Trojandownloader.Zlob et Softomate Toolbar...

Bonjour,

Commence par faire ceci :

Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

NOTE :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Tiens, voici le rapport

SmitFraudFix v2.112

Rapport fait à 17:07:00,26, 22/10/2006
Executé à partir de C:\Documents and Settings\mss\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe PRESENT !
C:\WINDOWS\system32\ismini.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mss


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mss\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mss\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Re,

Redémarre en mode sans échec

Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à la ou les questions
Sauvegarde puis poste le rapport.

-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide

- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.

Aide sur Hijackthis

Tiens, c'est le rapoort de SmitFraud

SmitFraudFix v2.112

Rapport fait à 17:57:39,37, 22/10/2006
Executé à partir de C:\Documents and Settings\mss\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\ishost.exe supprimé
C:\WINDOWS\system32\ismini.exe supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Et voici celui de HiJackThis.
Apparament y a encore des trucs dans ma becanne, les popups continuent à s'afficher et il m'a installé une nouvelle connexion a distance...

Pardon, voici le raport

Logfile of HijackThis v1.99.1
Scan saved at 17:59:09, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\mss\Bureau\Scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6CD4FA1F-600A-1E55-FFEC-0269812AB1AD} - C:\WINDOWS\system32\aatrkzb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll
O2 - BHO: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll
O2 - BHO: (no name) - {CD184C49-26DD-4DF0-A472-6AAA580D306D} - C:\WINDOWS\system32\jkhhe.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ckelpkj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckelpkj.dll,haacqif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Nphb] "C:\PROGRA~1\SSEMBL~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Iaviczhv] C:\Documents and Settings\mss\Mes documents\??mbols\n?tepad.exe
O4 - Startup: Notas.lnk = C:\Documents and Settings\mss\Mes documents\20 - Vins\Notas.doc
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Re,

Il ne reste pas qu'un truc  

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Apparament, VundoFix n'a pas eu de probleme
Voici son report


VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 18:21:22 22/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\ssqrrpm.dll
C:\WINDOWS\system32\ckelpkj.dll
C:\WINDOWS\system32\aatrkzb.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\ehhkj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqrrpm.dll
C:\WINDOWS\system32\ssqrrpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckelpkj.dll
C:\WINDOWS\system32\ckelpkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aatrkzb.dll
C:\WINDOWS\system32\aatrkzb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

et voici celui de HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:29:34, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\{1B7112F5-05D8-1036-0728-051222200021}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\SSEMBL~1\ntvdm.exe
C:\Documents and Settings\mss\Mes documents\??mbols\n?tepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\mss\Bureau\Scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6CD4FA1F-600A-1E55-FFEC-0269812AB1AD} - C:\WINDOWS\system32\aatrkzb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll
O2 - BHO: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll
O2 - BHO: (no name) - {D1A0A501-C81F-4AFD-BB26-057C0619BC7D} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ckelpkj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckelpkj.dll,haacqif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Nphb] "C:\PROGRA~1\SSEMBL~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Iaviczhv] C:\Documents and Settings\mss\Mes documents\??mbols\n?tepad.exe
O4 - Startup: Notas.lnk = C:\Documents and Settings\mss\Mes documents\20 - Vins\Notas.doc
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Par contre au démarge, il me manque un dll nommé ckelpkj.dll, c'est normal Angeldark ?

C'est normal, on y reviendra apres  

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Décidement, y avait du boulot !
Je te mettrai celui de hijackthis au cas tu en aies besoin
A tout

ComboFix Report

mss - 06-10-22 18:38:42,84 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\mss\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winspool.dll
C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\Program Files\Fichiers communs\{1B7112F5-05D8-1036-0728-051222200021}
C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\SSEMBL~1
C:\QooBox\Purity\Program Files\SSEMBL~1\?ssembly
C:\QooBox\Purity\Program Files\SSEMBL~1\ntvdm.exe
C:\QooBox\Purity\Documents and Settings\mss\Mes documents\MBOLS~1
C:\QooBox\Purity\Documents and Settings\mss\Mes documents\MBOLS~1\n?tepad.exe


