virus cheval de troie///// c pas toi

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

MSNFix 1.642

C:\Documents and Settings\HP_Propri‚taire\Bureau\MSNFix\MSNFix
Fix exécuté le 2008-01-25 - 21:29:05.96 By HP_Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\nested.sys

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

/!\ ... C:\WINDOWS\system32\nested.sys



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

/!\ ... C:\WINDOWS\system32\nested.sys



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-01-25_213143.17.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Re,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mail.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: .protected
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: windows mail service - Unknown owner - C:\WINDOWS\mail.exe
O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

--
End of file - 7710 bytes

Re,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

SmitFraudFix v2.274

Rapport fait à 22:13:20.51, 2008-01-25
Executé à partir de C:\Documents and Settings\HP_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mail.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Propri‚taire\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_PRO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.neufportail.fr/layout/img/header_home_bg_cor..."
"SubscribedURL"="http://www.neufportail.fr/layout/img/header_home_bg_cor..."
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.neufportail.fr/"
"SubscribedURL"="http://www.neufportail.fr/"
"FriendlyName"="Neuf Cegetel, neufportail.fr"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6D74B5E0-767A-4331-9C46-A071AE53A356}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6D74B5E0-767A-4331-9C46-A071AE53A356}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6D74B5E0-767A-4331-9C46-A071AE53A356}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

ComboFix 08-01-23.1C - HP_Propriétaire 2008-01-25 22:46:42.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.74 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\.protected
.
---- Previous Run -------
.
C:\.protected
C:\Documents and Settings\All Users\Application Data.\cfejcjsf.dll
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\.protected
C:\Program Files\Helper
C:\Program Files\Helper\superfindout.dll
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\winperformance
C:\Program Files\winperformance\registry_backup\2008.01.24 17.50.28.rb
C:\Program Files\winperformance\uninstall.exe
C:\WINDOWS\.protected
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\zDbIAdp186wp.exe
C:\WINDOWS\system32\4_exception.nls
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\zsxetabu.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\runtime






((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
2008-01-23 08:35 . 2008-01-23 08:35 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
2008-01-22 19:44 . 2008-01-22 19:44 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-22 14:10 . 2008-01-22 14:10 565,248 -r-hs---- C:\WINDOWS\mail.exe
2008-01-22 02:47 . 2008-01-22 02:47 3,776,774 --a------ C:\WINDOWS\zDbIAdp186.exe
2008-01-22 00:47 . 2008-01-22 00:47 <REP> d-------- C:\WINDOWS\dlgvtdea
2008-01-22 00:46 . 2008-01-22 00:46 199,168 --a------ C:\WINDOWS\xenyteja.dll
2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-09 20:23 . 2008-01-25 22:40 <REP> d-------- C:\Program Files\lx_cats
2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
2008-01-19 08:55 --------- d-----w C:\Program Files\eMule
2008-01-19 08:33 --------- d-----w C:\Program Files\Google
2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"FlyAway"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R2 windows mail service;windows mail service;"C:\WINDOWS\mail.exe" [2008-01-22 14:10]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-25 21:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-25 21:47:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 22:48:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-25 22:50:10
ComboFix-quarantined-files.txt 2008-01-25 21:50:02
.
2008-01-09 18:11:30 --- E O F ---

svp la suite
merci

De la patience ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Avira AntiVir PersonalEdition Classic
*************************************

Copyright © 2007 Avira GmbH.
All rights reserved.


Inhalt
******

0 Important information
1 System requirements
2 Important requirements for an installation
3 Incompatibilities with other programs
4 Support service
5 Contact address


0 Important information
***********************

Users who have up to now installed an ANSI version of the Avira
AntiVir PersonalEdition Classic software pack on a Microsoft Windows
NT, Microsoft Windows 2000 or Microsoft Windows XP operating system,
receive update information when attempting to update.

