Se connecter avec
S'enregistrer | Connectez-vous

Probleme de pub

Dernière réponse : dans Sécurité

Bonjour depuis quelques jours je n'arrette pas d'avoir des pubs internet qui s'affiche (generalement des trucs d'antivirus qui dit que je suis infectés)

Voila le log hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:38, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll (file missing)
O2 - BHO: AskBarFr BHO - {5A074B21-F830-49de-A31B-26E51D6FD4D9} - C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Barre d´outils Ask - {5A074B29-F830-49de-A31B-26E51D6FD4D9} - C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O10 - Unknown file in Winsock LSP: worsock.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7900 bytes


Merci

Autres pages sur : probleme pub

Lassé par la pub ? Créez un compte

BTFix 1.092 (par bibi26) - 02/04/2008 17:17:31 - Analyse
Lancé depuis C:\Documents and Settings\Aline et Pierre\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\daemontools_whenusave_installer\

---> Analyse terminée le 02/04/2008 17:17:32



voila le rapport que ma afficher BTFix
j'attend votre reponse merci d'avance

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    nn dsl g délirer g mal regarder voila le rapport
    ComboFix 08-04-01.2 - François 2008-04-02 21:28:57.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.109 [GMT 2:00]
    Endroit: C:\Documents and Settings\François\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Désinstaller.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Website.url
    C:\Documents and Settings\François\Application Data\ShoppingReport
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    c:\Documents and Settings\François\Local Settings\Application Data\hgoamt.dat
    C:\Documents and Settings\François\Local Settings\Application Data\hgoamt.exe
    c:\Documents and Settings\François\Local Settings\Application Data\hgoamt_nav.dat
    C:\Documents and Settings\François\Local Settings\Application Data\hgoamt_navps.dat
    C:\Program Files\internetgamebox
    C:\Program Files\internetgamebox\InternetGameBox.exe
    C:\Program Files\internetgamebox\language
    C:\Program Files\internetgamebox\ressources\AttenteOff.html
    C:\Program Files\internetgamebox\ressources\AttenteOn.html
    C:\Program Files\internetgamebox\ressources\configv2_en.xml
    C:\Program Files\internetgamebox\ressources\configv2_es.xml
    C:\Program Files\internetgamebox\ressources\configv2_fr.xml
    C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
    C:\Program Files\internetgamebox\ressources\NoS2F.bin
    C:\Program Files\internetgamebox\skins\skinv2.skn
    C:\Program Files\internetgamebox\uninst.exe
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\alog.txt
    C:\WINDOWS\system32\bfrwdrqs.dat
    C:\WINDOWS\system32\bfrwdrqs_nav.dat
    C:\WINDOWS\system32\bfrwdrqs_navps.dat
    C:\WINDOWS\system32\cmds.txt
    C:\WINDOWS\system32\conf.dat
    C:\WINDOWS\system32\cs.dat
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\ps1.dat
    C:\WINDOWS\system32\rc.dat
    Le voila amuse toi bien avec car pour moi c du chinoi
    ++ merci d'avance

    ComboFix 08-04-01.2 - François 2008-04-02 21:28:57.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.109 [GMT 2:00]
    Endroit: C:\Documents and Settings\François\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Désinstaller.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\InternetGameBox\Website.url
    C:\Documents and Settings\François\Application Data\ShoppingReport
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\François\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    c:\Documents and Settings\François\Local Settings\Application Data\hgoamt.dat
    C:\Documents and Settings\François\Local Settings\Application Data\hgoamt.exe
    c:\Documents and Settings\François\Local Settings\Application Data\hgoamt_nav.dat
    C:\Documents and Settings\François\Local Settings\Application Data\hgoamt_navps.dat
    C:\Program Files\internetgamebox
    C:\Program Files\internetgamebox\InternetGameBox.exe
    C:\Program Files\internetgamebox\language
    C:\Program Files\internetgamebox\ressources\AttenteOff.html
    C:\Program Files\internetgamebox\ressources\AttenteOn.html
    C:\Program Files\internetgamebox\ressources\configv2_en.xml
    C:\Program Files\internetgamebox\ressources\configv2_es.xml
    C:\Program Files\internetgamebox\ressources\configv2_fr.xml
    C:\Program Files\internetgamebox\ressources\favoris\defaultv2.swf
    C:\Program Files\internetgamebox\ressources\NoS2F.bin
    C:\Program Files\internetgamebox\skins\skinv2.skn
    C:\Program Files\internetgamebox\uninst.exe
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\alog.txt
    C:\WINDOWS\system32\bfrwdrqs.dat
    C:\WINDOWS\system32\bfrwdrqs_nav.dat
    C:\WINDOWS\system32\bfrwdrqs_navps.dat
    C:\WINDOWS\system32\cmds.txt
    C:\WINDOWS\system32\conf.dat
    C:\WINDOWS\system32\cs.dat
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\ps1.dat
    C:\WINDOWS\system32\rc.dat

