ordi qui se fige ou s'eteind tout seul

bonjour

c'est toi qui a installé un keylogger sur ton pc?
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe

http://research.sunbelt-software.com/threatdisplay.aspx...


Télécharge BTFix de Bibi26.

Dézippe l'archive sur ton Bureau.

Ouvre le dossier BTFix.

Double clique sur BTFix.exe.

Clique sur Rechercher.

Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

merci de ton aide  

alors pour la premiere question ... non je ne pense pas, je n'ai pas trouvé ce programme

sinon por BTFix

BTFix 1.095 (par bibi26) - 13/04/2008 16:56:41 - Analyse
Lancé depuis D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- D:\Program Files\ShoppingReport\
- D:\Documents and Settings\Florent\Application Data\ShoppingReport\

---> Analyse terminée le 13/04/2008 16:56:42

re

tu ne réponds pas à ma question, est-ce que c'est toi qui a installé un keylogger:
voilà ce que c'est:
http://www.securiteinfo.com/attaques/divers/keylogger.s...

soit toi ou un membre de ta famille l'installe pour vérifier ce que l'on fait sur ce PC, soit c'est un malware, et là... si tu fais des achats par CB, tu dois rapidement contacter ta banque.

1

Ouvre BTFix.

Clique sur Nettoyer.

Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

2

ajoute un nouveau log Hijackthis stp

euh oui c'est moi qui avait installé ça ...
mais je pensais l'avoir supprimé

mon scan BTFix
BTFix 1.095 (par bibi26) - 13/04/2008 21:15:38 - Nettoyage - Mode normal
Lancé depuis D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- D:\Program Files\ShoppingReport\Bin\2.0.25\
- D:\Program Files\ShoppingReport\Bin\
- D:\Program Files\ShoppingReport\cs\
- D:\Program Files\ShoppingReport\
- D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\db\
- D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\dwld\
- D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\report\
- D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\res2\
- D:\Documents and Settings\Florent\Application Data\ShoppingReport\cs\
- D:\Documents and Settings\Florent\Application Data\ShoppingReport\

---> Nettoyage terminé le 13/04/2008 21:15:41

Logfile of HijackThis v1.99.1
Scan saved at 21:17:42, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\MESSAG~1\StartMessager.exe
D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

ok

vérifie que tu l'a bien désinstallé via ajout/suppression de programmes puis supprime le dossier en gras:
D:\Program Files\Active Key Logger

Voilà ce qu'on va faire, tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport.  


Désinstalle correctement Avast!


Pour le remplacer par Antivir.

-->Tuto<--


Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai

je n'ai pas trouvé ton dossier .....

voila le scan

BTFix 1.095 (par bibi26) - 19/04/2008 20:36:14 - Nettoyage - Mode normal
Lancé depuis D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés

---> Nettoyage terminé le 19/04/2008 20:36:28

Logfile of HijackThis v1.99.1
Scan saved at 20:50:28, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\MESSAG~1\StartMessager.exe
D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Windows Media Player\Setup_wm.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
d:\program files\avira\antivir personaledition classic\avcenter.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe
D:\Documents and Settings\Florent\Bureau\BTFix\BTFix.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


voila

merci de ton aide

bonsoir
je voulais un scan avec antivir  

voila voila oui
bon alors c'est une vrai galere il faut 2H pour faire un scan
et ... l'ordi s'éteind avant la fin forcement

mais j'ai un scan qui s'est terminé et enregistré le voila


Avira AntiVir Personal
Report file date: dimanche 20 avril 2008 10:42

Scanning for 1218459 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: OXYGEN

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:28:29
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 18:28:47
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 19/04/2008 18:29:34
AESCN.DLL : 8.1.0.14 119156 Bytes 19/04/2008 18:29:31
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 19/04/2008 18:29:29
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 18:29:23
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 19/04/2008 18:29:17
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 18:29:02
AEGEN.DLL : 8.1.0.17 299380 Bytes 19/04/2008 18:28:59
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 19/04/2008 18:28:49
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 20 avril 2008 10:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'AiNap.exe' - '1' Module(s) have been scanned
Scan process 'aaCenter.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\' <MEMOIRE>
Begin scan in 'D:\' <PROGRAMMES>
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: dimanche 20 avril 2008 12:16
Used time: 1:34:48 min

The scan has been done completely.

