Ordinateur infecté: c'est nuuuuuuuuuuul...

Bonjour,

C'est une infection Vundo.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Re, voila le rapport Vundofix:


VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 11:16:04 09/08/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 13:00:12 06/09/2007

Listing files found while scanning....

C:\WINDOWS\system32\tmpE.tmp.dll
C:\WINDOWS\uutvvw.ini
C:\WINDOWS\wvvtuu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tmpE.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\uutvvw.ini
C:\WINDOWS\uutvvw.ini Has been deleted!

Attempting to delete C:\WINDOWS\wvvtuu.dll
C:\WINDOWS\wvvtuu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tmpE.tmp.dll
C:\WINDOWS\system32\tmpE.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!


Et le rapport HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 16:23:08, on 16/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Documents and Settings\Mabé\Application Data\tmp3.tmp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\newsscanne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {4B4183B7-13C7-4AC8-B606-A18E74DE41EC} - C:\WINDOWS\system32\mllmk.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\tmp3.tmp.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsj1A.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CA664279-B034-4AFF-BE93-31B2BF14EAF1} - C:\WINDOWS\system32\mllmk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\rqolll.dll",b
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manoudev.spaces.msn.com//PhotoUpload/MsnPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqonli - C:\WINDOWS\SYSTEM32\urqonli.dll
O20 - Winlogon Notify: usrlib - usrlib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Unknown owner - C:\Program Files\acer\Acer eConsole\MediaServerService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Mabé\Application Data\tmp3.tmp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Re,

La première fois que j'ai lancé Vundofix il ne mas pas demandé d'appuyer sur la touche un ou deux... assez bizarre...

Il n'Y A PAS DE RAPPORT à C:/ j'ai regardé dans le dossier comboFix et il y a ça:

ComboFix 07-11-08.1 - Mabé 2007-11-17 12:54:16.3 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.125 [GMT 1:00]
Running from: C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\ComboFix.exe
* Created a new restore point
.

Tu peux recommencer ?

PAs de problème;

Cette fois encore il ne m'as rien proposé, mais il m'a tout de même donné un rapport:

ComboFix 07-11-08.1 - Arnaud 2007-11-17 18:33:10.4 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.65 [GMT 1:00]
Running from: C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Arnaud.\aria.txt
C:\Documents and Settings\Mab‚\Application Data\tmpBB.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmpF.tmp.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jkhhi.dll
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.bak2
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\vturq.dll
.
---- Previous Run -------
.
C:\Documents and Settings\Arnaud\Application Data\tmp24D.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp297.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp3.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp4.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp42B.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp46.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp462.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp48.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp4B.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp4CF.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp4EC.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp5.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp5D.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp5D4.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp6.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp670.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp732.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp79.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp88C.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp89.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp8B1.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmp98E.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpAFA.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpBDC.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpC05.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpC28.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpC98.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpD.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpD2.tmp.exe
C:\Documents and Settings\Arnaud\Application Data\tmpE.tmp.exe
C:\Documents and Settings\Bertrand\Application Data\tmp1B.tmp.exe
C:\Documents and Settings\Bertrand\Application Data\tmp3.tmp.exe
C:\Documents and Settings\Bertrand\Application Data\tmp4.tmp.exe
C:\Documents and Settings\Bertrand\Application Data\tmpBF2.tmp.exe
C:\Documents and Settings\Bertrand\Application Data\tmpBF7.tmp.exe
C:\Documents and Settings\Bertrand\Application Data\tmpBF8.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp1.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp16.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp1B.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp1D7.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp2.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp22.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp3.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp38.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp4.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp4D.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp5.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp6.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp6E.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp6F.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp7.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp8.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp84.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp87.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmp9.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmpA3.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmpBB.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmpF.tmp.exe
C:\Documents and Settings\Mab‚\Application Data\tmpF9.tmp.exe
C:\Documents and Settings\Mabé.\aria.txt
C:\Documents and Settings\Mabé\Application Data\tmp1.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp16.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp1B.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp1D7.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp2.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp22.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp3.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp38.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp4.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp4D.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp5.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp6.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp6E.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp6F.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp7.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp8.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp84.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp87.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmp9.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmpA3.tmp.exe
C:\Documents and Settings\Mabé\Application Data\tmpF9.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp10.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp13.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp16.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp162.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp2.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp3.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp4.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp5.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmp7.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmpB10.tmp.exe
C:\Documents and Settings\Manou\Application Data\tmpE.tmp.exe
C:\Documents and Settings\Manou\Bureau\internet.lnk
C:\Documents and Settings\Manou\Local Settings\Application Data\zbxoyt.dat
C:\Documents and Settings\Manou\Local Settings\Application Data\zbxoyt.exe
C:\Documents and Settings\Manou\Local Settings\Application Data\zbxoyt_nav.dat
C:\Documents and Settings\Manou\Local Settings\Application Data\zbxoyt_navps.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.bak2
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\kmllm.tmp
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\oqtss.bak1
C:\WINDOWS\system32\oqtss.ini
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\sstqo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService




