du coup, j'ai suivi toutes tes instructions, et je n'ai pas encore réinstaller d'antivirus. Si cela est nécessaire, merci de me l'indiquer. Dans tous les cas, j'ai toujours le meme problème avec ComboFix, du coup, je ne sais pas trop quoi faire... Serait il possible de procéder d'une autre manière ou de debbuger le passage à l'étape 8... Je ne sais pas pourquoi cela bloque à cette étape ! Merci.

Voici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:40, on 2008-09-09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\DOCUME~1\Philippe\LOCALS~1\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AC31C65C-D693-48C1-9686-AA64EAA24D0E} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f156991baca24e22beade2a60df2dc16 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f156991baca24e22beade2a60df2dc16 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www2.tellmemorecampus.com/bin/tol9inst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 14529 bytes

Petit problème, désolé d'avoir répéter plusieurs fois le meme message. Je pensais que mon message n'avait pas été édité... Merci encore pour l'aide.

Voici ce que MBAM me fournit comme rapport : Malwarebytes' Anti-Malware 1.27 Version de la base de données: 1132 Windows 5.1.2600 Service Pack 2 2008-09-09 19:17:15 mbam-log-2008-09-09 (19-17-15).txt Type de recherche: Examen rapide Eléments examinés: 54332 Temps écoulé: 4 minute(s), 49 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\qlnepi.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9e21bab-0577-44fc-b758-f9c6909c81dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9e21bab-0577-44fc-b758-f9c6909c81dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\qlnepi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kpxslhku.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\H0DJSVAX\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. Merci de m'indiquer la suite. Voici ce que MBAM me fournit comme rapport : Malwarebytes' Anti-Malware 1.27 Version de la base de données: 1132 Windows 5.1.2600 Service Pack 2 2008-09-09 19:17:15 mbam-log-2008-09-09 (19-17-15).txt Type de recherche: Examen rapide Eléments examinés: 54332 Temps écoulé: 4 minute(s), 49 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\qlnepi.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9e21bab-0577-44fc-b758-f9c6909c81dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9e21bab-0577-44fc-b758-f9c6909c81dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\qlnepi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kpxslhku.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\H0DJSVAX\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. Merci de m'indiquer la suite.

Voilà ce que MBAM me fournit dans son rapport : Malwarebytes' Anti-Malware 1.27 Version de la base de données: 1132 Windows 5.1.2600 Service Pack 2 2008-09-09 19:17:15 mbam-log-2008-09-09 (19-17-15).txt Type de recherche: Examen rapide Eléments examinés: 54332 Temps écoulé: 4 minute(s), 49 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\qlnepi.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9e21bab-0577-44fc-b758-f9c6909c81dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d9e21bab-0577-44fc-b758-f9c6909c81dc} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\qlnepi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kpxslhku.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\H0DJSVAX\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. Il m'a demandé de redémarrer mon ordinateur, ce que j'ai effectué. Merci de m'indiquer la suite.

Je suis en train d'essayer de lancer ComboFix depuis le dernier mail posté : soit environ depuis une durée de 1h30. J'ai toujours le meme problème. Je mets ci-dessous ce que j'obtiens à l'écran : Recherche de fichiers infectieux ... Ceci ne prend pas généralement plus de 10 minutes. Les temps d'analyse de machines sévèrement infectées peut facilement doubler. ComboFix a modifié le réglage de votre horloge Ne le remettez pas à l'heure. Elle sera restaurée plus tard. Terminée Etape_1 Terminée Etape_2 Terminée Etape_3 Terminée Etape_4 Terminée Etape_5 Terminée Etape_6 Terminée Etape_7 Terminée Etape_8 _ La dernière ligne avec le tiret du bas est visible à l'écran : le tiret ne cesse de clignoter, ce qui indique selon moi que la recherche est encore en cours. Mais j'ai attendu parfois jusqu'à 30 minutes et aucun changement : l'écran arrete l'affiche à ce que j'ai ecrit ci-dessus. En fait, le processeur fonctionne très bien jusqu'à l'étape 8 (LED processeur qui clignote bien) puis plus grand chose... Il y aurait-il un moyen de debbugger cela ? Le cas échéant, il y aurait-il un autre moyen de supprimer le reste des virus qui peuvent encore etre présent sur mon ordinateur ?? Dans tous les cas, encore merci pour toute l'aide apportée !!!! Merci de me tenir au courant.