When updating, please proceed as follows:

1. Deinstall the installed version of the Avira AntiVir
PersonalEdition Classic.
2. Download a current software pack from the downoad section of the
Avira AntiVir PersonalEdition Classic website
http://www.free-av.com.
3. Install this software pack on your computer.

1 System requirements
*********************

In order for Avira AntiVir PersonalEdition Classic to run properly,
the computer system must fulfill the following requirements:

- Computer: Pentium or higher, at least 133 MHz

- Operating system
- Microsoft Windows Vista or
- Microsoft Windows XP Home or Professional, or
- Microsoft Windows 2000, SP 4 recommended

Avira AntiVir PersonalEdition Classic also supports Microsoft Windows
XP x64 Edition.

The display of the program interfaces can differ, depending on the
operating system used.

- 30 MB free memory on the hard disk (more if quarantine is used)

- Min. 100 MB temporary memory on the hard disk

- Min. 25 MB of free main memory

- For all installations: Internet Explorer 5.0 or higher

- For the installation of Avira AntiVir PersonalEdition Classic:
administrator rights

Note
----

- If there is no Internet Explorer 5.0 or higher available on your
system, you can download it under the following address:

http://www.microsoft.com/windows/ie/downloads/default.m...


2 Important requirements for an installation
********************************************

Ensure that the following requirements are fulfilled so that Avira
AntiVir PersonalEdition Classic works properly on your computer:

- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited


3 Incompatibilities with other programs
***************************************

Cygwin

If the Avira AntiVir PersonalEdition Classic runs on a system where
the product Cygwin is installed, you might encounter problems with
updating the Avira AntiVir PersonalEdition Classic. In a worst case
scenario you might not be able to update the Avira AntiVir
PersonalEdition Classic at all. Background to this behavior is the
fact that the cygwin process "cygrun.srv.exe" together with the
Microsoft Client/Server runtime server subsystem ("csrss.exe) causes
a complete load of the system once the update process of the Avira
AntiVir PersonalEdition Classic is started. It is therefore strongly
recommended to deinstall Cygwin before the Avira AntiVir
PersonalEdition Classic is installed.


4 Support service
*****************

If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at http://forum.avira.de or
to call our Support-Hotline.

Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir PersonalEdition
Classic to this Bulletin Board.

Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.


Support-Forum
-------------

...our forum is available for you at any time!

The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...

http://forum.avira.de


Support-Hotline
---------------

Germany: 0900 10 11 333 (1,99 Euro/Min*)
Austria: 0900 51 03 61 121 (2,16 Euro/Min*)
Switzerland: 0900 51 03 61 (4,23 CHF/Min*)

* Prices are subject to change.

Mo - Fr between 10 a.m. and 7 p.m.


5 Contact
*********

Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany

Internet: http://www.free-av.com

Tu as regardé le tuto au moins ? ...

dsl le voila


AntiVir PersonalEdition Classic
Report file date: samedi 26 janvier 2008 14:05

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: NOM-EB85C523610

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 26 janvier 2008 14:05

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxcrmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'mail.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lxcrcoms.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\fvelwow.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\nested.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ztx86.sys
[WARNING] The file could not be opened!


End of the scan: samedi 26 janvier 2008 14:08
Used time: 03:35 min

The scan has been done completely.

415 Scanning directories
9089 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
9089 Files not concerned
8 Archives were scanned
3 Warnings
0 Notes

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:45, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\mail.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: windows mail service - Unknown owner - C:\WINDOWS\mail.exe
O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

--
End of file - 7526 bytes

C'est mieux ?

non a chq fois que je le demarre il se lance au moin 3 ou 4 fois et il a un rapport d erreur qui s affiche et voila le resultat
Malheureusement, le rapport d''erreurs que vous avez envoyé est corrompu et ne peut être analysé. Il est rare que les rapports d''erreurs soient corrompus. Cela peut être dû à des problèmes logiciels ou matériels et indique généralement un problème grave lié à votre ordinateur.