((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-17 to 2007-11-17 ))))))))))))))))))))))))))))))))))))
.

2007-11-17 09:40 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\AdobeUM
2007-11-16 17:04 74,752 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-11-16 16:08 <REP> d--hs---- C:\FOUND.092
2007-11-10 14:30 2,366,380 ---hs---- C:\WINDOWS\llloqr.ini2
2007-11-07 09:59 <REP> d-------- C:\Team17
2007-11-04 18:40 <REP> d--hs---- C:\FOUND.091
2007-11-03 14:39 <REP> d--hs---- C:\FOUND.090
2007-11-01 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-11-01 19:02 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-01 19:02 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-01 19:02 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-31 21:23 339,456 --a------ C:\WINDOWS\system32\urqonli.dll
2007-10-29 20:03 <REP> d--hs---- C:\FOUND.089
2007-10-28 21:10 <REP> d--hs---- C:\FOUND.088
2007-10-27 12:15 <REP> d-------- C:\Program Files\Overland
2007-10-25 18:05 <REP> d-------- C:\Documents and Settings\Arnaud\Spiderman
2007-10-25 17:26 41 ---h----- C:\WINDOWS\dsez7839.dat
2007-10-25 15:47 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-25 15:47 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-10-25 15:47 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-10-25 15:47 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-10-25 15:43 <REP> d-------- C:\Program Files\Fichiers communs\HP
2007-10-25 15:42 43,672 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-25 15:30 <REP> d-------- C:\Program Files\HP
2007-10-25 15:30 38,879 --------- C:\WINDOWS\hpomdl03.dat
2007-10-25 15:30 29,200 --a------ C:\WINDOWS\hpoins03.dat
2007-10-23 18:45 <REP> d--hs---- C:\FOUND.086
2007-10-22 21:35 85,060 --a------ C:\WINDOWS\rqolll.dll
2007-10-22 19:54 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Grisoft
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\WINDOWS
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\Voisinage r‚seau
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\Voisinage d'impression
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\ModŠles
2007-10-22 19:53 <REP> d---s---- C:\Documents and Settings\Bertrand\Mes documents
2007-10-22 19:53 <REP> dr------- C:\Documents and Settings\Bertrand\Menu D‚marrer
2007-10-22 19:53 <REP> d---s---- C:\Documents and Settings\Bertrand\Favoris
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\Bureau
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Symantec
2007-10-21 13:36 <REP> d--hs---- C:\FOUND.085
2007-10-19 19:07 157,478 --a------ C:\WINDOWS\system32\dn320d180e.dat
2007-10-19 18:09 <REP> d--hs---- C:\FOUND.084