Voici le rapport que HijackThis m'indique : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:35, on 2008-09-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Winamp\winampa.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\DOCUME~1\Philippe\LOCALS~1\Temp\RtkBtMnt.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AC31C65C-D693-48C1-9686-AA64EAA24D0E} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {cd18c909-6c9f-857b-cf44-7750bab12e9d} - {d9e21bab-0577-44fc-b758-f9c6909c81dc} - C:\WINDOWS\system32\qlnepi.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f156991baca24e22beade2a60df2dc16 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f156991baca24e22beade2a60df2dc16 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www2.tellmemorecampus.com/bin/tol9inst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 14539 bytes

J'ai oublié de préciser que 'mbam' m'a demandé de procéder au redémarrage de mon ordinateur; ce que j'ai bien sur effectué. Merci beaucoup pour toute l'aide.

Merci. J'ai bien suivi toutes les instructions. Tout a bien fonctionné comme indiqué. Ci-dessous, j'ai joint le rapport : Malwarebytes' Anti-Malware 1.27 Version de la base de données: 1130 Windows 5.1.2600 Service Pack 2 2008-09-08 22:16:35 mbam-log-2008-09-08 (22-16-35).txt Type de recherche: Examen rapide Eléments examinés: 54494 Temps écoulé: 4 minute(s), 35 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 10 Elément(s) de données du Registre infecté(s): 4 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 19 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\hgGwUmmm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\omtqhfpm.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fc7005b-1427-42d4-89b1-6f1eb9a42673} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{2fc7005b-1427-42d4-89b1-6f1eb9a42673} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c8fb9e7-a8b3-4541-8232-f50c35f2643d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4c8fb9e7-a8b3-4541-8232-f50c35f2643d} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d003f594 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur25f.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur110.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur117.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur126.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur13b.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur110.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur117.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur126.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur13b.exe (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggwummm -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggwummm -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\hgGwUmmm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\mmmUwGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mmmUwGgh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yjadso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\omtqhfpm.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\mpfhqtmo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bjwrrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bmbxvgle.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vtUomNFv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnoppOI.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fvmrxgcp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\x (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\1EDEOVTN\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\5DY397L9\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Local Settings\Temporary Internet Files\Content.IE5\H0DJSVAX\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\gumkrhf.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\juok3st.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Bureau\BEST ZOO PORN.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Philippe\Bureau\QUALITY PORN.url (Rogue.Link) -> Quarantined and deleted successfully. Merci de m'indiquer la suite de la procédure. Merci encore.

Merci, bon j'ai exactement suivi les instructions mais lorsque j'exécute combofix, je reste bloquer a l'étape 8 avec le tiret _ a la ligne clignotant et le disque dur qui semble ne plus travailler comme au début, et cela pendant 20min, j'ai encore réessayé et la même chose pendant 20min, est ce normal et est ce que je dois attendre encore plus longtemps jusque que le rapport s'affiche comme indiqué, parce que la je trouve que 20min c'est long surtout que le disque semble ne plus travailler et que d'apres comboxi,ça ne prend pas plus de 10min Merci encore