6012 Scanning directories
549979 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
549979 Files not concerned
6581 Archives were scanned
2 Warnings
0 Notes

un autre plus vieux




Avira AntiVir Personal
Report file date: samedi 19 avril 2008 22:47

Scanning for 1218459 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: OXYGEN

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 18:28:29
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 18:28:47
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 19/04/2008 18:29:34
AESCN.DLL : 8.1.0.14 119156 Bytes 19/04/2008 18:29:31
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 19/04/2008 18:29:29
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 18:29:23
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 19/04/2008 18:29:17
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 18:29:02
AEGEN.DLL : 8.1.0.17 299380 Bytes 19/04/2008 18:28:59
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 19/04/2008 18:28:49
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 19 avril 2008 22:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'StartMessager.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'EM_EXEC.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'AiNap.exe' - '1' Module(s) have been scanned
Scan process 'aaCenter.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SMax4.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\' <MEMOIRE>
C:\florent\jeux\consoles emulation\kawaks\1.47a.exe
[DETECTION] Is the Trojan horse TR/Horse3.CG
[NOTE] The file was moved to '483ebbbf.qua'!
C:\RECYCLER\S-1-5-21-1708537768-1715567821-839522115-1003\Dc1.zip
[0] Archive type: ZIP
--> SecuredeIE_11_ES_SS_-1199883400.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.X.1
[NOTE] The file was moved to '483bc11e.qua'!
Begin scan in 'D:\' <PROGRAMMES>
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\Documents and Settings\Elise\Local Settings\Temp\~7.exe
[DETECTION] Is the Trojan horse TR/Dldr.Bagle.CC.2
[NOTE] The file was moved to '4838c176.qua'!
D:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\0X2LSHQT\g2[1].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '4865c18f.qua'!
D:\Documents and Settings\Florent\Application Data\Sun\Java\Deployment\cache\6.0\25\9180419-54dbd455
[0] Archive type: ZIP
--> BnnnnBaa.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
--> VaannnaaBaa.class
[DETECTION] Is the Trojan horse TR/ClassLoader
--> Dnnny.class
[DETECTION] Contains detection pattern of the Java virus JAVA/Exploit.Bytverify.5
--> Bnnnnn.class
[DETECTION] Is the Trojan horse TR/Java.ClassLoader.AS
--> Den.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify
--> Din.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify.A
--> Dun.class
[DETECTION] Is the Trojan horse TR/Exploit.Bytverify.B
[NOTE] The file was moved to '4842c213.qua'!
D:\Documents and Settings\Florent\Application Data\Sun\Java\Deployment\cache\6.0\56\43f905f8-518df0ea
[0] Archive type: ZIP
--> BaaaaBaa.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.A.19
[NOTE] The file was moved to '4870c21b.qua'!
D:\Program Files\Cain\Abel.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '486fc40c.qua'!
D:\Program Files\Secured IE\Secured IE - Installer.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.Q
[NOTE] The file was moved to '486dc5b5.qua'!
D:\WINDOWS\exefld\17474593.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was moved to '483ec781.qua'!
D:\WINDOWS\system32\flec003.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was moved to '486fc90a.qua'!
D:\WINDOWS\system32\hldrrr.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
D:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: dimanche 20 avril 2008 06:40
Used time: 7:52:51 min

The scan has been done completely.

6011 Scanning directories
550829 Files were scanned
15 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
1 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
550814 Files not concerned
6585 Archives were scanned
2 Warnings
11 Notes

Bonjour

ton log montre une infection bagle...

~Télécharge Elibagla sur cette page :
http://www.zonavirus.com/datos/descargas/95/elibagla.as...