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 17:03 79,875 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2007-11-16 17:03 40,733 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-11-01 15:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-01 15:06 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-14 18:00 --------- d-----w C:\Program Files\WinUpdater
2007-10-13 11:29 --------- d-----w C:\Program Files\Notepad++
2007-10-13 11:29 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Notepad++
2007-10-13 11:19 --------- d-----w C:\Program Files\Gpotato.eu
2007-10-10 17:44 --------- d-----w C:\Program Files\PlayMP3z
2007-10-04 19:51 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\fltk.org
2007-10-04 13:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-03 18:11 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-10-03 18:11 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Adssite Advanced Toolbar
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-22 14:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 14:13 663,040 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 14:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 14:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 14:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 14:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 14:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 14:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 14:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 14:13 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 14:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 14:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 14:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 14:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 14:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 14:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 14:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 14:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 07:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
1999-12-13 13:38 135,168 ----a-w C:\WINDOWS\inf\Agfa\message.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-10-31 21:24 339456 --a------ C:\WINDOWS\system32\urqonli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
C:\WINDOWS\system32\nslDC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4}]
2007-11-16 17:04 74752 --a------ C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-06-08 08:31 C:\WINDOWS\SOUNDMAN.EXE]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 12:49 C:\WINDOWS\AGRSMMSG.exe]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"VTTimer"="VTTimer.exe" [2005-05-13 12:57 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-05-13 12:57 C:\WINDOWS\system32\VTTrayp.exe]
"EoEngine"="" []
"EoWeather"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-28 19:18]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 22:32]
"nwiz"="nwiz.exe" [2005-02-24 22:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 22:32]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45]
"winsesame_del"="C:\Program Files\WinSesame\effaceur.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"DXDllRegExe"="dxdllreg.exe" []
"320d18a1"="C:\WINDOWS\rqolll.dll" [2007-10-22 21:35]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-11-16 17:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livecom"="C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\urqonli.dll [2007-10-31 21:24 339456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonli]
urqonli.dll 2007-10-31 21:24 339456 C:\WINDOWS\system32\urqonli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usrlib]
usrlib.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vturq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arnaud^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Arnaud\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"C:\Program Files\Shareaza\Shareaza.exe" -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]
"C:\Program Files\Warez P2P Client\warez.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys
S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys
S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Arnaud\LOCALS~1\Temp\s3chipid.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 XDva019;XDva019;\??\C:\WINDOWS\system32\XDva019.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 18:41:53
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 18:44:07 - machine was rebooted
.
--- E O F ---


(et un gros en plus)

Reposte un rapport Hijackthis  

No problemo;

Logfile of HijackThis v1.99.1
Scan saved at 16:04:45, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\newsscanne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqonli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nslDC.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D2DEFEB6-5300-40DB-9B91-43190554EE1C} - C:\WINDOWS\system32\vtutu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\rqolll.dll",b
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manoudev.spaces.msn.com//PhotoUpload/MsnPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqonli - C:\WINDOWS\SYSTEM32\urqonli.dll
O20 - Winlogon Notify: usrlib - usrlib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Unknown owner - C:\Program Files\acer\Acer eConsole\MediaServerService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Repasse un coup de Combofix.

Euh, quand je le lance il me dit:

La date actuelle est le 19/11/2007. Cette copie de ComboFix a expir,.
Supprimez cette copie avant de t,l,charger une copie ... jour

C'est compliqué ça ?  

je dois supprimer ComboFIx et le retélécharger?

Vi  

JE l'ai fait quatre fois et il me dit la même chose...

Ton horloge est bien réglée ?

oui, il est bien 10:47.

C'est lié au programme.
Refais un scan Vundofix.

APres avoir lancé vundofix, j'ai pu lancer COmbofix et voila le scan:

ComboFix 07-11-19.3 - Arnaud 2007-11-21 19:50:53.5 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.110 [GMT 1:00]
Running from: C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-21 to 2007-11-21 ))))))))))))))))))))))))))))))))))))
.