((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


2006-10-22 17:06 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-22 17:06 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-22 17:06 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-22 17:06 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-22 15:28 2 --a------ C:\WINDOWS\system32\wintcc.exe
2006-10-22 15:28 131,072 --a------ C:\WINDOWS\system32\zpczw.dll
2006-10-22 15:27 15,872 --a------ C:\WINDOWS\system32\winbfi32.dll
2006-10-22 15:22 4 -r-h----- C:\WINDOWS\system32\rfsclairt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-22 16:14 -------- d-------- C:\Program Files\Lavasoft
2006-10-22 16:14 -------- d-------- C:\Documents and Settings\mss\Application Data\Lavasoft
2006-09-13 18:15 -------- d-------- C:\Program Files\Ciel e-Commerce
2006-09-13 18:14 753664 --a------ C:\WINDOWS\system32\ifsrel.dll
2006-09-13 18:14 -------- d-------- C:\Program Files\Common Files
2006-09-13 17:51 0 -rahs---- C:\MSDOS.SYS
2006-09-13 17:51 0 -rahs---- C:\IO.SYS
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-29 22:35 -------- d-------- C:\Program Files\iPod
2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Nphb"="\"C:\\PROGRA~1\\SSEMBL~1\\ntvdm.exe\" -vt yazb"
"Iaviczhv"="C:\\Documents and Settings\\mss\\Mes documents\\??mbols\\n?tepad.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"preload"="C:\\Windows\\RUNXMLPL.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SoundMan"="SOUNDMAN.EXE"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
"PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
"LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
"CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
"Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
"eRecoveryService"="C:\\Program Files\\Acer\\eRecovery\\Monitor.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ckelpkj.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ckelpkj.dll,haacqif"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbfi32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-22 18:40:48.59
C:\ComboFix.txt ... 06-10-22 18:40

et HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:42:27, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mss\Bureau\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infos-du-net.com/forum/261889-11-trojandownl...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6CD4FA1F-600A-1E55-FFEC-0269812AB1AD} - C:\WINDOWS\system32\aatrkzb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll
O2 - BHO: (no name) - {D1A0A501-C81F-4AFD-BB26-057C0619BC7D} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ckelpkj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckelpkj.dll,haacqif
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Nphb] "C:\PROGRA~1\SSEMBL~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Iaviczhv] C:\Documents and Settings\mss\Mes documents\??mbols\n?tepad.exe
O4 - Startup: Notas.lnk = C:\Documents and Settings\mss\Mes documents\20 - Vins\Notas.doc
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winbfi32 - C:\WINDOWS\SYSTEM32\winbfi32.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {6CD4FA1F-600A-1E55-FFEC-0269812AB1AD} - C:\WINDOWS\system32\aatrkzb.dll (file missing)l
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll (file missing)
O2 - BHO: (no name) - {D1A0A501-C81F-4AFD-BB26-057C0619BC7D} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Fichiers communs\{3B7112F5-05D8-1036-0728-051222200021}\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [ckelpkj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckelpkj.dll,haacqif
O4 - HKCU\..\Run: [Nphb] "C:\PROGRA~1\SSEMBL~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [Iaviczhv] C:\Documents and Settings\mss\Mes documents\??mbols\n?tepad.exe

Clique sur Fix checked (en bas à gauche)

S'il te plaît, va ici pour uploader un fichier douteux pour analyse.

"Your Username:" - Entre ton pseudo sur ce forum

"Topic Where File Was Requested:" - Copie-colle le lien vers cette discussion

"File(s) To Submit:" - Bouton "Parcourir..." pour naviguer vers ce nom de fichier : C:\WINDOWS\system32\zpczw.dll

Cliquez sur Send File

Double-clique VundoFix.exe afin de le lancer

NE clique PAS sur le bouton Scan for Vundo

Clique Droit dans la fenêtre blanche, choisis Add more files ?

Rajoute dans la première ligne :
C:\WINDOWS\system32\zpczw.dll
Dans la deuxième :
C:\WINDOWS\SYSTEM32\winbfi32.dll

Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo

Si l'outil te demande de redémarrer, accepte.

Copie/Colle ensuite le rapport C:\vundofix.txt

tiens, le rapport de vundoFix.
Le lien vers uploadmalware, c'est parceque tu n'avais jamais vu ce fichier ?

VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 18:21:22 22/10/2006

Listing files found while scanning....