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-02 17:31 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-04-02 17:31 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-04-02 17:30 . 2008-04-02 17:30 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-02 17:30 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-04-02 17:30 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-04-02 17:30 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-04-02 17:30 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-04-02 17:30 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-04-02 17:30 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-02 17:30 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-04-02 17:30 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-04-01 19:47 . 2008-04-01 19:47 <REP> d-------- C:\Program Files\AVG
    2008-04-01 19:47 . 2008-04-01 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-03-30 15:05 . 2008-03-30 15:05 1 --a------ C:\WINDOWS\system32\boa1.dat
    2008-03-12 13:35 . 2008-03-12 13:36 <REP> d-------- C:\Program Files\iTunes
    2008-03-12 13:33 . 2008-03-12 13:34 <REP> d-------- C:\Program Files\QuickTime
    2008-03-02 12:21 . 2008-03-02 12:21 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-27 14:07 --------- d-----w C:\Program Files\Java
    2008-03-13 18:53 --------- d-----w C:\Program Files\World of Warcraft
    2008-03-12 11:36 --------- d-----w C:\Program Files\iPod
    2008-03-07 17:01 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-02 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-29 20:37 --------- d-----w C:\Documents and Settings\François\Application Data\Sports Interactive
    2008-02-29 20:36 --------- d--h--w C:\Program Files\Zero G Registry
    2008-02-29 20:34 --------- d-----w C:\Program Files\Sports Interactive
    2008-02-29 20:25 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-02-29 20:21 --------- d-----w C:\Documents and Settings\François\Application Data\DAEMON Tools
    2008-02-29 20:20 --------- d-----w C:\Documents and Settings\François\Application Data\Azureus
    2008-02-29 20:19 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-29 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-25 09:20 --------- d-----w C:\Program Files\Azureus
    2008-02-18 13:35 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-02-18 13:35 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-02-18 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-02-18 13:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-18 13:08 --------- d-----w C:\Program Files\Trend Micro
    2008-02-10 13:42 --------- d-----w C:\Documents and Settings\François\Application Data\LimeWire
    2008-01-05 10:16 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
    2008-01-05 10:16 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
    2008-01-04 11:24 0 ----a-w C:\Documents and Settings\François\Application Data\wklnhst.dat
    2007-06-14 17:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B05A5AC-CBE0-4133-945A-3A28C053446F}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"= "C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll" [2007-10-05 14:49 238544]

    [HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"= C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll [2007-10-05 14:49 238544]

    [HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-12-20 17:21 798456]
    "Secure"="C:\WINDOWS\WindowsUpdates.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-13 08:57:30 67128]
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-01-05 13:10:26 925696]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\condition zero\\hl.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\day of defeat\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\ricochet\\hl.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 21:40]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-18 15:35]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8c7c1da-5ec5-11dc-8b5b-0060b30a0fdd}]
    \Shell\AutoRun\command - K:\ntde1ect.com
    \Shell\explore\Command - K:\ntde1ect.com
    \Shell\open\Command - K:\ntde1ect.com

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-18 07:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-28 16:23:17 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-02 21:32:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-02 21:33:56
    ComboFix-quarantined-files.txt 2008-04-02 19:33:34
    Pre-Run: 140,264,251,392 octets libres
    Post-Run: 140,252,659,712 octets libres
    .
    2008-04-02 13:02:51 --- E O F ---
    Voila le rapport
    ++
    merci d'avance

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Folder::
    C:\Program Files\AskBarFr

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B05A5AC-CBE0-4133-945A-3A28C053446F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"=-
    [-HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [-HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"=-
    [-HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [-HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

    ComboFix 08-04-01.2 - François 2008-04-04 8:20:04.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.127 [GMT 2:00]
    Endroit: C:\Documents and Settings\François\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Fran‡ois\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-02 21:38 . 2008-04-04 08:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-02 21:38 . 2008-04-02 21:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-02 17:31 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-04-02 17:31 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-04-02 17:30 . 2008-04-02 17:30 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-02 17:30 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-04-02 17:30 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-04-02 17:30 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-04-02 17:30 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-04-02 17:30 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-04-02 17:30 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-02 17:30 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-04-02 17:30 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-04-01 19:47 . 2008-04-01 19:47 <REP> d-------- C:\Program Files\AVG
    2008-04-01 19:47 . 2008-04-01 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-03-30 15:05 . 2008-03-30 15:05 1 --a------ C:\WINDOWS\system32\boa1.dat
    2008-03-12 13:35 . 2008-03-12 13:36 <REP> d-------- C:\Program Files\iTunes
    2008-03-12 13:33 . 2008-03-12 13:34 <REP> d-------- C:\Program Files\QuickTime