2007-11-20 12:52 74,752 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\TransRender
2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Temporary
2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Samsung
2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\ConvertTemp
2007-11-18 19:53 <REP> d--hs---- C:\FOUND.093
2007-11-18 16:01 6,595 ---hs---- C:\WINDOWS\system32\ututv.bak2
2007-11-17 18:46 6,486 ---hs---- C:\WINDOWS\system32\ututv.bak1
2007-11-17 18:45 6,800 ---hs---- C:\WINDOWS\system32\ututv.ini
2007-11-17 09:40 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\AdobeUM
2007-11-16 16:08 <REP> d--hs---- C:\FOUND.092
2007-11-10 14:30 2,366,380 ---hs---- C:\WINDOWS\llloqr.ini2
2007-11-07 09:59 <REP> d-------- C:\Team17
2007-11-04 18:40 <REP> d--hs---- C:\FOUND.091
2007-11-03 14:39 <REP> d--hs---- C:\FOUND.090
2007-11-01 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-11-01 19:02 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-01 19:02 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-31 21:15 133 --ah----- C:\WINDOWS\system32\usrlib.dns
2007-10-29 20:03 <REP> d--hs---- C:\FOUND.089
2007-10-28 21:10 <REP> d--hs---- C:\FOUND.088
2007-10-27 12:15 <REP> d-------- C:\Program Files\Overland
2007-10-25 18:05 <REP> d-------- C:\Documents and Settings\Arnaud\Spiderman
2007-10-25 17:26 41 ---h----- C:\WINDOWS\dsez7839.dat
2007-10-25 15:47 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-25 15:43 <REP> d-------- C:\Program Files\Fichiers communs\HP
2007-10-25 15:42 43,672 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-25 15:30 <REP> d-------- C:\Program Files\HP
2007-10-25 15:30 38,879 --------- C:\WINDOWS\hpomdl03.dat
2007-10-25 15:30 29,200 --a------ C:\WINDOWS\hpoins03.dat
2007-10-23 18:45 <REP> d--hs---- C:\FOUND.086
2007-10-22 19:54 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Grisoft
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\WINDOWS
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\Voisinage réseau
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\Voisinage d'impression
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\Modèles
2007-10-22 19:53 <REP> d---s---- C:\Documents and Settings\Bertrand\Mes documents
2007-10-22 19:53 <REP> dr------- C:\Documents and Settings\Bertrand\Menu Démarrer
2007-10-22 19:53 <REP> d---s---- C:\Documents and Settings\Bertrand\Favoris
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\Bureau
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Symantec
2007-10-21 13:36 <REP> d--hs---- C:\FOUND.085

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 13:50 40,733 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-11-16 17:03 79,875 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2007-11-01 15:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-01 15:06 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-31 20:24 339,456 ----a-w C:\WINDOWS\system32\urqonli.dll
2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-22 20:35 85,060 ----a-w C:\WINDOWS\rqolll.dll
2007-10-14 18:00 --------- d-----w C:\Program Files\WinUpdater
2007-10-13 11:29 --------- d-----w C:\Program Files\Notepad++
2007-10-13 11:29 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Notepad++
2007-10-13 11:19 --------- d-----w C:\Program Files\Gpotato.eu
2007-10-10 17:44 --------- d-----w C:\Program Files\PlayMP3z
2007-10-04 19:51 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\fltk.org
2007-10-04 13:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-03 18:11 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-10-03 18:11 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Adssite Advanced Toolbar
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-22 14:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 14:13 663,040 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 14:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 14:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 14:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 14:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 14:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 14:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 14:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 14:13 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 14:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 14:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 14:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 14:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 14:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 14:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 14:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 14:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 07:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
1999-12-13 13:38 135,168 ----a-w C:\WINDOWS\inf\Agfa\message.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-10-31 21:24 339456 --a------ C:\WINDOWS\system32\urqonli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
C:\WINDOWS\system32\nslDC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4}]
2007-11-20 12:52 74752 --a------ C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC4E64F9-0BEB-4235-93CA-AAF64C64803E}]
C:\WINDOWS\system32\vtutu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livecom"="C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-06-08 08:31 C:\WINDOWS\SOUNDMAN.EXE]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 12:49 C:\WINDOWS\AGRSMMSG.exe]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"VTTimer"="VTTimer.exe" [2005-05-13 12:57 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-05-13 12:57 C:\WINDOWS\system32\VTTrayp.exe]
"EoEngine"="" []
"EoWeather"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-28 19:18]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-02-24 22:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 05:00 C:\WINDOWS\system32\rundll32.exe]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45]
"winsesame_del"="C:\Program Files\WinSesame\effaceur.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"DXDllRegExe"="dxdllreg.exe" []
"320d18a1"="C:\WINDOWS\rqolll.dll" [2007-10-22 21:35]
"hid_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-05 05:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\urqonli.dll [2007-10-31 21:24 339456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonli]
urqonli.dll 2007-10-31 21:24 339456 C:\WINDOWS\system32\urqonli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usrlib]
usrlib.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arnaud^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Arnaud\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warez]
C:\Program Files\Warez P2P Client\warez.exe -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 06:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

