Trojan Win32:tratBHO

Bonjour ,

Télécharge ComboFix [:eric_71] < ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape [1] puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Copie / Colle le rapport généré ( C:\Combofix.txt )

Merci de bien m'aider, voila:

ComboFix 08-01-11.3 - Jeremie D 2008-01-13 13:27:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1324 [GMT 1:00]
Running from: C:\Documents and Settings\Jeremie D\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\anqbfprg.dll
C:\WINDOWS\system32\bedqouvx.dll
C:\WINDOWS\system32\grpfbqna.ini
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\wvutusp.dll

<pre>

C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe ---> PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe ---> HPWuSchd2.exe

</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
.

2008-01-13 13:00 . 2008-01-13 13:13 <REP> d-------- C:\Program Files\ANNO 1503 GOLD
2008-01-13 12:24 . 2008-01-13 12:24 <REP> d-------- C:\Program Files\GameSpy
2008-01-13 12:22 . 2008-01-13 12:22 <REP> d-------- C:\WINDOWS\system32\AGEIA
2008-01-13 12:22 . 2008-01-13 12:22 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-13 12:22 . 2008-01-13 12:22 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-01-13 12:21 . 2008-01-13 12:21 <REP> d-------- C:\Program Files\Netdevil
2008-01-13 10:07 . 2008-01-13 10:07 <REP> d-------- C:\Program Files\Trend Micro
2008-01-12 22:41 . 2008-01-12 22:41 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-01-12 22:00 . 2008-01-12 22:02 73 --a------ C:\WINDOWS\MediaManager.INI
2008-01-12 21:51 . 2008-01-12 21:51 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.10
2008-01-12 15:59 . 2008-01-12 15:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-12 15:59 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-12 15:59 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-12 15:59 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-12 15:59 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-12 15:59 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-12 15:59 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-12 15:59 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-12 15:59 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-12 15:58 . 2008-01-12 15:58 <REP> d-------- C:\Program Files\Alwil Software
2008-01-12 15:39 . 2008-01-12 15:39 <REP> d-------- C:\Program Files\Yahoo!
2008-01-12 15:39 . 2008-01-12 15:40 <REP> d-------- C:\Program Files\CCleaner
2008-01-12 12:40 . 2008-01-12 12:40 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-01-12 12:40 . 2008-01-12 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-12 12:08 . 2008-01-12 12:08 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-12 12:02 . 2008-01-12 22:42 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-01-12 12:02 . 2008-01-12 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-01-12 10:57 . 2008-01-12 10:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-12 10:42 . 2008-01-12 12:40 <REP> d-------- C:\Program Files\MSN Messenger
2008-01-12 10:05 . 2008-01-12 10:10 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-12 10:00 . 2008-01-12 10:00 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\Grisoft
2008-01-12 10:00 . 2008-01-12 10:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-12 10:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-12 09:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 09:10 . 2008-01-12 16:28 <REP> d-------- C:\VundoFix Backups
2008-01-12 09:02 . 2008-01-12 09:02 <REP> d-------- C:\Documents and Settings\NetworkService\Bureau
2008-01-12 09:01 . 2008-01-12 09:01 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-01-12 08:51 . 2008-01-12 08:51 <REP> d-------- C:\Program Files\Lavasoft
2008-01-12 08:51 . 2008-01-12 08:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-12 07:47 . 2008-01-12 07:47 <REP> d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-01-12 07:47 . 2008-01-12 15:11 <REP> d---s---- C:\Documents and Settings\LocalService\Historique
2008-01-12 07:43 . 2008-01-12 15:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-12 07:43 . 2008-01-12 07:43 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\PC Tools
2008-01-12 07:43 . 2008-01-13 13:34 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-12 07:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-12 07:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-12 07:43 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-12 07:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-12 07:19 . 2008-01-12 07:19 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-10 15:45 . 2008-01-13 09:55 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\LimeWire
2008-01-10 15:44 . 2008-01-10 15:50 <REP> d-------- C:\Program Files\LimeWire
2008-01-08 17:17 . 2008-01-12 09:45 <REP> d-------- C:\Program Files\RKFree
2008-01-08 17:17 . 2008-01-08 17:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\rkfree
2008-01-08 12:46 . 2008-01-08 12:50 <REP> d-------- C:\Recovered
2008-01-07 22:11 . 2008-01-07 22:11 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-01-07 19:53 . 2008-01-07 19:53 <REP> d-------- C:\Program Files\Smart Projects
2008-01-07 19:23 . 2008-01-07 19:23 <REP> d-------- C:\Program Files\Jufsoft
2008-01-07 19:14 . 2008-01-07 19:14 <REP> d-------- C:\Program Files\CDCheck
2008-01-07 17:39 . 2008-01-07 20:14 <REP> d-------- C:\Nouveau dossier
2008-01-07 16:24 . 2008-01-07 16:24 <REP> d-------- C:\WINDOWS\Sun
2008-01-06 21:51 . 2008-01-07 16:51 <REP> d-------- C:\PhotoFiltre
2008-01-06 16:14 . 2008-01-07 17:13 <REP> d-------- C:\Program Files\RebEd
2008-01-03 09:15 . 2008-01-03 09:15 <REP> d-------- C:\SWISNIFE
2008-01-03 09:15 . 2001-07-13 13:56 14,976 --a------ C:\WINDOWS\system32\drivers\SBKUPNT.SYS
2008-01-03 09:15 . 1997-02-08 17:11 13,312 --a------ C:\WINDOWS\system32\DEVLOAD.EXE
2008-01-03 09:15 . 2001-12-28 03:49 2,799 --a------ C:\WINDOWS\SKLANG.INI
2008-01-03 09:15 . 2008-01-03 09:15 543 --a------ C:\WINDOWS\SWISV3.INI
2008-01-03 09:15 . 2005-04-18 17:35 344 --a------ C:\WINDOWS\DYNASN.INF
2008-01-03 09:15 . 2008-01-03 09:15 287 --a------ C:\WINDOWS\SKNIFE.INI
2008-01-02 12:36 . 2008-01-02 12:36 <REP> d-------- C:\Program Files\Edhex
2008-01-02 10:19 . 2008-01-02 10:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-02 10:08 . 2008-01-02 10:08 <REP> d-------- C:\Program Files\Eidos
2007-12-31 20:02 . 2007-12-31 20:02 <REP> d-------- C:\DriveKey
2007-12-31 19:25 . 2008-01-07 16:43 <REP> d-------- C:\Program Files\Mediafour
2007-12-31 19:17 . 2007-12-31 19:17 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\Red Chair Software
2007-12-31 18:46 . 2007-12-31 18:46 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\Sonic
2007-12-31 18:46 . 2007-12-31 18:46 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\Leadertech
2007-12-31 18:13 . 2008-01-07 16:41 <REP> d-------- C:\Program Files\Red Chair Software
2007-12-29 12:09 . 2007-12-29 12:16 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\U3
2007-12-29 09:37 . 2008-01-12 11:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 09:37 . 2007-12-29 09:37 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 09:34 . 2008-01-12 15:13 <REP> d-------- C:\Program Files\iTunes
2007-12-29 09:11 . 2007-12-29 09:11 <REP> d---s---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2007-12-29 09:11 . 2007-12-29 09:11 <REP> d---s---- C:\Documents and Settings\NetworkService\Historique
2007-12-28 12:03 . 2007-12-28 12:03 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-28 12:03 . 2007-12-28 12:03 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-28 12:03 . 2007-12-28 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-28 12:03 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-28 10:41 . 2008-01-13 08:58 <REP> d-------- C:\Program Files\GetRight
2007-12-28 10:41 . 2008-01-04 12:15 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\GetRight
2007-12-28 10:11 . 2007-12-28 10:11 <REP> d-------- C:\Documents and Settings\Jeremie D\WINDOWS
2007-12-28 10:11 . 1996-11-06 12:04 302,592 --a------ C:\WINDOWS\unin040c.exe
2007-12-28 08:42 . 2007-12-28 08:42 <REP> d-------- C:\temp
2007-12-28 08:32 . 2007-12-28 08:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs
2007-12-27 16:03 . 2007-12-27 16:03 <REP> d-------- C:\Program Files\XviD
2007-12-27 16:03 . 2007-12-27 16:03 <REP> d-------- C:\Program Files\Webteh
2007-12-27 16:02 . 2007-12-27 16:03 <REP> d-------- C:\Program Files\DivX
2007-12-27 16:02 . 2007-12-27 16:02 56 -r-hs---- C:\WINDOWS\system32\31AD1E5083.sys
2007-12-27 12:04 . 2007-12-27 12:04 <REP> d-------- C:\Documents and Settings\Jeremie D\Application Data\Apple Computer
2007-12-27 12:02 . 2007-12-28 12:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 12:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 11:22 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-12 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-01-12 11:40 --------- d-----w C:\Program Files\Windows Live
2008-01-12 09:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-12 06:25 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-28 09:11 --------- d-----w C:\Program Files\LucasArts
2007-12-11 17:31 --------- d-----w C:\Program Files\Bethesda Softworks
