Se connecter avec
S'enregistrer | Connectez-vous

Spyware Doctor....suppression mais retour des problemes

Dernière réponse : dans Sécurité

Bonjour a tous!
je me suis pris un trojan dans la tronche.generalement je formate le PC mais comme j'ai une nouvelle config sans le CD de XP, j'aimerai eviter..
Donc je passe un coup de SpywareDoctor, il me detecte une dizaine d'infection, puis les supprime (enfin presque..)
bien sur, apres reboot du PC et connection au net, ces dites infection reviennent (plus nombreuses!) et provoque ouverture de pages intempestive (surtout pour vendre des soft antivirus).
Voici a peu pres ce que me detecte SD:
-trojan.downloader.conhook
-known bad site
-virtumonde
-rogue anti-spyware products
je voulait faire un scan en mode sans echec, mais SD me l'a deconseille.
Voici le rapport hi-jack.
Merci a tous pour votre aide!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OGRIMM~1\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22133ce5-39f8-4758-adce-b2f120d8ae64} - C:\WINDOWS\system32\msasuiu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\pmnmkh.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/online2/mystery_solitaire...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D033160-9057-4795-99D6-D926BF2EBAF1}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: msasuiu - C:\WINDOWS\SYSTEM32\msasuiu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Lassé par la pub ? Créez un compte

Bonjour,

Télécharge Blacklight https://europe.f-secure.com/blacklight/try.shtml (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

voici:

05/25/07 19:17:39 [Info]: BlackLight Engine 1.0.61 initialized
05/25/07 19:17:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/25/07 19:17:39 [Note]: 7019 4
05/25/07 19:17:39 [Note]: 7005 0
05/25/07 19:17:41 [Note]: 7006 0
05/25/07 19:17:41 [Note]: 7011 1324
05/25/07 19:17:41 [Note]: 7026 0
05/25/07 19:17:41 [Note]: 7026 0
05/25/07 19:17:43 [Note]: FSRAW library version 1.7.1021
05/25/07 20:13:29 [Note]: 7007 0

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    rapport vundo:

    VundoFix V6.4.1

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 20:44:01 25/05/2007

    Listing files found while scanning....

    C:\WINDOWS\hkmnmp.ini
    C:\WINDOWS\pmnmkh.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\hkmnmp.ini
    C:\WINDOWS\hkmnmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\pmnmkh.dll
    C:\WINDOWS\pmnmkh.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    -----------------------------------------
    rapport hijack:
    Logfile of HijackThis v1.99.1
    Scan saved at 20:54:46, on 25/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ogrim mortuus\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {22133ce5-39f8-4758-adce-b2f120d8ae64} - C:\WINDOWS\system32\msasuiu.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/online2/mystery_solitaire...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D033160-9057-4795-99D6-D926BF2EBAF1}: NameServer = 213.36.80.1 213.36.80.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: msasuiu - C:\WINDOWS\SYSTEM32\msasuiu.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    PS:merci a tout pour votre aide!

    Re,

    Télécharge Combofix
    Sauvegarde-le sur ton Bureau et pas ailleurs !

    Clique sur le menu Démarrer puis Executer, copie/colle ceci :
    "%userprofile%\Bureau\combofix.exe" /v msasuiu
    Clique sur [OK]. Suis les invites.

    Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.

    "Ogrim mortuus" - 2007-05-25 21:20:51 Service Pack 2
    ComboFix 07-05.26.V - Running from: "C:\Documents and Settings\Ogrim mortuus\Bureau\"
    Command switches used :: "/v msasuiu"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\msasuiu.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))