Tu trouveras le programme à télécharger tout en bas de la page :,
clique sur escargar Elibagla 11.28

Enregistre ce fichier sur le bureau
Va sur ton bureau et double-clic sur Elibagla.exe
La case "eliminar ficheros automaticamente" doit être cochée
Clique sur"explorar" et laisse-le travailler
~Poste le rapport final qui sera dans c:\infosat.txt

je ne connais pas ton infevtion ...

mais sinon voila le scan  


Sun Apr 20 20:29:36 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
D:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Eliminada Carpeta "%WinDir%\exefld"

Sun Apr 20 20:30:25 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 4768
Nº Total de Ficheros: 57571
Nº de Ficheros Analizados: 12675
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Apr 20 21:02:58 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Apr 20 21:03:11 2008
EliBagle v11.28 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

re

bagle détruit les antivirus... mais là, il n'y avait que des restes...
comment se comporte ton pc?
reposte un log hijackthis stp

salut

ben rien n'a changé ....

c pas un foudre de guere alors qu'il n'a qu'un an, et il se fige ou s'éteind encore ....

Logfile of HijackThis v1.99.1
Scan saved at 08:36:05, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\MESSAG~1\StartMessager.exe
D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.719\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

bonjour

on va supprimer:
D:\Program Files\Active Key Logger

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

ajoute un nouveau rapport Hijackthis.

voila voila

ComboFix 08-04-24.1 - Florent 2008-04-26 11:37:00.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.640 [GMT 2:00]
Endroit: D:\Documents and Settings\Florent\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Elise\Application Data\hidires
D:\Documents and Settings\Elise\Application Data\ShoppingReport
D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\Config.xml
D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\db\Aliases.dbs
D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\db\Sites.dbs
D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\report\aggr_storage.xml
D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\report\send_storage.xml
D:\Documents and Settings\Elise\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
D:\Documents and Settings\Elise\Menu Démarrer\Programmes\WebMediaPlayer
D:\Documents and Settings\Elise\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
D:\Documents and Settings\Elise\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
D:\WINDOWS\regedit.com
D:\WINDOWS\system32\5_exception.nls
D:\WINDOWS\system32\main.sys
D:\WINDOWS\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NEW_DRV
-------\Legacy_RUNTIME


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))))
.

2008-04-19 20:52 . 2008-04-19 20:52 23,392 --a------ D:\WINDOWS\system32\nscompat.tlb
2008-04-19 20:52 . 2008-04-19 20:52 16,832 --a------ D:\WINDOWS\system32\amcompat.tlb
2008-04-19 20:22 . 2008-04-19 20:22 <REP> d-------- D:\Program Files\Avira
2008-04-19 20:22 . 2008-04-19 20:22 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 22:06 . 2008-04-20 21:53 <REP> d-------- D:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 09:35 --------- d-----w D:\Documents and Settings\Florent\Application Data\EoRezo
2008-04-25 12:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-20 04:23 --------- d-----w D:\Program Files\Secured IE
2008-04-20 04:16 --------- d-----w D:\Program Files\Cain
2008-04-19 19:06 --------- d---a-w D:\Program Files\Java
2008-04-19 18:16 --------- d-----w D:\Program Files\Windows Media Connect 2
2008-03-11 18:39 --------- d-----w D:\Documents and Settings\Elise\Application Data\EoRezo
2008-03-04 12:10 --------- d-----w D:\Program Files\MSN Messenger
2008-03-03 20:41 --------- dcsh--w D:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-03 20:41 --------- d-----w D:\Program Files\Windows Live
2008-03-03 20:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{626482AF-17D0-5DFC-C12D-32A58E631863}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
2007-09-06 13:28 1453080 --a------ D:\Program Files\securedie\tbsecu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= "D:\Program Files\securedie\tbsecu.dll" [2007-09-06 13:28 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{CD36797A-70F3-4ACD-8825-623D3B896881}"= D:\Program Files\securedie\tbsecu.dll [2007-09-06 13:28 1453080]