2007-12-11 13:10 --------- d-----w C:\Program Files\SuperCopier
2007-12-09 13:28 46,568 ----a-w C:\Documents and Settings\Jeremie D\Application Data\GDIPFONTCACHEV1.DAT
2007-12-03 15:35 --------- d-----w C:\Program Files\Axon Data
2007-12-03 11:57 --------- d-----w C:\Documents and Settings\Jeremie D\Application Data\HP
2007-12-02 07:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-11-27 11:50 --------- d--h--r C:\Documents and Settings\Jeremie D\Application Data\SecuROM
2007-11-26 19:28 --------- d-----w C:\Documents and Settings\Jeremie D\Application Data\CyberLink
2007-11-21 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-11-21 17:35 --------- d-----w C:\Program Files\Auralog
2007-11-21 14:29 --------- d-----w C:\Documents and Settings\Jeremie D\Application Data\Petroglyph
2007-11-20 23:40 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-20 23:40 22,328 ----a-w C:\Documents and Settings\Jeremie D\Application Data\PnkBstrK.sys
2007-11-18 21:14 --------- d-----w C:\Program Files\sixteen tons entertainment
2007-11-18 20:46 --------- d-----w C:\Program Files\directx
2007-11-18 19:56 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-12_ 9.58.21.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-09-16 12:26:40 12,634 ----a-w C:\WINDOWS\ADFUUD.SYS
+ 2008-01-13 11:24:29 57,344 ----a-r C:\WINDOWS\Installer\{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}\ARPPRODUCTICON.exe
+ 2008-01-13 11:24:29 57,344 ----a-r C:\WINDOWS\Installer\{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}\Comrade.exe_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-01-13 11:24:29 57,344 ----a-r C:\WINDOWS\Installer\{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}\NewShortcut7_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-01-13 11:24:29 57,344 ----a-r C:\WINDOWS\Installer\{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}\NewShortcut8_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-01-13 11:24:29 8,854 ----a-r C:\WINDOWS\Installer\{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}\UNINST_Uninstall_Com_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2008-01-12 21:41:01 86,746 ----a-r C:\WINDOWS\Installer\{C514C594-23AA-4F13-A070-DB8BDB27594F}\wlmail.exe
+ 2008-01-12 11:02:10 29,926 ----a-r C:\WINDOWS\Installer\{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}\MsblIco.Exe
+ 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll
+ 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll
+ 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
+ 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll
+ 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
+ 2007-07-23 08:03:30 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
+ 2007-07-23 08:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
+ 2007-07-23 08:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
+ 2007-07-23 08:03:32 53,248 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
+ 2007-07-24 07:20:06 207,405 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\app.bin
+ 2007-05-16 07:42:42 122,249 ----a-w C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
+ 2007-07-25 07:30:38 214,141 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\app.bin
+ 2007-10-25 07:29:50 114,505 ----a-w C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
+ 2006-03-06 09:41:02 73,728 ----a-w C:\WINDOWS\system32\AMV_DecDLL.dll
+ 2004-09-16 12:26:40 12,634 ----a-w C:\WINDOWS\system32\drivers\ADFUUD.SYS
+ 2007-09-13 06:43:00 120,320 -c--a-w C:\WINDOWS\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys
- 2008-01-07 07:25:11 204,920 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-13 12:33:43 208,104 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-05-16 18:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2006-03-20 12:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2006-03-20 12:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2002-01-05 17:16:10 536,576 ----a-w C:\WINDOWS\system32\msvcr70d.dll
+ 2007-11-13 09:54:36 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
- 2007-08-16 15:17:18 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2007-01-19 11:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-01-13 12:34:06 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_100.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 21:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-11-19 17:49 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-01-13 08:56 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-13 08:56 32768]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 21:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqropo]
ssqropo.dll