    2007-05-25 20:44 <REP> d-------- C:\VundoFix Backups
    2007-05-25 18:39 <REP> d-------- C:\WINDOWS\pss
    2007-05-25 08:26 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-05-24 15:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-05-24 15:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-05-24 15:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-05-24 15:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-05-24 15:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-05-24 15:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-05-24 15:22 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-05-24 15:22 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\PC Tools
    2007-05-24 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    2007-05-23 21:15 34,620 --a------ C:\WINDOWS\system32\ddcyx.exe
    2007-05-23 21:10 8,436 --a------ C:\WINDOWS\system32\mlljghh.dll
    2007-05-23 20:56 <REP> d-------- C:\Program Files\XLN Audio
    2007-05-23 20:40 <REP> d-------- C:\addict
    2007-05-22 22:03 <REP> d-------- C:\Program Files\Images Webscan
    2007-05-22 21:25 <REP> d-------- C:\Program Files\GeoHTML
    2007-05-22 19:47 <REP> d-------- C:\Program Files\Visicom Media
    2007-05-22 19:47 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\vmntoolbar
    2007-05-22 19:40 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Jasc
    2007-05-22 19:39 <REP> d-------- C:\Program Files\Easy GIF Animator
    2007-05-22 19:30 <REP> d-------- C:\Program Files\SWiSHmax
    2007-05-22 13:45 <REP> d-------- C:\Program Files\Toontrack
    2007-05-21 21:25 299,520 --a------ C:\WINDOWS\uninst.exe
    2007-05-21 21:25 <REP> d-------- C:\Program Files\Alien Connections
    2007-05-21 21:25 <REP> d-------- C:\DOCUME~1\OGRIMM~1\WINDOWS
    2007-05-21 21:20 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll
    2007-05-21 21:20 487,424 --a------ C:\WINDOWS\system32\mscvp70.dll
    2007-05-21 21:20 <REP> d-------- C:\Program Files\Synful
    2007-05-21 21:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Synful
    2007-05-21 14:31 <REP> d-------- C:\Program Files\iZotope
    2007-05-21 14:31 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
    2007-05-16 23:18 <REP> d-------- C:\Program Files\eDrum MIDI Mapper
    2007-05-16 23:18 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Chaotic Box
    2007-05-12 18:31 <REP> d-------- C:\Program Files\Elaborate Bytes
    2007-05-08 12:57 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Google
    2007-05-08 12:56 <REP> d-------- C:\Program Files\Google
    2007-05-05 21:29 <REP> d-------- C:\Program Files\Native Instruments
    2007-05-05 21:29 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
    2007-05-05 00:48 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Real
    2007-04-25 23:01 <REP> d-------- C:\Program Files\ApprenezLesPremiersSecours


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-25 19:25:06 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2007-05-25 19:25:06 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2007-05-25 18:55:53 65,498 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-05-25 18:55:53 449,540 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-05-25 17:11:52 -------- d-----w C:\Program Files\AIDA32 - Personal System Information
    2007-05-22 19:40:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-22 17:40:48 -------- d-----w C:\Program Files\Jasc Software Inc
    2007-05-22 09:02:55 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Canon
    2007-05-15 22:05:03 -------- d-----w C:\Program Files\Steinberg
    2007-05-08 10:56:25 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-23 18:31:04 -------- d-----w C:\Program Files\Mystery Solitaire Secret Island
    2007-04-22 19:29:24 -------- d-----w C:\Program Files\AUDIOTRAK
    2007-04-22 19:26:43 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Steinberg
    2007-04-22 19:23:01 -------- d-----w C:\Program Files\Syncrosoft
    2007-04-21 20:45:28 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\InterVideo
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 09:38:44 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Ableton
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-04 09:44:12 -------- d-----w C:\Program Files\CDBurnerXP Pro 3
    2007-04-03 07:22:23 -------- d-----w C:\Program Files\activePDF
    2007-04-02 17:02:17 -------- d-----w C:\Program Files\VGA USB Camera
    2007-04-02 17:02:14 -------- d-----w C:\Program Files\directx
    2007-03-30 21:19:06 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\AdobeUM
    2007-03-30 19:44:25 -------- d-----w C:\Program Files\PDF Editeur 2
    2007-03-30 19:43:29 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
    2007-03-30 19:24:56 -------- d-----w C:\Program Files\Easy PDF to HTML Converter
    2007-03-30 19:22:30 -------- d-----w C:\Program Files\Easy PDF to Word Converter
    2007-03-30 15:44:22 -------- d-----w C:\Program Files\Rainbow Mystery
    2007-03-30 15:42:45 -------- d-----w C:\Program Files\ReflexiveArcade
    2007-03-26 14:43:23 -------- d-----w C:\Program Files\Creative
    2007-03-26 11:09:27 -------- d-----w C:\Program Files\Shareaza
    2007-03-25 15:28:26 -------- d-----w C:\Program Files\MSN Messenger
    2007-03-25 13:18:47 -------- d-----w C:\Program Files\Canon
    2007-03-25 12:31:24 -------- d-----w C:\Program Files\Microsoft Works
    2007-03-25 12:31:15 -------- d-----w C:\Program Files\MSBuild
    2007-03-25 12:30:30 -------- d-----w C:\Program Files\Microsoft.NET
    2007-03-25 12:21:15 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\GlobalSCAPE
    2007-03-25 12:20:52 -------- d-----w C:\Program Files\CuteFTP Pro
    2007-03-25 12:15:42 -------- d-----w C:\Program Files\Messenger
    2007-03-25 12:14:37 -------- d-----w C:\Program Files\GIMP
    2007-03-25 12:12:57 75,791 ----a-w C:\WINDOWS\unins000.exe
    2007-03-25 12:12:57 17,021 ----a-w C:\WINDOWS\unins000.dat
    2007-03-25 12:12:56 -------- d-----w C:\Program Files\Fichiers communs\GTK
    2007-03-25 12:12:04 -------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-03-25 12:11:42 -------- d-----w C:\Program Files\Media Player Classic
    2007-03-25 12:11:29 -------- d-----w C:\Program Files\QuickTime Alternative
    2007-03-25 12:09:17 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Jasc Software Inc
    2007-03-25 12:06:27 -------- d-----w C:\Program Files\Winamp
    2007-03-25 12:05:20 -------- d-----w C:\Program Files\Cool2000
    2007-03-25 12:04:35 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Syntrillium
    2007-03-25 12:01:14 -------- d-----w C:\Program Files\Fichiers communs\Macromedia Shared
    2007-03-25 11:58:59 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Publish Providers
    2007-03-25 11:58:59 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\NetMedia Providers
    2007-03-25 11:58:56 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Sonic Foundry
    2007-03-25 11:58:10 -------- d-----w C:\Program Files\Sonic Foundry
    2007-03-25 11:57:37 -------- d-----w C:\Program Files\Sonic Foundry Setup
    2007-03-24 19:50:46 -------- d-----w C:\Program Files\Yahoo!
    2007-03-24 19:32:34 -------- d-----w C:\Program Files\SAGEM
    2007-03-24 19:31:23 -------- d-----w C:\Program Files\Alwil Software
    2007-03-24 19:26:42 47,730 ----a-w C:\WINDOWS\system32\compare.dat
    2007-03-24 19:26:01 -------- d-----w C:\Program Files\Raccourcis de programmes
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-02-12 14:58:02 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
    2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34]
    "RTHDCPL"="RTHDCPL.EXE" []
    "SkyTel"="SkyTel.EXE" []
    "Alcmtr"="ALCMTR.EXE" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58]
    "nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]
    "Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 10:26]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-24 17:29]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 18:10]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-25 21:25:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-25 21:27:01 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-25 21:27

    --- E O F ---

    Re,

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Fais les mises à jour mais ne lance pas de scan pour le moment.
    AIDE : Tuto sur AVG Anti-Spyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS :
    - Choisis l'onglet "Analyse"
    - Puis l'onglet "Paramètres"
    - Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    - Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    [#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Redémarre normalement.
    Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

    voici le rapport AVGAS:

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 16:31:47 26/05/2007

    + Résultat de l'analyse:



    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@e-2dj6wgkiqoazihp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@e-2dj6wjl4gpcpecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@search.live[2].txt -> TrackingCookie.Live : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@image.masterstats[1].txt -> TrackingCookie.Masterstats : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@www.paypal[2].txt -> TrackingCookie.Paypal : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@revsci[2].txt -> TrackingCookie.Revsci : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@specificclick[2].txt -> TrackingCookie.Specificclick : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@webstat[1].txt -> TrackingCookie.Web-stat : Aucune action entreprise.
    C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.


    Fin du rapport

    ----------------------------------
    rapport hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:35:46, on 26/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Ogrim mortuus\Bureau\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/online2/mystery_solitaire...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    Merci!

    Re,

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Sélectionne TOUS les emplacements en gras ci-dessous :

    C:\WINDOWS\system32\ddcyx.exe
    C:\WINDOWS\system32\mlljghh.dll


    ---> Clique-droit puis Copier (ou Ctrl+C)

    Double-clique sur OTMoveIt.exe afin de le lancer.
    Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    C:\WINDOWS\system32\ddcyx.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlljghh.dll
    C:\WINDOWS\system32\mlljghh.dll NOT unregistered.
    C:\WINDOWS\system32\mlljghh.dll moved successfully.

    Created on 05/26/2007 18:29:45

    "Ogrim mortuus" - 2007-05-26 19:13:07 Service Pack 2
    ComboFix 07-05.26.V - Running from: "C:\Documents and Settings\Ogrim mortuus\Bureau\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-26 ))))))))))))))))))))))))))))))))))


    2007-05-25 22:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-05-25 21:27 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-05-25 20:44 <REP> d-------- C:\VundoFix Backups
    2007-05-25 18:39 <REP> d-------- C:\WINDOWS\pss
    2007-05-25 08:26 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-05-24 15:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-05-24 15:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-05-24 15:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-05-24 15:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-05-24 15:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-05-24 15:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-05-24 15:22 <REP> d-------- C:\Program Files\Spyware Doctor
    2007-05-24 15:22 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\PC Tools
    2007-05-24 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
    2007-05-23 20:56 <REP> d-------- C:\Program Files\XLN Audio
    2007-05-23 20:40 <REP> d-------- C:\addict
    2007-05-22 22:03 <REP> d-------- C:\Program Files\Images Webscan
    2007-05-22 21:25 <REP> d-------- C:\Program Files\GeoHTML
    2007-05-22 19:47 <REP> d-------- C:\Program Files\Visicom Media
    2007-05-22 19:47 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\vmntoolbar
    2007-05-22 19:40 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Jasc
    2007-05-22 19:39 <REP> d-------- C:\Program Files\Easy GIF Animator
    2007-05-22 19:30 <REP> d-------- C:\Program Files\SWiSHmax
    2007-05-22 13:45 <REP> d-------- C:\Program Files\Toontrack
    2007-05-21 21:25 299,520 --a------ C:\WINDOWS\uninst.exe
    2007-05-21 21:25 <REP> d-------- C:\Program Files\Alien Connections
    2007-05-21 21:25 <REP> d-------- C:\DOCUME~1\OGRIMM~1\WINDOWS
    2007-05-21 21:20 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll
    2007-05-21 21:20 487,424 --a------ C:\WINDOWS\system32\mscvp70.dll
    2007-05-21 21:20 <REP> d-------- C:\Program Files\Synful
    2007-05-21 21:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Synful
    2007-05-21 14:31 <REP> d-------- C:\Program Files\iZotope
    2007-05-21 14:31 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
    2007-05-16 23:18 <REP> d-------- C:\Program Files\eDrum MIDI Mapper
    2007-05-16 23:18 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Chaotic Box
    2007-05-12 18:31 <REP> d-------- C:\Program Files\Elaborate Bytes
    2007-05-08 12:57 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Google
    2007-05-08 12:56 <REP> d-------- C:\Program Files\Google
    2007-05-05 21:29 <REP> d-------- C:\Program Files\Native Instruments
    2007-05-05 21:29 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
    2007-05-05 00:48 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Real