Tu peux faire un screen du raport d'erreur ?

salut
j ai plus d erreur de rapport mais j ai l antivir qui indique
c:\windows\mail.exe
is the trojan horse
tr\crypf.xpack.gen
j ai toujours le meme soucis quand j allume

Tu as essayé de le supprimer manuellement ?

j ai recherche le fichier c:\windows\mail.exe il ne le trouve pas

Tu as essayé le scan en sans échec ?

oui je l ai essayé il y m a rien signalé
j ai fais plusieurs demarrages et il fait la meme chose il se relance plusieurs fois mais il me marque rien
conclusion c est au demarrage qu il deconne

Refais un scan Combofix pour voir.

voila le rapport
ComboFix 08-01-23.1C - HP_Propriétaire 2008-01-28 23:14:59.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.103 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-28 ))))))))))))))))))))))))))))))))))))
.

2008-01-26 14:00 . 2008-01-26 14:00 <REP> d-------- C:\Program Files\Avira
2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
2008-01-23 08:35 . 2008-01-23 08:35 54,764 --a------ C:\WINDOWS\system32\fvelwow.sys
2008-01-22 19:44 . 2008-01-22 19:44 54,764 --a------ C:\WINDOWS\system32\ztx86.sys
2008-01-22 02:47 . 2008-01-22 02:47 3,776,774 --a------ C:\WINDOWS\zDbIAdp186.exe
2008-01-22 00:47 . 2008-01-22 00:47 <REP> d-------- C:\WINDOWS\dlgvtdea
2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-09 20:23 . 2008-01-28 20:10 <REP> d-------- C:\Program Files\lx_cats
2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
2008-01-19 08:55 --------- d-----w C:\Program Files\eMule
2008-01-19 08:33 --------- d-----w C:\Program Files\Google
2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-25_22.44.15.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-27 13:05:52 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"FlyAway"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 14:05 249896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
S2 windows mail service;windows mail service;"C:\WINDOWS\mail.exe" []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-28 21:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-28 21:47:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 23:17:20
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-28 23:18:40
ComboFix-quarantined-files.txt 2008-01-28 22:18:36
ComboFix2.txt 2008-01-28 22:13:59
ComboFix3.txt 2008-01-25 21:50:11
.
2008-01-09 18:11:30 --- E O F ---

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:08, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

--
End of file - 7318 bytes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:08, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

--
End of file - 7318 bytes

tu m as dde un rapport d erreur voila ce qu il m affiche quand je l allume
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\WER4a7f.dir00\Mini012808-02.dmp
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\WER4a7f.dir00\sysdata.xml
la signature d erreur
BCCode : 1000007f BCP1 : 00000008 BCP2 : 80042000 BCP3 : 00000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1
voila les dernieres info

Euh...c'est pas le rapport Combofix...

les deux rapports qu tu m as dde sont au dessus et le dernier message c est le rapport d rreur quand je l allum

dsl je n avais pas vu que tu n avais pas le rapport de combix
je te le fais part

ComboFix 08-01-23.1C - HP_Propriétaire 2008-01-31 8:05:31.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.82 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
.