[HKEY_CLASSES_ROOT\clsid\{cd36797a-70f3-4acd-8825-623d3b896881}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 13:55 68856]
"updateMgr"="D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"RocketDock"="D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 22:47 344064]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 10:19 729088]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2006-06-01 18:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 18:22 1519616 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 18:22 86016 D:\WINDOWS\system32\nvmctray.dll]
"AsusServiceProvider"="D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe" [2006-08-03 11:25 591360]
"Ai Nap"="D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2006-08-31 17:01 1422848]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 11:50 20992 D:\WINDOWS\LOGI_MWX.EXE]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"exp32sys"="D:\Program Files\Active Key Logger\Active Key Logger.exe" [ ]
"WooCnxMon"="D:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
"MessagerStarter Wanadoo"="D:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47 32768]
"WOOWATCH"="D:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
"WOOTASKBARICON"="D:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)
"ConsentPromptBehaviorUser"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll
"vidc.wmv3"= D:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoCAD Startup Accelerator.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AutoCAD Startup Accelerator.lnk
backup=D:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Florent^Menu Démarrer^Programmes^Démarrage^Anti-Pub.lnk]
path=D:\Documents and Settings\Florent\Menu Démarrer\Programmes\Démarrage\Anti-Pub.lnk
backup=D:\WINDOWS\pss\Anti-Pub.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
--a------ 2007-02-01 11:25 462848 D:\Program Files\eoRezo\EoEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\freeBrowser]
--a------ 2006-08-28 00:54 413696 D:\Program Files\freeBrowser\freeBrowser\freeBrowser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV]
--a------ 2007-03-01 12:49 2146304 D:\Program Files\Its Label\ItsTV\ItsTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 18:24 1694208 D:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
D:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\WINDOWS\\system32\\dpvsetup.exe"=
"D:\\WINDOWS\\system32\\rundll32.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\florent\\jeux\\MOHAA\\moh_spearhead.exe"=
"C:\\florent\\eMule\\emule.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\florent\\jeux\\cod2\\CoD2MP_s.exe"=
"C:\\florent\\pilotes\\Freeplayer\\vlc\\vlc.exe"=
"D:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"D:\\Program Files\\freeBrowser\\vlc\\vlc.exe"=
"D:\\Program Files\\freeBrowser\\freeBrowser\\freeBrowser.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:4662tcp
"4672:UDP"= 4672:UDP:4672udp

S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cf4ce90-e14f-11db-bb92-0018f309352d}]
\Shell\AutoRun\command - F:\Setup\rsrc\autorun.exe
\Shell\dinstall\command - F:\Directx\dxsetup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-29 14:00:00 D:\WINDOWS\Tasks\Norton Security Scan.job"
- D:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 11:42:10
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\savedump.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Wanadoo\CnxMon.exe
D:\Program Files\Messager Wanadoo\StartMessager.exe
D:\Program Files\Wanadoo\TaskBarIcon.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-26 11:45:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-26 09:45:03

Pre-Run: 41,369,473,024 octets libres
Post-Run: 41,463,304,192 octets libres

195 --- E O F --- 2008-04-20 01:01:06


Logfile of HijackThis v1.99.1
Scan saved at 11:47:34, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\MESSAG~1\StartMessager.exe
D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

bonjour

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: Explorer Helper - {626482AF-17D0-5DFC-C12D-32A58E631863} - (no file)
O4 - HKLM\..\Run: [exp32sys] D:\Program Files\Active Key Logger\Active Key Logger.exe


Clique sur Fix checked (en bas à gauche)

eoRezo est un vecteur de pubs, tu devrait le désinstaller, lis cette page:
http://forum.telecharger.01net.com/telecharger/securite...


on va vérifier quelque chose:

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

Search Navipromo version 3.5.7 commencé le 17/05/2008 à 10:12:08,84

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "Florent"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "D:\WINDOWS" ***


*** Recherche dossiers dans "D:\Program Files" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\Florent\applic~1" ***