R2 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-21 19:57:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-21 19:59:12
C:\ComboFix2.txt ... 2007-11-17 18:44
.
--- E O F ---

Re,

Faudrait se calmer sur le P2p...
On continue :

[#ff0000]Désactive ton antivirus ![/#f]

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Re,

Désolé, je croyais avoir envoyé le scan, j'ai dû faire une mauvaise manipulation.
Voilà le rapport:

ComboFix 07-11-19.3 - Arnaud 2007-11-22 13:38:39.6 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.172 [GMT 1:00]
Running from: C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arnaud\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\llloqr.ini2
C:\WINDOWS\rqolll.dll
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\urqonli.dll
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\vtutu.dll
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.086
C:\FOUND.086\FILE0000.CHK
C:\FOUND.086\FILE0001.CHK
C:\FOUND.086\FILE0002.CHK
C:\FOUND.086\FILE0003.CHK
C:\FOUND.088
C:\FOUND.088\FILE0000.CHK
C:\FOUND.089
C:\FOUND.089\FILE0000.CHK
C:\FOUND.089\FILE0001.CHK
C:\FOUND.089\FILE0002.CHK
C:\FOUND.089\FILE0003.CHK
C:\FOUND.089\FILE0004.CHK
C:\FOUND.089\FILE0005.CHK
C:\FOUND.089\FILE0006.CHK
C:\FOUND.089\FILE0007.CHK
C:\FOUND.090
C:\FOUND.090\FILE0000.CHK
C:\FOUND.090\FILE0001.CHK
C:\FOUND.090\FILE0002.CHK
C:\FOUND.091
C:\FOUND.091\FILE0000.CHK
C:\FOUND.091\FILE0001.CHK
C:\FOUND.091\FILE0002.CHK
C:\FOUND.091\FILE0003.CHK
C:\FOUND.091\FILE0004.CHK
C:\FOUND.091\FILE0005.CHK
C:\FOUND.091\FILE0006.CHK
C:\FOUND.092
C:\FOUND.092\FILE0000.CHK
C:\FOUND.093
C:\FOUND.093\FILE0000.CHK
C:\FOUND.093\FILE0001.CHK
C:\FOUND.093\FILE0002.CHK
C:\WINDOWS\llloqr.ini2
C:\WINDOWS\rqolll.dll
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\urqonli.dll
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-22 to 2007-11-22 ))))))))))))))))))))))))))))))))))))
.