C:\WINDOWS\system32\ssqrrpm.dll
C:\WINDOWS\system32\ckelpkj.dll
C:\WINDOWS\system32\aatrkzb.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\ehhkj.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqrrpm.dll
C:\WINDOWS\system32\ssqrrpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ckelpkj.dll
C:\WINDOWS\system32\ckelpkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\aatrkzb.dll
C:\WINDOWS\system32\aatrkzb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\jkhhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\zpczw.dll
C:\WINDOWS\system32\zpczw.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\winbfi32.dll
C:\WINDOWS\SYSTEM32\winbfi32.dll Has been deleted!

Performing Repairs to the registry.
Done!

c'est bon ?
Ou tu fais une pause pour le grand prix ?

Je fais une petite pause tout court  
Reposte un rapport Hijackthis stp.

Je comprends bien, je trouvais que tu avais un rythme drolement soutenu...
Tiens, voici le rapport.
A demain

Logfile of HijackThis v1.99.1
Scan saved at 00:54:22, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\EasyPHP1-8\EasyPHP.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mss\Bureau\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Notas.lnk = C:\Documents and Settings\mss\Mes documents\20 - Vins\Notas.doc
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Re,

On continue.

Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.

Redémarre en mode sans échec

Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.

Redémarre normalement
Copie/Colle le rapport ici.

Back dans les bacs, Contact !

Deux essais en mode sans echec
L'ordinateur s'est eteind brutalement après 5 min d'analyse.
J'essaie une analyse en mode normal, je ne sais pas si ca sert à quelquechose...

Voici le rapport du scan effectué en mode normal suite aux echecs du mode sans echec... hum hum...

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:02:50 23/10/2006

+ Résultat de l'analyse:



C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP235\A0023776.DLL -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\zpczw.dll .bad -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP235\A0023738.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP235\A0023739.DLL -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP235\A0023740.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP235\A0023691.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\VundoFix Backups\ssqrrpm.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Temp\idd2.tmp.exe -> Dialer.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP235\A0023731.exe -> Downloader.PurityScan.dc : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\mss\Cookies\mss@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@247realmedia[3].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@112.2o7[3].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@2o7[3].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@rockcoastmedia.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@vodafonees.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@my.adocean[2].txt -> TrackingCookie.Adocean : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@advertising[3].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@bluestreak[3].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@b.casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@casalemedia[3].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@promo.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@clickbank[2].txt -> TrackingCookie.Clickbank : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@com[2].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@fl01.ct2.comclick[3].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@as-us.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@as-us.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@as1.falkag[3].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@sel.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-alt64.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-newegg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-sixapart.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-sonyesolutions.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-sonyeu.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg-tsvgroup.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ilead.itrack[1].txt -> TrackingCookie.Itrack : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ivwbox[1].txt -> TrackingCookie.Ivwbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ivwbox[2].txt -> TrackingCookie.Ivwbox : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@stat.onestat[2].txt -> TrackingCookie.Onestat : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@data1.perf.overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@data2.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@qksrv[1].txt -> TrackingCookie.Qksrv : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ads1.revenue[1].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@revenue[3].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@serving-sys[3].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@www.smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@statcounter[2].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@statcounter[3].txt -> TrackingCookie.Statcounter : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@valueclick[3].txt -> TrackingCookie.Valueclick : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@statse.webtrendslive[3].txt -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ads.x10[1].txt -> TrackingCookie.X10 : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\mss\Cookies\mss@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport

Je suis désolé Angeldark, je suis moins sur mon ordi que dimanche... Je peux pas suivre tous tes procedures aussi rapidement que quand j'ai commencé...
Tu penses qu'il y a moyen qu'on arrive au bout ou tu abandonnes ?

On va y arriver.
Reposte un rapport Hijackthis stp.

A plus, merci


Logfile of HijackThis v1.99.1
Scan saved at 18:35:00, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mss\Bureau\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Notas.lnk = C:\Documents and Settings\mss\Mes documents\20 - Vins\Notas.doc
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Re,

Fixe ces lignes :

R3 - URLSearchHook: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll (file missing)
O2 - BHO: (no name) - {C21CAAE4-137F-1FD3-2214-197496DA78E0} - C:\WINDOWS\system32\zpczw.dll (file missing)
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

Supprime :
C:\Windows\RUNXMLPL.exe

C'est bon, c'est fait

Logfile of HijackThis v1.99.1
Scan saved at 19:29:04, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mss\Bureau\Scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Notas.lnk = C:\Documents and Settings\mss\Mes documents\20 - Vins\Notas.doc
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe