Bonjour a tous!
je me suis pris un trojan dans la tronche.generalement je formate le PC mais comme j'ai une nouvelle config sans le CD de XP, j'aimerai eviter..
Donc je passe un coup de SpywareDoctor, il me detecte une dizaine d'infection, puis les supprime (enfin presque..)
bien sur, apres reboot du PC et connection au net, ces dites infection reviennent (plus nombreuses!) et provoque ouverture de pages intempestive (surtout pour vendre des soft antivirus).
Voici a peu pres ce que me detecte SD:
-trojan.downloader.conhook
-known bad site
-virtumonde
-rogue anti-spyware products
je voulait faire un scan en mode sans echec, mais SD me l'a deconseille.
Voici le rapport hi-jack.
Merci a tous pour votre aide!
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OGRIMM~1\LOCALS~1\Temp\Rar$EX00.438\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22133ce5-39f8-4758-adce-b2f120d8ae64} - C:\WINDOWS\system32\msasuiu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\pmnmkh.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/onli [...] uncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D033160-9057-4795-99D6-D926BF2EBAF1}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: msasuiu - C:\WINDOWS\SYSTEM32\msasuiu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 

Bonjour,
 
Télécharge Blacklight https://europe.f-secure.com/blacklight/try.shtml(F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.
 
A la fin du scan, NE TOUCHE A RIEN !
 
Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.
 
Poste le rapport sur le forum.

voici:
 
05/25/07 19:17:39 [Info]: BlackLight Engine 1.0.61 initialized
05/25/07 19:17:39 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/25/07 19:17:39 [Note]: 7019 4
05/25/07 19:17:39 [Note]: 7005 0
05/25/07 19:17:41 [Note]: 7006 0
05/25/07 19:17:41 [Note]: 7011 1324
05/25/07 19:17:41 [Note]: 7026 0
05/25/07 19:17:41 [Note]: 7026 0
05/25/07 19:17:43 [Note]: FSRAW library version 1.7.1021
05/25/07 20:13:29 [Note]: 7007 0

Bonjour,
 
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
• Clique sur le bouton Scan for Vundo
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

rapport vundo:
 
VundoFix V6.4.1
 
Checking Java version...
 
Java version is 1.5.0.11
 
Scan started at 20:44:01 25/05/2007
 
Listing files found while scanning....
 
C:\WINDOWS\hkmnmp.ini
C:\WINDOWS\pmnmkh.dll
 
Beginning removal...
 
 Attempting to delete C:\WINDOWS\hkmnmp.ini
C:\WINDOWS\hkmnmp.ini Has been deleted!
 
 Attempting to delete C:\WINDOWS\pmnmkh.dll
C:\WINDOWS\pmnmkh.dll Has been deleted!
 
Performing Repairs to the registry.
Done!
 
-----------------------------------------
rapport hijack:
Logfile of HijackThis v1.99.1
Scan saved at 20:54:46, on 25/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ogrim mortuus\Bureau\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22133ce5-39f8-4758-adce-b2f120d8ae64} - C:\WINDOWS\system32\msasuiu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/onli [...] uncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D033160-9057-4795-99D6-D926BF2EBAF1}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: msasuiu - C:\WINDOWS\SYSTEM32\msasuiu.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 
PS:merci a tout pour votre aide!
 

Re,
 
Télécharge Combofix
Sauvegarde-le sur ton Bureau et pas ailleurs !
 
Clique sur le menu Démarrer puis Executer, copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v msasuiu
Clique sur [OK]. Suis les invites.
 
Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.  

"Ogrim mortuus" - 2007-05-25 21:20:51    Service Pack 2  
ComboFix 07-05.26.V - Running from: "C:\Documents and Settings\Ogrim mortuus\Bureau\"
Command switches used :: "/v msasuiu"
 
 
((((((((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\WINDOWS\system32\msasuiu.dll
 
 
* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 
 
 
(((((((((((((((((((((((((((((((   Files Created from 2007-04-05 to 2007-05-25  ))))))))))))))))))))))))))))))))))
 
 
2007-05-25 20:44 <REP> d-------- C:\VundoFix Backups
2007-05-25 18:39 <REP> d-------- C:\WINDOWS\pss
2007-05-25 08:26 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-05-24 15:23 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-05-24 15:23 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-05-24 15:23 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-05-24 15:23 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-05-24 15:23 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-05-24 15:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-24 15:22 <REP> d-------- C:\Program Files\Spyware Doctor
2007-05-24 15:22 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\PC Tools
2007-05-24 15:17 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-05-23 21:15 34,620 --a------ C:\WINDOWS\system32\ddcyx.exe
2007-05-23 21:10 8,436 --a------ C:\WINDOWS\system32\mlljghh.dll
2007-05-23 20:56 <REP> d-------- C:\Program Files\XLN Audio
2007-05-23 20:40 <REP> d-------- C:\addict
2007-05-22 22:03 <REP> d-------- C:\Program Files\Images Webscan
2007-05-22 21:25 <REP> d-------- C:\Program Files\GeoHTML
2007-05-22 19:47 <REP> d-------- C:\Program Files\Visicom Media
2007-05-22 19:47 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\vmntoolbar
2007-05-22 19:40 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Jasc
2007-05-22 19:39 <REP> d-------- C:\Program Files\Easy GIF Animator
2007-05-22 19:30 <REP> d-------- C:\Program Files\SWiSHmax
2007-05-22 13:45 <REP> d-------- C:\Program Files\Toontrack
2007-05-21 21:25 299,520 --a------ C:\WINDOWS\uninst.exe
2007-05-21 21:25 <REP> d-------- C:\Program Files\Alien Connections
2007-05-21 21:25 <REP> d-------- C:\DOCUME~1\OGRIMM~1\WINDOWS
2007-05-21 21:20 964,608 --a------ C:\WINDOWS\system32\mfc70u.dll
2007-05-21 21:20 487,424 --a------ C:\WINDOWS\system32\mscvp70.dll
2007-05-21 21:20 <REP> d-------- C:\Program Files\Synful
2007-05-21 21:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Synful
2007-05-21 14:31 <REP> d-------- C:\Program Files\iZotope
2007-05-21 14:31 <REP> d-------- C:\Program Files\Fichiers communs\iZotope
2007-05-16 23:18 <REP> d-------- C:\Program Files\eDrum MIDI Mapper
2007-05-16 23:18 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Chaotic Box
2007-05-12 18:31 <REP> d-------- C:\Program Files\Elaborate Bytes
2007-05-08 12:57 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Google
2007-05-08 12:56 <REP> d-------- C:\Program Files\Google
2007-05-05 21:29 <REP> d-------- C:\Program Files\Native Instruments
2007-05-05 21:29 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
2007-05-05 00:48 <REP> d-------- C:\DOCUME~1\OGRIMM~1\APPLIC~1\Real
2007-04-25 23:01 <REP> d-------- C:\Program Files\ApprenezLesPremiersSecours
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2007-05-25 19:25:06 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2007-05-25 19:25:06 24 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
2007-05-25 18:55:53 65,498 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-25 18:55:53 449,540 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-25 17:11:52 -------- d-----w C:\Program Files\AIDA32 - Personal System Information
2007-05-22 19:40:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-22 17:40:48 -------- d-----w C:\Program Files\Jasc Software Inc
2007-05-22 09:02:55 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Canon
2007-05-15 22:05:03 -------- d-----w C:\Program Files\Steinberg
2007-05-08 10:56:25 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-23 18:31:04 -------- d-----w C:\Program Files\Mystery Solitaire Secret Island
2007-04-22 19:29:24 -------- d-----w C:\Program Files\AUDIOTRAK
2007-04-22 19:26:43 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Steinberg
2007-04-22 19:23:01 -------- d-----w C:\Program Files\Syncrosoft
2007-04-21 20:45:28 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\InterVideo
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 09:38:44 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Ableton
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-04 09:44:12 -------- d-----w C:\Program Files\CDBurnerXP Pro 3
2007-04-03 07:22:23 -------- d-----w C:\Program Files\activePDF
2007-04-02 17:02:17 -------- d-----w C:\Program Files\VGA USB Camera
2007-04-02 17:02:14 -------- d-----w C:\Program Files\directx
2007-03-30 21:19:06 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\AdobeUM
2007-03-30 19:44:25 -------- d-----w C:\Program Files\PDF Editeur 2
2007-03-30 19:43:29 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
2007-03-30 19:24:56 -------- d-----w C:\Program Files\Easy PDF to HTML Converter
2007-03-30 19:22:30 -------- d-----w C:\Program Files\Easy PDF to Word Converter
2007-03-30 15:44:22 -------- d-----w C:\Program Files\Rainbow Mystery
2007-03-30 15:42:45 -------- d-----w C:\Program Files\ReflexiveArcade
2007-03-26 14:43:23 -------- d-----w C:\Program Files\Creative
2007-03-26 11:09:27 -------- d-----w C:\Program Files\Shareaza
2007-03-25 15:28:26 -------- d-----w C:\Program Files\MSN Messenger
2007-03-25 13:18:47 -------- d-----w C:\Program Files\Canon
2007-03-25 12:31:24 -------- d-----w C:\Program Files\Microsoft Works
2007-03-25 12:31:15 -------- d-----w C:\Program Files\MSBuild
2007-03-25 12:30:30 -------- d-----w C:\Program Files\Microsoft.NET
2007-03-25 12:21:15 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\GlobalSCAPE
2007-03-25 12:20:52 -------- d-----w C:\Program Files\CuteFTP Pro
2007-03-25 12:15:42 -------- d-----w C:\Program Files\Messenger
2007-03-25 12:14:37 -------- d-----w C:\Program Files\GIMP
2007-03-25 12:12:57 75,791 ----a-w C:\WINDOWS\unins000.exe
2007-03-25 12:12:57 17,021 ----a-w C:\WINDOWS\unins000.dat
2007-03-25 12:12:56 -------- d-----w C:\Program Files\Fichiers communs\GTK
2007-03-25 12:12:04 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-03-25 12:11:42 -------- d-----w C:\Program Files\Media Player Classic
2007-03-25 12:11:29 -------- d-----w C:\Program Files\QuickTime Alternative
2007-03-25 12:09:17 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Jasc Software Inc
2007-03-25 12:06:27 -------- d-----w C:\Program Files\Winamp
2007-03-25 12:05:20 -------- d-----w C:\Program Files\Cool2000
2007-03-25 12:04:35 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Syntrillium
2007-03-25 12:01:14 -------- d-----w C:\Program Files\Fichiers communs\Macromedia Shared
2007-03-25 11:58:59 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Publish Providers
2007-03-25 11:58:59 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\NetMedia Providers
2007-03-25 11:58:56 -------- d-----w C:\DOCUME~1\OGRIMM~1\APPLIC~1\Sonic Foundry
2007-03-25 11:58:10 -------- d-----w C:\Program Files\Sonic Foundry
2007-03-25 11:57:37 -------- d-----w C:\Program Files\Sonic Foundry Setup
2007-03-24 19:50:46 -------- d-----w C:\Program Files\Yahoo!
2007-03-24 19:32:34 -------- d-----w C:\Program Files\SAGEM
2007-03-24 19:31:23 -------- d-----w C:\Program Files\Alwil Software
2007-03-24 19:26:42 47,730 ----a-w C:\WINDOWS\system32\compare.dat
2007-03-24 19:26:01 -------- d-----w C:\Program Files\Raccourcis de programmes
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-12 14:58:02 368,640 ----a-w C:\WINDOWS\system32\ReWire.dll
2007-02-05 20:19:06 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown  
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58]
"nwiz"="nwiz.exe" [2006-07-20 20:58 C:\WINDOWS\system32\nwiz.exe]
"Muscbrigade"="c:\Musicbrigade\Musicbrigade.exe" [2005-12-22 10:26]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-24 17:29]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 18:10]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
 