2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\TransRender
2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Temporary
2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Samsung
2007-11-18 21:03 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\ConvertTemp
2007-11-17 09:40 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\AdobeUM
2007-11-07 09:59 <REP> d-------- C:\Team17
2007-11-01 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2007-11-01 19:02 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-01 19:02 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-31 21:15 133 --ah----- C:\WINDOWS\system32\usrlib.dns
2007-10-27 12:15 <REP> d-------- C:\Program Files\Overland
2007-10-25 18:05 <REP> d-------- C:\Documents and Settings\Arnaud\Spiderman
2007-10-25 17:26 41 ---h----- C:\WINDOWS\dsez7839.dat
2007-10-25 15:47 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-25 15:43 <REP> d-------- C:\Program Files\Fichiers communs\HP
2007-10-25 15:42 43,672 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-10-25 15:30 <REP> d-------- C:\Program Files\HP
2007-10-25 15:30 38,879 --------- C:\WINDOWS\hpomdl03.dat
2007-10-25 15:30 29,200 --a------ C:\WINDOWS\hpoins03.dat
2007-10-22 19:54 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Grisoft
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\WINDOWS
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\Voisinage r‚seau
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\Voisinage d'impression
2007-10-22 19:53 <REP> d--h----- C:\Documents and Settings\Bertrand\ModŠles
2007-10-22 19:53 <REP> d---s---- C:\Documents and Settings\Bertrand\Mes documents
2007-10-22 19:53 <REP> dr------- C:\Documents and Settings\Bertrand\Menu D‚marrer
2007-10-22 19:53 <REP> d---s---- C:\Documents and Settings\Bertrand\Favoris
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\Bureau
2007-10-22 19:53 <REP> d-------- C:\Documents and Settings\Bertrand\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 13:50 40,733 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-11-16 17:03 79,875 ----a-w C:\WINDOWS\system32\adssite-remove.exe
2007-11-01 15:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-01 15:06 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-14 18:00 --------- d-----w C:\Program Files\WinUpdater
2007-10-13 11:29 --------- d-----w C:\Program Files\Notepad++
2007-10-13 11:29 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Notepad++
2007-10-13 11:19 --------- d-----w C:\Program Files\Gpotato.eu
2007-10-10 17:44 --------- d-----w C:\Program Files\PlayMP3z
2007-10-04 19:51 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\fltk.org
2007-10-04 13:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-03 18:11 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-10-03 18:11 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Adssite Advanced Toolbar
2007-09-06 11:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-08-22 14:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 14:13 663,040 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 14:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 14:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 14:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 14:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 14:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 14:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 14:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 14:13 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 14:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 14:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 14:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 14:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 14:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 14:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 14:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 14:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
1999-12-13 13:38 135,168 ----a-w C:\WINDOWS\inf\Agfa\message.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-21_19.57.45.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-11-22 12:45:00 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
C:\WINDOWS\system32\nslDC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Livecom"="C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SoundMan"="SOUNDMAN.EXE" [2005-06-08 08:31 C:\WINDOWS\SOUNDMAN.EXE]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-20 09:03]
"AGRSMMSG"="AGRSMMSG.exe" [2004-04-13 12:49 C:\WINDOWS\AGRSMMSG.exe]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-06-04 12:40]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"VTTimer"="VTTimer.exe" [2005-05-13 12:57 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-05-13 12:57 C:\WINDOWS\system32\VTTrayp.exe]
"EoEngine"="" []
"EoWeather"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-28 19:18]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-01-19 11:05]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-02-24 22:32 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-05 05:00 C:\WINDOWS\system32\rundll32.exe]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 10:40]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 10:45]
"winsesame_del"="C:\Program Files\WinSesame\effaceur.exe" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 16:59]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 16:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"DXDllRegExe"="dxdllreg.exe" []
"320d18a1"="C:\WINDOWS\rqolll.dll" []
"hid_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-05 05:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usrlib]
usrlib.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arnaud^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Arnaud\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe -tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 06:28 36352 --a------ C:\Program Files\Winamp\winampa.exe

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 int15.sys;int15.sys;\??\C:\Program Files\acer\eRecovery\int15.sys
R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 C-Dilla;C-Dilla;\??\C:\WINDOWS\system32\drivers\CDANT.SYS
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys
S3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys
S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Arnaud\LOCALS~1\Temp\s3chipid.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 XDva019;XDva019;\??\C:\WINDOWS\system32\XDva019.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 13:45:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-22 13:47:17 - machine was rebooted
C:\ComboFix3.txt ... 2007-11-17 18:44
C:\ComboFix2.txt ... 2007-11-21 19:59
.
--- E O F ---

Reposte un rapport Hijackthis.