bon, j'ai finalement retenté un SDfix en mode sans echec au bout de 20min sans rien dans le premier essaie et cette fois ci , ça c'est excatement déroulé comme décrit dans la procédure , je poste donc le fichier report.txt et le nouveau log Hijackthis ! le fichier report.txt SDFix: Version 1.222 Run by Philippe on 08/09/2008 at 00:16 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Rootkit: C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku Name : tdssserv Path : \systemroot\system32\drivers\TDSSserv.sys tdssserv - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "aux1"="wdmaud.drv" Restoring aux1 registry value to wdmaud.drv Rebooting Checking Files : Trojan Files Found: C:\autorun.inf - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\Program Files\PCHealthCenter\0.exe - Deleted C:\Program Files\PCHealthCenter\0.gif - Deleted C:\Program Files\PCHealthCenter\1.exe - Deleted C:\Program Files\PCHealthCenter\1.gif - Deleted C:\Program Files\PCHealthCenter\1.ico - Deleted C:\Program Files\PCHealthCenter\2.exe - Deleted C:\Program Files\PCHealthCenter\2.gif - Deleted C:\Program Files\PCHealthCenter\2.ico - Deleted C:\Program Files\PCHealthCenter\3.exe - Deleted C:\Program Files\PCHealthCenter\3.gif - Deleted C:\Program Files\PCHealthCenter\4.exe - Deleted C:\Program Files\PCHealthCenter\5.exe - Deleted C:\Program Files\PCHealthCenter\7.exe - Deleted C:\Program Files\PCHealthCenter\sc.html - Deleted C:\WINDOWS\vanwxemgkpv.dll - Deleted C:\Program Files\MSA\msa0.dat - Deleted C:\Program Files\MSA\msa1.dat - Deleted C:\Program Files\MSA\MSA.cpl - Deleted C:\Program Files\MSA\MSA.exe - Deleted C:\Documents and Settings\Philippe\Application Data\TmpRecentIcons\MS Antivirus.lnk - Deleted C:\WINDOWS\ktd32.atm - Deleted C:\WINDOWS\rasqervy.dll - Deleted C:\WINDOWS\sdfinacs.dll - Deleted C:\WINDOWS\sdfixwcs.dll - Deleted C:\WINDOWS\services.exe - Deleted C:\WINDOWS\sxmaokgf.exe - Deleted C:\WINDOWS\system\sservice.exe - Deleted C:\WINDOWS\system32\1.ico - Deleted C:\WINDOWS\system32\2.ico - Deleted C:\WINDOWS\system32\fservice.exe - Deleted C:\WINDOWS\system32\MSA.cpl - Deleted C:\WINDOWS\system32\reginv.dll - Deleted C:\WINDOWS\system32\winkey.dll - Deleted C:\WINDOWS\wuasirvy.dll - Deleted C:\WINDOWS\xrdwbfgn.dll - Deleted C:\WINDOWS\system32\33755453211.CPX - Deleted C:\WINDOWS\system32\337554532112.CPX - Deleted C:\WINDOWS\system32\337554532121.CPX - Deleted C:\WINDOWS\system32\337554532131.CPX - Deleted C:\WINDOWS\system32\337554532151.CPX - Deleted C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted C:\WINDOWS\system32\tdssadw.dll - Deleted C:\WINDOWS\system32\tdssinit.dll - Deleted C:\WINDOWS\system32\tdssl.dll - Deleted C:\WINDOWS\system32\tdsslog.dll - Deleted C:\WINDOWS\system32\tdssmain.dll - Deleted C:\WINDOWS\system32\tdssserf.dll - Deleted C:\WINDOWS\system32\tdssservers.dat - Deleted Folder C:\Program Files\PCHealthCenter - Removed Folder C:\WINDOWS\privacy_danger - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-08 00:25:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv] "start"=dword:00000001 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys" scanning hidden registry entries ... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{651A82BD-082F-73B5-105E-DFE40D695A38}] "nagfmiodablckncaiiicfnaanfgj"=hex:6b,61,62,67,6b,67,6e,63,63,66,69,6c,6c,6e,62,62,6b,6b,6a,69,70,.. "mamgchmgjdkgjdpcbdaagbapfo"=hex:6b,61,62,67,6b,67,6e,63,63,66,69,6c,6c,6e,62,62,6b,6b,6a,69,70,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\PROGRA~1\\boba\\boba2\\PODCAS~1.EXE"="C:\\PROGRA~1\\boba\\boba2\\PODCAS~1.EXE:*:Enabled:Share Streaming" "C:\\Program Files\\boba\\boba2\\PodcastBar.exe"="C:\\Program Files\\boba\\boba2\\PodcastBar.exe:*:Enabled:Share Streaming" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Disabled:BitLord" "C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"="C:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe:*:Enabled: " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Lexmark 2500 Series\\app4r.exe"="C:\\Program Files\\Lexmark 2500 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 10 Aug 2004 16,384 ..SHR --- "C:\1weicxa.com" Tue 10 Aug 2004 16,384 ..SHR --- "C:\80avp08.com" Tue 11 Mar 2008 103,034 ..SHR --- "C:\b.com" Fri 11 Jan 2008 107,309 ..SHR --- "C:\d.com" Sat 29 Mar 2008 103,953 ..SHR --- "C:\gjn2pjlw.exe" Wed 5 Mar 2008 107,146 ..SHR --- "C:\i.exe" Sat 19 Jan 2008 106,956 ..SHR --- "C:\m1t8ta.com" Tue 10 Aug 2004 16,384 ..SHR --- "C:\n1deiect.com" Fri 7 Dec 2007 125,329 ..SHR --- "C:\nideiect.com" Tue 4 Dec 2007 99,050 ..SHR --- "C:\ntde1ect.com" Mon 25 Feb 2008 107,959 ..SHR --- "C:\oufddh.exe" Tue 10 Aug 2004 16,384 ..SHR --- "C:\q.com" Fri 4 Apr 2008 103,037 ..SHR --- "C:\ranvrgn.exe" Mon 31 Mar 2008 103,624 ..SHR --- "C:\rthrw.com" Sat 5 Jan 2008 104,595 ..SHR --- "C:\semo2x.exe" Sun 6 Apr 2008 103,966 ..SHR --- "C:\t.com" Tue 10 Aug 2004 16,384 ..SHR --- "C:\uisvkqr.exe" Thu 14 Feb 2008 102,211 ..SHR --- "C:\x.com" Sat 29 Dec 2007 104,507 ..SHR --- "C:\xfoolavp.com" Sat 19 Jan 2008 106,956 ..SHR --- "C:\xn1i9x.com" Thu 6 Mar 2008 106,068 ..SHR --- "C:\xpbkh.com" Thu 3 Apr 2008 103,556 ..SHR --- "C:\xyw9tmdj.com" Mon 3 Mar 2008 106,476 ..SHR --- "C:\y82td3td.com" Mon 28 Jan 2008 104,734 ..SHR --- "C:\ylr.exe" Fri 14 Mar 2008 101,025 ..SHR --- "C:\yo2mq6.exe" Sun 6 Apr 2008 103,966 ..SHR --- "C:\WINDOWS\system32\amvo.exe" Mon 8 Sep 2008 70,656 ..SHR --- "C:\WINDOWS\system32\amvo0.dll" Sun 6 Apr 2008 70,656 ..SHR --- "C:\WINDOWS\system32\amvo1.dll" Tue 4 Dec 2007 32,732 ..SHR --- "C:\WINDOWS\system32\avpo1.dll" Wed 30 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Wed 30 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Wed 30 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Wed 30 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll" Wed 30 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Sun 8 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 14 Dec 2006 9,506 A.SH. --- "C:\Documents and Settings\Philippe\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Tue 2 Sep 2008 864,256 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL0136.tmp" Wed 3 Sep 2008 5,926,912 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL1161.tmp" Wed 3 Sep 2008 942,080 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL1566.tmp" Wed 3 Sep 2008 5,926,400 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL1843.tmp" Tue 2 Sep 2008 865,792 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL2196.tmp" Tue 2 Sep 2008 5,254,656 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL2264.tmp" Wed 3 Sep 2008 939,520 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL2399.tmp" Wed 3 Sep 2008 940,544 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\G‚n‚rale\documents\~WRL3999.tmp" Mon 14 Apr 2008 159,232 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL0132.tmp" Tue 15 Apr 2008 308,224 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL0249.tmp" Tue 15 Apr 2008 4,692,992 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL0948.tmp" Tue 15 Apr 2008 226,816 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL0974.tmp" Mon 14 Apr 2008 157,696 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL1250.tmp" Sat 22 Mar 2008 149,504 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL1298.tmp" Tue 15 Apr 2008 229,888 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL1323.tmp" Tue 15 Apr 2008 4,862,464 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL1344.tmp" Tue 15 Apr 2008 3,005,952 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL1402.tmp" Tue 15 Apr 2008 651,776 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL1885.tmp" Mon 14 Apr 2008 197,120 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL1980.tmp" Tue 15 Apr 2008 275,968 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL2108.tmp" Tue 15 Apr 2008 255,488 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL2552.tmp" Tue 15 Apr 2008 1,615,360 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL2748.tmp" Tue 15 Apr 2008 1,615,872 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL3043.tmp" Tue 15 Apr 2008 4,692,992 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL3298.tmp" Tue 15 Apr 2008 4,692,992 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL3349.tmp" Tue 15 Apr 2008 255,488 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL3745.tmp" Tue 15 Apr 2008 269,312 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\CAO\~WRL3871.tmp" Sat 29 Mar 2008 6,900,224 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0075.tmp" Sat 29 Mar 2008 148,992 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0109.tmp" Sat 29 Mar 2008 6,899,712 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0177.tmp" Sat 29 Mar 2008 6,707,712 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0350.tmp" Sat 29 Mar 2008 7,526,912 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0417.tmp" Sat 29 Mar 2008 2,665,472 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0589.tmp" Sat 29 Mar 2008 116,224 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0818.tmp" Sat 29 Mar 2008 151,552 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0836.tmp" Sat 29 Mar 2008 118,272 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL0883.tmp" Sat 29 Mar 2008 115,200 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1045.tmp" Sat 29 Mar 2008 145,920 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1101.tmp" Sat 29 Mar 2008 6,898,688 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1147.tmp" Sat 29 Mar 2008 128,000 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1187.tmp" Sat 29 Mar 2008 125,952 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1196.tmp" Sat 29 Mar 2008 145,920 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1237.tmp" Sat 29 Mar 2008 5,646,336 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1256.tmp" Sat 29 Mar 2008 146,944 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1420.tmp" Sat 29 Mar 2008 129,536 