 
********************************************************************
 
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 21:25:50
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
scanning hidden files ...
 
scan completed successfully
hidden files: 0
 
 
********************************************************************
 
Completion time: 2007-05-25 21:27:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 21:27
 
 --- E O F ---

Re,
 
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.  
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
 
Redémarre en mode sans échec
 
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
 
Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"
 
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
 
Redémarre normalement.
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.

voici le rapport AVGAS:
 
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
 
 + Créé à: 16:31:47 26/05/2007
 
 + Résultat de l'analyse:  
 
 
 
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@e-2dj6wgkiqoazihp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@e-2dj6wjl4gpcpecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@search.live[2].txt -> TrackingCookie.Live : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@image.masterstats[1].txt -> TrackingCookie.Masterstats : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@www.paypal[2].txt -> TrackingCookie.Paypal : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@revsci[2].txt -> TrackingCookie.Revsci : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@specificclick[2].txt -> TrackingCookie.Specificclick : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@webstat[1].txt -> TrackingCookie.Web-stat : Aucune action entreprise.
C:\Documents and Settings\Ogrim mortuus\Cookies\ogrim mortuus@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
 
 
Fin du rapport
 
----------------------------------
rapport hijack:
 
Logfile of HijackThis v1.99.1
Scan saved at 16:35:46, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ogrim mortuus\Bureau\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cu [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454184 6
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.gamenext.fr/online/onli [...] uncher.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
 
Merci!

Re,
 
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
 
C:\WINDOWS\system32\ddcyx.exe
C:\WINDOWS\system32\mlljghh.dll
 
---> Clique-droit puis Copier (ou Ctrl+C)
 
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
 
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.  
Accepte en cliquant sur YES.
 
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

C:\WINDOWS\system32\ddcyx.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlljghh.dll
C:\WINDOWS\system32\mlljghh.dll NOT unregistered.
C:\WINDOWS\system32\mlljghh.dll moved successfully.
 
Created on 05/26/2007 18:29:45