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-27 14:07 --------- d-----w C:\Program Files\Java
    2008-03-13 18:53 --------- d-----w C:\Program Files\World of Warcraft
    2008-03-12 11:36 --------- d-----w C:\Program Files\iPod
    2008-03-07 17:01 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-02 10:21 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-02 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-29 20:37 --------- d-----w C:\Documents and Settings\François\Application Data\Sports Interactive
    2008-02-29 20:36 --------- d--h--w C:\Program Files\Zero G Registry
    2008-02-29 20:34 --------- d-----w C:\Program Files\Sports Interactive
    2008-02-29 20:25 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-02-29 20:21 --------- d-----w C:\Documents and Settings\François\Application Data\DAEMON Tools
    2008-02-29 20:20 --------- d-----w C:\Documents and Settings\François\Application Data\Azureus
    2008-02-29 20:19 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-29 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-25 09:20 --------- d-----w C:\Program Files\Azureus
    2008-02-18 13:35 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-02-18 13:35 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-02-18 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-02-18 13:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-18 13:08 --------- d-----w C:\Program Files\Trend Micro
    2008-02-10 13:42 --------- d-----w C:\Documents and Settings\François\Application Data\LimeWire
    2008-01-05 10:16 81,920 ----a-w C:\WINDOWS\system32\W32N50.dll
    2008-01-05 10:16 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.sys
    2008-01-04 11:24 0 ----a-w C:\Documents and Settings\François\Application Data\wklnhst.dat
    2007-06-14 17:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-02_21.33.15,46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-04 06:06:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B05A5AC-CBE0-4133-945A-3A28C053446F}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"= "C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll" [2007-10-05 14:49 238544]

    [HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"= C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll [2007-10-05 14:49 238544]

    [HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-12-20 17:21 798456]
    "Secure"="C:\WINDOWS\WindowsUpdates.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-13 08:57:30 67128]
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-01-05 13:10:26 925696]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\condition zero\\hl.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\day of defeat\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\ricochet\\hl.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 21:40]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-18 15:35]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8c7c1da-5ec5-11dc-8b5b-0060b30a0fdd}]
    \Shell\AutoRun\command - K:\ntde1ect.com
    \Shell\explore\Command - K:\ntde1ect.com
    \Shell\open\Command - K:\ntde1ect.com

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-18 07:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-28 16:23:17 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-04 08:22:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-04 8:23:21
    ComboFix-quarantined-files.txt 2008-04-04 06:23:18
    ComboFix2.txt 2008-04-02 19:33:57
    Pre-Run: 140,240,195,584 octets libres
    Post-Run: 140,230,074,368 octets libres
    .
    2008-04-04 05:35:08 --- E O F ---
    voila le rapport de combofix
    ++

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:25:37, on 04/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\program files\powerstrip\pstrip.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - (no file)
    O2 - BHO: Google Module - {1B05A5AC-CBE0-4133-945A-3A28C053446F} - lboot32.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: AskBarFr BHO - {5A074B21-F830-49de-A31B-26E51D6FD4D9} - C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Barre d´outils Ask - {5A074B29-F830-49de-A31B-26E51D6FD4D9} - C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
    O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 8786 bytes
    Et voila le rapport de hijackthis
    ++
    Merci de ton aide

    Bonjour, comme je l'ai expliqué dans d'autres posts, j'ai été confrontée aux mêmes problèmes de messages intempestifs qui signalaient des infections diverses et proposaient des solutions payantes. J'ai réussi a y faire face en utilisant spybot search and destroy (petit logiciel anti mouchards publicitaires simple d'utilisation et gratuit). Il est parvenu a régler tous les problèmes. Le seul hic c'est qu'il reste une petite trace de win pc doctor (le logiciel payant qui se proposait pour régler les problèmes) mais il reste inactif et ne perturbe plus du tout le fonctionnement de l'ordi.
    Pour les non-spécialistes de l'informatique comme moi ça a été un soulagement de pouvoir tout régler sans en passer par des choses trop complexes.
    A essayer, qui sait ça peut aussi marcher pour vous.

    Désolée,
    ayant été confrontée au même type de problème et l'ayant résolu, j'ai cru pouvoir aider, je ne voulais pas troubler ce sujet mais juste proposer une solution qui s'est avéré efficace dans mon cas. Je ne donne pas de directive et n'oblige personne à suivre mes conseils.
    Désormais je m'abstiendrai, bonne continuation.

    fransesc a dit :
    Oui j'ai fait l'opération avec CFScript
    Que doit-je faire maintenant ?
    ++
    Merci

    Le rapport ?


    poukpouk a dit :
    Désolée,
    ayant été confrontée au même type de problème et l'ayant résolu, j'ai cru pouvoir aider, je ne voulais pas troubler ce sujet mais juste proposer une solution qui s'est avéré efficace dans mon cas. Je ne donne pas de directive et n'oblige personne à suivre mes conseils.
    Désormais je m'abstiendrai, bonne continuation.