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-26 16:28:28 65,498 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-05-26 16:28:28 449,540 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-05-26 14:40:31 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2007-05-26 14:40:31 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
    2007-05-25 17:11:52 -------- d-----w C:\Program Files\AIDA32 - Personal System Information
    2007-05-22 19:40:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-22 17:40:48 -------- d-----w C:\Program Files\Jasc Software Inc
    2007-05-22 09:02:55 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Canon
    2007-05-15 22:05:03 -------- d-----w C:\Program Files\Steinberg
    2007-05-08 10:56:25 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-04-25 21:04:42 -------- d-----w C:\Program Files\ApprenezLesPremiersSecours
    2007-04-23 18:31:04 -------- d-----w C:\Program Files\Mystery Solitaire Secret Island
    2007-04-22 19:29:24 -------- d-----w C:\Program Files\AUDIOTRAK
    2007-04-22 19:26:43 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Steinberg
    2007-04-22 19:23:01 -------- d-----w C:\Program Files\Syncrosoft
    2007-04-21 20:45:28 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\InterVideo
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-18 09:38:44 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Ableton
    2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-04 09:44:12 -------- d-----w C:\Program Files\CDBurnerXP Pro 3
    2007-04-03 07:22:23 -------- d-----w C:\Program Files\activePDF
    2007-04-02 17:02:17 -------- d-----w C:\Program Files\VGA USB Camera
    2007-04-02 17:02:14 -------- d-----w C:\Program Files\directx
    2007-03-30 21:19:06 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\AdobeUM
    2007-03-30 19:44:25 -------- d-----w C:\Program Files\PDF Editeur 2
    2007-03-30 19:43:29 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
    2007-03-30 19:24:56 -------- d-----w C:\Program Files\Easy PDF to HTML Converter
    2007-03-30 19:22:30 -------- d-----w C:\Program Files\Easy PDF to Word Converter
    2007-03-30 15:44:22 -------- d-----w C:\Program Files\Rainbow Mystery
    2007-03-30 15:42:45 -------- d-----w C:\Program Files\ReflexiveArcade
    2007-03-26 14:43:23 -------- d-----w C:\Program Files\Creative
    2007-03-26 11:09:27 -------- d-----w C:\Program Files\Shareaza
    2007-03-25 15:28:26 -------- d-----w C:\Program Files\MSN Messenger
    2007-03-25 13:18:47 -------- d-----w C:\Program Files\Canon
    2007-03-25 12:31:24 -------- d-----w C:\Program Files\Microsoft Works
    2007-03-25 12:31:15 -------- d-----w C:\Program Files\MSBuild
    2007-03-25 12:30:30 -------- d-----w C:\Program Files\Microsoft.NET
    2007-03-25 12:21:15 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\GlobalSCAPE
    2007-03-25 12:20:52 -------- d-----w C:\Program Files\CuteFTP Pro
    2007-03-25 12:15:42 -------- d-----w C:\Program Files\Messenger
    2007-03-25 12:14:37 -------- d-----w C:\Program Files\GIMP
    2007-03-25 12:12:57 75,791 ----a-w C:\WINDOWS\unins000.exe
    2007-03-25 12:12:57 17,021 ----a-w C:\WINDOWS\unins000.dat
    2007-03-25 12:12:56 -------- d-----w C:\Program Files\Fichiers communs\GTK
    2007-03-25 12:12:04 -------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-03-25 12:11:42 -------- d-----w C:\Program Files\Media Player Classic
    2007-03-25 12:11:29 -------- d-----w C:\Program Files\QuickTime Alternative
    2007-03-25 12:09:17 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Jasc Software Inc
    2007-03-25 12:06:27 -------- d-----w C:\Program Files\Winamp
    2007-03-25 12:05:20 -------- d-----w C:\Program Files\Cool2000
    2007-03-25 12:04:35 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Syntrillium
    2007-03-25 12:01:14 -------- d-----w C:\Program Files\Fichiers communs\Macromedia Shared
    2007-03-25 11:58:59 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Publish Providers
    2007-03-25 11:58:59 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\NetMedia Providers
    2007-03-25 11:58:56 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Sonic Foundry
    2007-03-25 11:58:10 -------- d-----w C:\Program Files\Sonic Foundry
    2007-03-25 11:57:37 -------- d-----w C:\Program Files\Sonic Foundry Setup
    2007-03-24 19:50:46 -------- d-----w C:\Program Files\Yahoo!
    2007-03-24 19:32:34 -------- d-----w C:\Program Files\SAGEM
    2007-03-24 19:31:23 -------- d-----w C:\Program Files\Alwil Software
    2007-03-24 19:26:42 47,730 ----a-w C:\WINDOWS\system32\compare.dat
    2007-03-24 19:26:01 -------- d-----w C:\Program Files\Raccourcis de programmes
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
    2007-02-12 14:58:02 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
    2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34]
    "RTHDCPL"="RTHDCPL.EXE" []
    "SkyTel"="SkyTel.EXE" []
    "Alcmtr"="ALCMTR.EXE" []
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58]
    "nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]
    "Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 10:26]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-24 17:29]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
    "fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 18:10]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]


    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-26 19:15:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    ********************************************************************

    Completion time: 2007-05-26 19:16:18
    C:\ComboFix-quarantined-files.txt ... 2007-05-26 19:16
    C:\ComboFix2.txt ... 2007-05-25 21:27

    --- E O F ---

    Rapport fait à 19:36:54,46 le 26/05/2007

    Le volume dans le lecteur C s'appelle 468389
    Le num‚ro de s‚rie du volume est 300B-231F