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 21:39]
S3 efipsk;efipsk;C:\DOCUME~1\JEREMI~1\LOCALS~1\Temp\efipsk.sys []
S3 Planificateur PC-BaX;Planificateur PC-BaX;C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE [2005-10-21 14:54]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 11:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f360f9b3-b5e8-11dc-bc7b-0016369ddfa1}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-12 08:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-13 11:51:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Re ,

Reposte un HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2008-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\GameSpy\Comrade\Comrade.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\GetRight\GetRight.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9806c87c0f6e47c8ad5d4f5e6d40863d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9806c87c0f6e47c8ad5d4f5e6d40863d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3948954-0B4B-4DA8-989D-124A2F84D14A}: NameServer = 172.50.8.1
O20 - Winlogon Notify: ssqropo - ssqropo.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur PC-BaX - Unknown owner - C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11601 bytes

Re ,

Télécharge Clean [:eric_71:4] < ici

décompresse-le sur ton bureau ( extraire tous les fichiers) , tu obtient un dossier clean
Ouvre le dossier clean, double-clique sur clean.cmd ( le .cmd peut ne pas apparaitre )
choisis l'option 1 puis patiente

un rapport est généré , poste ce rapport ( C:\rapport_clean.txt )

Voila désolé je n'ai pas pu avant.

2008-01-15 a 16:55:58.31

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

Re ,

Relance HiJackThis clique cette fois sur [do a system scan only]
coche dans les cases à gauche les lignes suivantes ( et uniquement celles-ci ) :

et clique sur [Fix checked] ( en bas à gauche )
A la demande de confirmation , répond Oui

---------------------------------------------------------

Télécharge ToolsCleaner2 [:eric_71:15] < ici

Installe le sur ton Bureau
Clique sur [Recherche] pour lancer le scan
Clique sur [Supprimer] pour nettoyer les outils utilisés
Clique sur [Quitter] , ceci va créer un rapport
Poste le rapport ( C:\TCleaner.txt )

--------------------------------------------------------

Fais un scan en ligne Kaspersky [:eric_71:19] < ici avec Internet Explorer !

Clique sur Demarrer Online-Scanner ( en bas à droite )
Clique sur J'accepte , si necessaire valide l'installation des ActiveX
laisse installer les Mises à jour , choisis l'analyse du Poste de travail

à la fin de l'analyse , Sauvegarde le rapport puis colle le dans ta réponse

Si tu vois ce message : La licence de Kaspersky On-line Scanner est périmée
vas dans Ajout / Suppression de programmes et désinstalle On-Line Scanner
retourne sur le site et retente le scan