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1493.tmp" Sat 29 Mar 2008 145,920 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1496.tmp" Sat 29 Mar 2008 118,272 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1695.tmp" Sat 29 Mar 2008 6,899,712 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1699.tmp" Sat 29 Mar 2008 118,272 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1885.tmp" Sat 29 Mar 2008 135,168 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1922.tmp" Sat 29 Mar 2008 146,432 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1940.tmp" Sat 29 Mar 2008 132,608 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL1958.tmp" Sat 29 Mar 2008 7,528,448 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2154.tmp" Sat 29 Mar 2008 152,064 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2244.tmp" Sat 29 Mar 2008 6,709,760 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2327.tmp" Sat 29 Mar 2008 119,808 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2541.tmp" Sat 29 Mar 2008 6,897,664 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2596.tmp" Sat 29 Mar 2008 7,364,096 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2676.tmp" Sat 29 Mar 2008 6,896,640 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2714.tmp" Sat 29 Mar 2008 7,526,912 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2755.tmp" Sat 29 Mar 2008 809,984 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2812.tmp" Sat 29 Mar 2008 571,904 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2924.tmp" Sat 29 Mar 2008 126,464 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL2984.tmp" Sat 29 Mar 2008 139,264 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3081.tmp" Sat 29 Mar 2008 3,286,528 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3223.tmp" Sat 29 Mar 2008 121,344 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3234.tmp" Sat 29 Mar 2008 3,943,424 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3235.tmp" Sat 29 Mar 2008 7,527,936 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3247.tmp" Sat 29 Mar 2008 118,272 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3266.tmp" Sat 29 Mar 2008 6,707,200 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3307.tmp" Sat 29 Mar 2008 6,897,664 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3381.tmp" Sat 29 Mar 2008 6,269,440 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3388.tmp" Sat 29 Mar 2008 115,200 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3467.tmp" Sat 29 Mar 2008 7,346,688 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3693.tmp" Sat 29 Mar 2008 133,120 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3696.tmp" Sat 29 Mar 2008 7,346,176 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3712.tmp" Sat 29 Mar 2008 115,712 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3722.tmp" Sat 29 Mar 2008 152,576 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3799.tmp" Sat 29 Mar 2008 7,526,912 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3841.tmp" Sat 29 Mar 2008 122,880 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3887.tmp" Sat 29 Mar 2008 125,952 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL3977.tmp" Sat 29 Mar 2008 6,898,688 ...H. --- "C:\Documents and Settings\Philippe\Mes documents\Formation Ing‚\Microelectronique\Stage_Rennes\~WRL4029.tmp" Finished! et le nouveau log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:30:36, on 08/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\System32\svchost.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\DOCUME~1\Philippe\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [\YUR25F.exe] C:\Windows\system32\YUR25F.exe O4 - HKLM\..\Run: [\YUR110.exe] C:\Windows\system32\YUR110.exe O4 - HKLM\..\Run: [\YUR117.exe] C:\Windows\system32\YUR117.exe O4 - HKLM\..\Run: [\YUR126.exe] C:\Windows\system32\YUR126.exe O4 - HKLM\..\Run: [d003f594] rundll32.exe "C:\WINDOWS\system32\omtqhfpm.dll",b O4 - HKLM\..\Run: [\YUR13B.exe] C:\Windows\system32\YUR13B.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [\YUR110.exe] C:\Windows\system32\YUR110.exe O4 - HKCU\..\Run: [\YUR117.exe] C:\Windows\system32\YUR117.exe O4 - HKCU\..\Run: [\YUR126.exe] C:\Windows\system32\YUR126.exe O4 - HKCU\..\Run: [\YUR13B.exe] C:\Windows\system32\YUR13B.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f156991baca24e22beade2a60df2dc16 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f156991baca24e22beade2a60df2dc16 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www2.tellmemorecampus.com/bin/tol9inst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: yjadso.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 14368 bytes j'attends la suite avec impatience , j'ai déja des améliorations notable: plus de fenetre (ms) antivirus , plus de virus alert dans la barre des taches, etc... mais par contre toujours le bureau avec la récupération active desktop. Pour l'instant c'est ce que j'ai pu constater. Merci d'avance pour l'aide.