    R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

    23/11/2006 20:53 <REP> Macromedia
    23/11/2006 20:02 <REP> Identities
    23/11/2006 20:01 62 desktop.ini
    23/11/2006 20:01 <REP> ..
    23/11/2006 20:01 <REP> Microsoft
    23/11/2006 20:01 <REP> .
    1 fichier(s) 62 octets
    5 R‚p(s) 277583532032 octets libres
    Le volume dans le lecteur C s'appelle 468389
    Le num‚ro de s‚rie du volume est 300B-231F

    R‚pertoire de C:\Documents and Settings\All Users\Application Data

    24/05/2007 15:17 <REP> Google Updater
    21/05/2007 21:20 <REP> Synful
    12/05/2007 18:33 85 .zreglib
    18/04/2007 11:38 <REP> Ableton
    30/03/2007 17:45 <REP> SugarGames
    28/03/2007 18:07 <REP> SpinTop Games
    26/03/2007 16:44 <REP> Windows Genuine Advantage
    25/03/2007 14:27 <REP> Microsoft Help
    25/03/2007 14:11 <REP> QuickTime
    25/03/2007 14:01 <REP> Macrovision
    23/11/2006 20:51 62 desktop.ini
    23/11/2006 20:51 <REP> Microsoft
    23/11/2006 20:51 <REP> ..
    23/11/2006 20:51 <REP> .
    23/11/2006 20:49 <REP> Adobe
    2 fichier(s) 147 octets
    13 R‚p(s) 277583527936 octets libres
    Le volume dans le lecteur C s'appelle 468389
    Le num‚ro de s‚rie du volume est 300B-231F

    R‚pertoire de C:\Documents and Settings\Default User\Application Data

    24/03/2007 21:26 <REP> Identities
    24/03/2007 21:26 <REP> Macromedia
    23/11/2006 20:51 62 desktop.ini
    23/11/2006 20:51 <REP> ..
    23/11/2006 20:51 <REP> Microsoft
    23/11/2006 20:51 <REP> .
    1 fichier(s) 62 octets
    5 R‚p(s) 277583527936 octets libres
    Le volume dans le lecteur C s'appelle 468389
    Le num‚ro de s‚rie du volume est 300B-231F

    R‚pertoire de C:\Documents and Settings\Ogrim mortuus\Application Data

    24/05/2007 15:22 <REP> PC Tools
    22/05/2007 19:47 <REP> vmntoolbar
    22/05/2007 19:40 <REP> Jasc
    16/05/2007 23:18 <REP> Chaotic Box
    08/05/2007 12:57 <REP> Google
    05/05/2007 00:48 <REP> Real
    22/04/2007 21:26 <REP> Steinberg
    21/04/2007 22:45 <REP> InterVideo
    18/04/2007 11:38 <REP> Ableton
    30/03/2007 23:19 <REP> AdobeUM
    25/03/2007 15:53 <REP> Sun
    25/03/2007 15:20 <REP> Canon
    25/03/2007 14:53 <REP> Adobe
    25/03/2007 14:21 <REP> GlobalSCAPE
    25/03/2007 14:09 <REP> Jasc Software Inc
    25/03/2007 14:04 <REP> Syntrillium
    25/03/2007 13:58 <REP> NetMedia Providers
    25/03/2007 13:58 <REP> Publish Providers
    25/03/2007 13:58 <REP> Sonic Foundry
    24/03/2007 21:26 62 desktop.ini
    24/03/2007 21:26 <REP> Identities
    24/03/2007 21:26 <REP> Macromedia
    24/03/2007 21:26 <REP> Microsoft
    24/03/2007 21:26 <REP> .
    24/03/2007 21:26 <REP> ..
    1 fichier(s) 62 octets
    24 R‚p(s) 277583527936 octets libres
    ******************************************
    Recherche des taches planifiées dans C:\WINDOWS\tasks

    Le volume dans le lecteur C s'appelle 468389
    Le num‚ro de s‚rie du volume est 300B-231F

    R‚pertoire de C:\WINDOWS\Tasks

    23/11/2006 20:01 6 SA.DAT
    23/11/2006 19:57 <REP> ..
    23/11/2006 19:57 <REP> .
    22/11/2006 21:41 65 desktop.ini
    2 fichier(s) 71 octets
    2 R‚p(s) 277ÿ583ÿ527ÿ936 octets libres

    ******************************************
    Recherche dans Program files

    Pas de dossiers relatifs à Lop
    ******************************************
    Recherche d'infections connues


    C:\WINDOWS\system32\csrss.exe Wareout possible ! [#ff0000]faux-positif si csrss.exe ![/#f]
    *************** Fin du rapport ****************

    C:\Documents and Settings\Ogrim mortuus\Application Data\vmntoolbar\NewCfg moved successfully.
    C:\Documents and Settings\Ogrim mortuus\Application Data\vmntoolbar moved successfully.
    C:\WINDOWS\system32\perfc00C.dat moved successfully.
    C:\WINDOWS\system32\perfh00C.dat moved successfully.