Voila chef:

Logfile of HijackThis v1.99.1
Scan saved at 19:02:19, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\newsscanne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nslDC.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manoudev.spaces.msn.com//PhotoUpload/MsnPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: usrlib - usrlib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Unknown owner - C:\Program Files\acer\Acer eConsole\MediaServerService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Franchement ça m'embetais de changer d'antivirus mais celui la est plus rapide et lui, au moins, il trouve des virus...

Voila El Report:



AntiVir PersonalEdition Classic
Report file date: 2007-11-26 17:56

Scanning for 942367 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MANAUBÉ

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 2007-09-13 14:26:56
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 2007-11-23 16:54:36
ANTIVIR3.VDF : 7.0.1.8 27136 Bytes 2007-11-26 16:54:36
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 2007-11-26 16:54:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007-11-26 17:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqscnvw.exe' - '1' Module(s) have been scanned
Scan process 'hpqdstcp.exe' - '1' Module(s) have been scanned
Scan process 'hpqkygrp.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
Scan process 'Hpqdirec.exe' - '1' Module(s) have been scanned
Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'HPCMPMGR.EXE' - '1' Module(s) have been scanned
Scan process 'hpwuSchd.exe' - '1' Module(s) have been scanned
Scan process 'AVGAS.EXE' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'QTTASK.EXE' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'AspireService.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.EXE' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SNDSrvc.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'CDANTSRV.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'GUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP3\A0001083.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '477b0e71.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP5\A0001283.DLL
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '477b0e81.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP5\A0001289.DLL
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '477b0e85.qua'!
C:\qoobox\Quarantine\C\WINDOWS\rqolll.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47ba0f16.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\urqonli.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47bc0f82.qua'!
Begin scan in 'D:\' <ACERDATA>


End of the scan: 2007-11-26 19:25
Used time: 1:28:57 min

The scan has been done completely.

9813 Scanning directories
431309 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
431304 Files not concerned
9561 Archives were scanned
3 Warnings
6 Notes

Reposte un rapport Hijackthis.

Le voila:

Logfile of HijackThis v1.99.1
Scan saved at 11:33:30, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\newsscanne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nslDC.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manoudev.spaces.msn.com//PhotoUpload/MsnPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: usrlib - usrlib.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Unknown owner - C:\Program Files\acer\Acer eConsole\MediaServerService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

Re,

C'est fait.
Je ne sais pas si il fallait le faire, mais j'ai fait un rapport:

Logfile of HijackThis v1.99.1
Scan saved at 11:45:20, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Arnaud\Bureau\Arnaud\Autre\Programmes de maintenance de l'ordinateur\newsscanne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [winsesame_del] C:\Program Files\WinSesame\effaceur.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\LIVECOM\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://manoudev.spaces.msn.com//PhotoUpload/MsnPUpld.ca...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Unknown owner - C:\Program Files\acer\Acer eConsole\MediaServerService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Alors ?

Heu... Alors quoi?
C'est terminé?

Ben si c'est le cas un Grand Merci (je vais pouvoir rejoindre le P2P lol) et je pense qu'on risque de se revoir bientôt  

Merci pour l'ordi!

Alors ? toujours pareil ?
C'était ça ma question  

Oui, il lag beaucoup moins  

Mais je risque d'avoir besoin de vous car mon autre ordinateur est infecté;) je compte sur vous!

No prob.