Merci pour ce début d'aide.J'ai donc installé sdfix comme prévu , démarer en mode sans échec lancé SDFix , puis y, et par contre SDFix a signalé qu'il devait redémarer le pc afin de libérer un trojan de la mémoire ou et qu'il fallait revenir après en mode sans échec pour relancé sdfix, j'ai donc cliqué sur ok, l'ordi a redémaré et j'ai relancé sdfix, l'analyse a débuté : starting repairs checking running processes and services _ pendant les 5 premières minutes le disque dur semblait travailler et là depuis 5min plus rien, en gros j'attends depuis 10min sans rien de nouveau, j'ai l'impression que SDfix est bloqué malgré le tiret a la ligne qui cligonte!. Merci de m'aider à débloquer cette situation.(je précise que je surfe avec un 2em ordi pendant ce temps).

bonjour à tous, je suis nouveau sur ce site que j'ai découvert sur le net en cherchant une solution à mo problème.Le voici: Comme beaucoup, je pense avoir attrapé un spyware/virus sur mon ordi ! J'ai la petite icone VIRUS ALERT ! en bas à côté de l'horloge, un "programme" qui se nomme ANTIVIRUS 2008 s'est installé et je n'ai plus accès à de nombreux programmes du menu démarrer. je n'ai également plus accès à mon gestionnaire des tâches. j'ai cru comprendre que la première étape était le rapport HijackThis et son analyse donc je poste ici mon premier rapport .Merci de bien vouloir m'expliquer étape par étape (vu que j'ai cru comprendre que chaque ordinateur infecté avait sa propre solution)! J'ai besoin de vous ! Merci d'avance ! je précise qu'il plante souvent et je perd donc le contrôle de l'ordi.En plus j'ai le papier peint du bureau en "récupération active desktop".Et sachant que je n'ai pas accès au gestionnaire de tâche je pense que je ne pourrais pas m'assurer à 100% que tous les programmes soient correctement fermer si il y a lieu de le faire dans les prochaines étapes. Merci pour votre aide rapide. voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:43:54, on 07/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\services.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Lexmark 2500 Series\lxddmon.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\MSA\MSA.exe C:\WINDOWS\system32\svchost.exe C:\Windows\system32\YUR126.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\DOCUME~1\Philippe\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\services.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\MSA\MSA.exe O4 - HKLM\..\Run: [\YUR25F.exe] C:\Windows\system32\YUR25F.exe O4 - HKLM\..\Run: [\YUR110.exe] C:\Windows\system32\YUR110.exe O4 - HKLM\..\Run: [\YUR117.exe] C:\Windows\system32\YUR117.exe O4 - HKLM\..\Run: [\YUR126.exe] C:\Windows\system32\YUR126.exe O4 - HKLM\..\Run: [d003f594] rundll32.exe "C:\WINDOWS\system32\omtqhfpm.dll",b O4 - HKLM\..\Run: [\YUR13B.exe] C:\Windows\system32\YUR13B.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [\YUR110.exe] C:\Windows\system32\YUR110.exe O4 - HKCU\..\Run: [\YUR117.exe] C:\Windows\system32\YUR117.exe O4 - HKCU\..\Run: [\YUR126.exe] C:\Windows\system32\YUR126.exe O4 - HKCU\..\Run: [\YUR13B.exe] C:\Windows\system32\YUR13B.exe O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f156991baca24e22beade2a60df2dc16 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f156991baca24e22beade2a60df2dc16 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www2.tellmemorecampus.com/bin/tol9inst.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: yjadso.dll O21 - SSODL: dgksvbpn - {64B51759-A3C6-41D9-B71A-D7481D8CB1CF} - (no file) O21 - SSODL: xrdwbfgn - {494CCC0C-8FB8-484D-B5A1-A9DA9EDBBE37} - C:\WINDOWS\xrdwbfgn.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 14989 bytes