    Created on 05/26/2007 20:08:39

    Logfile of HijackThis v1.99.1
    Scan saved at 20:21:59, on 26/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Ogrim mortuus\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/online2/mystery_solitaire...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D033160-9057-4795-99D6-D926BF2EBAF1}: NameServer = 213.36.80.1 213.36.80.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    en faisant un scan avec spyware doctor.....oui!!!!
    il me trouve:
    -1 infection pour "trojan.downloader.conhook"
    -2 pour "tracking cookies"
    -2 pour "rogue anti spaywareproducts"
    -1 pour "win-anti-spyware"
    -1 pour "trojan.PWS.tanspy"
    -1 pour "trojans.downloader.ruins"
    -1 "advertising"

    heu....c grave? :pt1cable: 

    Je les ai supprimes puis apres reboot et scan par Spyware Doctor, il me trouve 0 infections.
    Apres surf sur le net de 5 min, SD me retrouve 1 "advertising" et 2 "tracking cookies".
    avec le peu de connaissance que j'ai , c'est normal je pense puisque c'est des cookies?
    en tout cas plus de fenetres intempestives qui s'ouvre pour me vanter les merites de tel ou tel logiciel anti-spyware
    faut surveiller de temps a autre je pense...
    en tout cas, encore une fois de plus merci!
    Ca en est fini ou pas?

    hum....me revoila...
    ben apres 20 mion de surf et un scan SD, voici le result:
    -"Known Bad Sites" ==>2 infections
    SD le stipule comme grave est en fait cette description:
    "Indicates that a known bad site may have hijacked. Adware, Spyware and Phishing sites may use the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site such as your Bank."
    Je comprend pas mal l'anglais, et la franchement ca me fait peur pour mes consult de banque en ligne, Paypal et autre.....
    :heink: 

    alors g fai un essai
    1.scan==>detection du "known bad site"==>suppresion
    2.rescan==>0 infections
    3.deconnection
    4.reconnection
    5.navigation durant 5 minutes
    6.==>scan et detection de "known bad files"
    7.mise en quarantaine et suppression
    malheuresement, SpywareDoctor ne m'indique pas l'emplacement...

    voici deux screen.
    le probleme est reapparu.
    j'ai fait expres d'aller naviguer sur un sites dit "sensibles".
    Jai pris un site porno et non un site banquaire ou paypal.
    Je me demande si cette menace en est vraiment une et si ce n'est pas simplement un cookies?
    le tout est de savoir si je peut continuer a naviguer sur le site de ma banque et faire des achats en ligne en toute tranquilite...

    hum...
    ce qui me faisait peur c'est que c'etait indiqué niveau haut...
    j'ai refait a l'instant un scan est c nickel
    Pourquoi SD met ces cookies en "haut risque"?
    Je pense parce que generalement sur ce genre de site, tu utilise une carte de credit?
    enfin bref, merci pour tout!!!!

    Encore moi....
    le retour des emmerdes....
    cette fois ci, mon pc se trouve ralenti avec des pubs intempestives, et ce sans aller sur des sites sensibles!
    G refait un scan SD et voici:

    alors la je pige plus...sans rien faire de particulier.
    J'ai un cd de restauration (je prefere plus la methode du reformat et re-installe mais bon, c'est une nouvelle config toute faites que j'ai et donc pas de cd de windows...), il y a un risque de pertes de données et une réelles posibilites d'amelioration?
    Merci et desole d'etre un peu casse c....

    et si ca peut aider.....

    Logfile of HijackThis v1.99.1
    Scan saved at 23:22:38, on 29/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\MICROS~2\Office12\MSTORDB.EXE
    C:\Documents and Settings\Ogrim mortuus\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults...*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/online2/mystery_solitaire...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D033160-9057-4795-99D6-D926BF2EBAF1}: NameServer = 213.36.80.1 213.36.80.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    Lassé par la pub ? Créez un compte
    Tom's guide dans le monde