2008-01-29 21:52 . 2008-01-29 21:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-26 14:00 . 2008-01-26 14:00 <REP> d-------- C:\Program Files\Avira
2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-09 20:23 . 2008-01-31 08:01 <REP> d-------- C:\Program Files\lx_cats
2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 20:53 --------- d-----w C:\Program Files\Lavasoft
2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-23 19:21 46,080 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-23 19:21 17,920 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
2008-01-19 08:55 --------- d-----w C:\Program Files\eMule
2008-01-19 08:33 --------- d-----w C:\Program Files\Google
2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
2007-11-14 07:28 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 10:18 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:56 8,510,976 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 06:13 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-11 06:13 663,552 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 06:13 617,472 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 06:13 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 06:13 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 06:13 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 06:13 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 06:13 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 06:13 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 06:13 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 06:13 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 06:13 152,064 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 06:13 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,056,768 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-25_22.44.15.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 21:31:24 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-29 17:11:18 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 21:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-29 17:11:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 21:31:25 3,850,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-29 17:11:19 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 21:31:25 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-29 17:11:19 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 21:31:25 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-29 17:11:19 3,850,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 21:31:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-29 17:11:19 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-27 13:05:52 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"FlyAway"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 14:05 249896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S1 fvelwow;fvelwow;C:\WINDOWS\system32\fvelwow.sys []
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-30 06:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-30 06:47:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 08:08:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-31 8:09:40
ComboFix-quarantined-files.txt 2008-01-31 07:09:30
ComboFix2.txt 2008-01-29 17:29:16
ComboFix3.txt 2008-01-29 17:07:29
ComboFix4.txt 2008-01-28 22:18:41
ComboFix5.txt 2008-01-28 22:13:59
.
2008-01-09 18:11:30 --- E O F ---

Tu as bien fait ce que j'ai avec CFScript ?

oui j ai fais un copier coller

Tu as enregistré le fichier texte pour le glisser dans combofix ?

oui si tu ve je peux recomencer

Oui  

ComboFix 08-01-23.1C - HP_Propriétaire 2008-02-05 18:22:11.10 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.136 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration

FILE
C:\WINDOWS\system32\fvelwow.sys
C:\WINDOWS\zDbIAdp186.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ztx86.sys

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-05 to 2008-02-05 ))))))))))))))))))))))))))))))))))))
.