    Aidez est une bonne chose, je t'en félicite. Mais comme tu le vois, les opérations sont déjà bien entammées ici ;) 

    ComboFix 08-04-01.2 - François 2008-04-06 15:47:53.3 - NTFSx86
    Endroit: C:\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-02 21:38 . 2008-04-06 09:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-02 21:38 . 2008-04-02 21:38 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-02 21:27 . 2008-04-02 21:27 1,603,499 --a------ C:\ComboFix.exe
    2008-04-02 17:31 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-04-02 17:31 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-04-02 17:30 . 2008-04-02 17:30 <REP> d-------- C:\Program Files\Alwil Software
    2008-04-02 17:30 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-04-02 17:30 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-04-02 17:30 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-04-02 17:30 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-04-02 17:30 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-04-02 17:30 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-02 17:30 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-04-02 17:30 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-04-01 19:47 . 2008-04-01 19:47 <REP> d-------- C:\Program Files\AVG
    2008-04-01 19:47 . 2008-04-01 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-03-30 15:05 . 2008-03-30 15:05 1 --a------ C:\WINDOWS\system32\boa1.dat
    2008-03-12 13:35 . 2008-03-12 13:36 <REP> d-------- C:\Program Files\iTunes
    2008-03-12 13:33 . 2008-03-12 13:34 <REP> d-------- C:\Program Files\QuickTime

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-01 18:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-03-27 14:07 --------- d-----w C:\Program Files\Java
    2008-03-13 18:53 --------- d-----w C:\Program Files\World of Warcraft
    2008-03-12 11:36 --------- d-----w C:\Program Files\iPod
    2008-03-07 17:01 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-02 10:21 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-03-02 10:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-02-29 20:37 --------- d-----w C:\Documents and Settings\François\Application Data\Sports Interactive
    2008-02-29 20:36 --------- d--h--w C:\Program Files\Zero G Registry
    2008-02-29 20:34 --------- d-----w C:\Program Files\Sports Interactive
    2008-02-29 20:25 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-02-29 20:21 --------- d-----w C:\Documents and Settings\François\Application Data\DAEMON Tools
    2008-02-29 20:20 --------- d-----w C:\Documents and Settings\François\Application Data\Azureus
    2008-02-29 20:19 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-29 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-25 09:20 --------- d-----w C:\Program Files\Azureus
    2008-02-18 13:35 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-02-18 13:35 --------- d-----w C:\Program Files\TuneUp Utilities 2008
    2008-02-18 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-02-18 13:34 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-18 13:08 --------- d-----w C:\Program Files\Trend Micro
    2008-02-10 13:42 --------- d-----w C:\Documents and Settings\François\Application Data\LimeWire
    2008-01-04 11:24 0 ----a-w C:\Documents and Settings\François\Application Data\wklnhst.dat
    2007-06-14 17:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-02_21.33.15,46 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-04-06 07:08:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B05A5AC-CBE0-4133-945A-3A28C053446F}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"= "C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll" [2007-10-05 14:49 238544]

    [HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{5A074B29-F830-49DE-A31B-26E51D6FD4D9}"= C:\Program Files\AskBarFr\bar\bin\askBar_fr.dll [2007-10-05 14:49 238544]

    [HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-26e51d6fd4d9}]
    [HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-26E51D6FD4D9}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 20:33 57344]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00 98304]
    "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-12-20 17:21 798456]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-13 08:57:30 67128]
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2008-01-05 13:10:26 925696]
    Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\condition zero\\hl.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\day of defeat\\hl.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\francois_14\\ricochet\\hl.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys [2007-07-15 04:37]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 21:40]
    S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 15:45]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 11:12]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-18 15:35]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8c7c1da-5ec5-11dc-8b5b-0060b30a0fdd}]
    \Shell\AutoRun\command - K:\ntde1ect.com
    \Shell\explore\Command - K:\ntde1ect.com
    \Shell\open\Command - K:\ntde1ect.com

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-18 07:48:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-04 15:43:05 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-06 15:51:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-06 15:52:06
    ComboFix-quarantined-files.txt 2008-04-06 13:52:03
    ComboFix2.txt 2008-04-04 06:23:22
    ComboFix3.txt 2008-04-02 19:33:57
    Pre-Run: 139,912,916,992 octets libres
    Post-Run: 139,905,720,320 octets libres
    .
    2008-04-06 07:13:07 --- E O F ---
    voila le rapport

    Lassé par la pub ? Créez un compte

    Créer un nouveau sujet

    Tom's guide dans le monde