2008-02-01 18:45 . 2008-02-01 18:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-01 18:45 . 2008-02-01 18:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 21:52 . 2008-01-29 21:52 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-26 14:00 . 2008-01-26 14:00 <REP> d-------- C:\Program Files\Avira
2008-01-25 22:13 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-25 22:13 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-25 22:13 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-25 22:13 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-25 22:13 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-25 22:13 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-25 22:13 . 2008-01-25 22:13 4,574 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 18:32 . 2006-09-05 19:07 97,088 -ra------ C:\WINDOWS\system32\drivers\se59mdm.sys
2008-01-25 18:32 . 2006-09-05 19:07 9,360 -ra------ C:\WINDOWS\system32\drivers\se59mdfl.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cmnt.sys
2008-01-25 18:32 . 2006-09-05 19:09 6,240 -ra------ C:\WINDOWS\system32\drivers\se59cm.sys
2008-01-25 18:18 . 2006-09-05 19:07 61,536 -ra------ C:\WINDOWS\system32\drivers\se59bus.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59whnt.sys
2008-01-25 18:18 . 2006-09-05 19:06 5,872 -ra------ C:\WINDOWS\system32\drivers\se59wh.sys
2008-01-24 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 19:35 . 2008-01-24 19:38 <REP> d-------- C:\Program Files\Lop SD
2008-01-24 19:21 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-24 18:21 . 2008-01-24 18:21 <REP> d-------- C:\WINDOWS\report
2008-01-24 18:21 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\LPT$VPN.959
2008-01-24 18:20 . 2008-01-24 19:21 <REP> d-------- C:\WINDOWS\AU_Backup
2008-01-24 18:20 . 2008-01-24 18:20 35,352,505 --a------ C:\WINDOWS\VPTNFILE.959
2008-01-24 18:20 . 2008-01-24 18:20 1,916,766 --a------ C:\WINDOWS\tsc.ptn
2008-01-24 18:20 . 2008-01-24 19:21 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-01-24 18:20 . 2008-01-24 18:20 267,845 --a------ C:\WINDOWS\tsc.exe
2008-01-24 18:20 . 2008-01-24 19:21 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-01-24 18:20 . 2008-01-24 18:20 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-01-24 18:20 . 2008-01-24 19:23 823 --a------ C:\WINDOWS\tsc.ini
2008-01-24 18:19 . 2008-01-24 18:19 <REP> d-------- C:\WINDOWS\AU_Log
2008-01-24 18:19 . 2008-01-24 18:19 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-01-24 18:19 . 2008-01-24 18:19 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-01-24 18:19 . 2008-01-24 18:19 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-01-24 18:19 . 2008-01-24 19:21 170 --a------ C:\WINDOWS\GetServer.ini
2008-01-24 17:58 . 2008-01-24 17:58 <REP> d-------- C:\Program Files\Trend Micro
2008-01-23 18:06 . 2008-01-23 18:06 54,764 --a------ C:\WINDOWS\system32\nested.sys
2008-01-22 00:40 . 2008-01-22 00:45 2 --a------ C:\-865448038
2008-01-22 00:39 . 2008-01-22 00:39 54,764 --a------ C:\WINDOWS\system32\drivers\astq.tga
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-11 11:30 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-11 11:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-01-09 20:23 . 2008-02-05 18:00 <REP> d-------- C:\Program Files\lx_cats
2008-01-09 20:22 . 2006-11-30 17:32 344,064 --a------ C:\WINDOWS\system32\lxcrcoin.dll
2008-01-09 20:22 . 2006-03-23 09:33 40,960 --a------ C:\WINDOWS\system32\lxcrvs.dll
2008-01-09 20:21 . 2006-04-28 10:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-01-09 20:21 . 2006-04-28 10:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-01-09 20:21 . 2006-04-28 10:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-01-09 20:21 . 2006-04-28 10:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-01-09 20:21 . 2006-11-22 14:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-01-09 20:21 . 2006-11-22 14:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-01-09 20:21 . 2006-11-22 15:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-01-09 20:20 . 2008-01-09 20:20 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-01-09 20:20 . 2008-01-09 20:21 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
2008-01-09 20:20 . 2008-01-09 20:22 <REP> d-------- C:\Program Files\Lexmark 2400 Series
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-09 20:14 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-09 20:13 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-09 20:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-09 20:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-09 20:11 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 08:44 --------- d-----w C:\Program Files\eMule
2008-01-29 20:53 --------- d-----w C:\Program Files\Lavasoft
2008-01-24 19:01 --------- d-----w C:\Program Files\Navilog1
2008-01-19 08:33 --------- d-----w C:\Program Files\Google
2008-01-13 18:21 --------- d-----w C:\Program Files\Windows Live
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2006-01-21 05:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-25_22.44.15.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-25 21:31:24 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-02-05 17:21:54 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 21:31:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-02-05 17:21:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 21:31:25 3,850,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-02-05 17:21:55 3,874,816 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 21:31:25 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-02-05 17:21:55 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 21:31:25 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-02-05 17:21:55 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-25 21:31:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-02-05 17:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-27 13:05:52 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-07-11 12:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 11:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 11:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2007-12-14 10:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"FlyAway"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 19:39 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 04:05 344064]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"WOOKIT"="C:\Program Files\Wanadoo\EspaceWanadoo.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-03 03:23 98304]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 19:57 291760]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 17:11 82864]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 17:12 295856]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-05 19:00 144384]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 18:27 106496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 14:05 249896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S1 fvelwow;fvelwow;C:\WINDOWS\system32\fvelwow.sys []
S1 ztx86;ztx86;C:\WINDOWS\system32\ztx86.sys []
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 19:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 19:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 19:07]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-05 07:45:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-05 06:47:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [WOOKIT] C:\Program Files\Wanadoo\EspaceWanadoo.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O24 - Desktop Component 0: (no name) - http://www.neufportail.fr/layout/img/header_home_bg_cor...
O24 - Desktop Component 2: Neuf Cegetel, neufportail.fr - http://www.neufportail.fr/

--
End of file - 7432 bytes

alors

pourquoi il n y a plus de reponse................... a ma suite

MERCI POUR LES REPONSES