*** Recherche dossiers dans "D:\DOCUME~1\Elise\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\Florent\locals~1\applic~1" ***


*** Recherche dossiers dans "D:\DOCUME~1\Elise\locals~1\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\Florent\menudm~1\progra~1" ***


*** Recherche dossiers dans "D:\DOCUME~1\Elise\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "D:\WINDOWS\system32" *

* Recherche dans "D:\Documents and Settings\Florent\locals~1\applic~1" *

* Recherche dans "D:\DOCUME~1\Elise\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "D:\WINDOWS\system32" :


* Dans "D:\Documents and Settings\Florent\locals~1\applic~1" :


* Dans "D:\DOCUME~1\Elise\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 17/05/2008 à 10:17:06,06 ***


et ...

Logfile of HijackThis v1.99.1
Scan saved at 10:21:06, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RunDLL32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\PROGRA~1\Wanadoo\CnxMon.exe
D:\PROGRA~1\MESSAG~1\StartMessager.exe
D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
D:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\notepad.exe
D:\Program Files\WinRAR\WinRAR.exe
D:\DOCUME~1\Florent\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - D:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - D:\Program Files\securedie\tbsecu.dll
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] D:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] D:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RocketDock] "D:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://elisepoison.spaces.live.com//PhotoUpload/MsnPUpl...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{80F976D8-5F98-42CE-B01E-BBF22022C466}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

voila dsl pour l'attente

bonjour



effectivement....

encore des soucis?

lol oui oui  
il s'est bloqué ce matin encore  

re

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-20 23:20:53
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF73B40D0]
SSDT F7CBAF64 ZwCreateThread
SSDT sptd.sys ZwEnumerateKey [0xF73B9E2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF73BA1BA]
SSDT sptd.sys ZwOpenKey [0xF73B40B0]
SSDT F7CBAF50 ZwOpenProcess
SSDT F7CBAF55 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF73BA292]
SSDT sptd.sys ZwQueryValueKey [0xF73BA112]
SSDT sptd.sys ZwSetValueKey [0xF73BA324]
SSDT F7CBAF5F ZwTerminateProcess
SSDT F7CBAF5A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? D:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
.text USBPORT.SYS!DllUnload F615E62C 5 Bytes JMP 86FB41C8
? System32\Drivers\anqcg6b0.SYS Le fichier spécifié est introuvable. !

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B4AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B4C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B4B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B5748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B561E] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 871D11E8
Device \Driver\usbuhci \Device\USBPDO-0 86EFA1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 871601E8
Device \Driver\dmio \Device\DmControl\DmConfig 871601E8
Device \Driver\dmio \Device\DmControl\DmPnP 871601E8
Device \Driver\dmio \Device\DmControl\DmInfo 871601E8
Device \Driver\usbuhci \Device\USBPDO-1 86EFA1E8
Device \Driver\usbehci \Device\USBPDO-2 86FB95C0
Device \Driver\usbuhci \Device\USBPDO-3 86EFA1E8
Device \Driver\usbuhci \Device\USBPDO-4 86EFA1E8
Device \Driver\PCI_NTPNP4056 \Device\00000048 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-5 86EFA1E8
Device \Driver\usbehci \Device\USBPDO-6 86FB95C0
Device \Driver\Ftdisk \Device\HarddiskVolume1 871D31E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 871D31E8
Device \Driver\atapi \Device\Ide\IdePort0 871D21E8
Device \Driver\atapi \Device\Ide\IdePort1 871D21E8
Device \Driver\atapi \Device\Ide\IdePort2 871D21E8
Device \Driver\atapi \Device\Ide\IdePort3 871D21E8
Device \Driver\atapi \Device\Ide\IdePort4 871D21E8
Device \Driver\atapi \Device\Ide\IdePort5 871D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 871D21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 871D21E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86B37608
Device \Driver\NetBT \Device\NetbiosSmb 86B37608
Device \Driver\NetBT \Device\NetBT_Tcpip_{80F976D8-5F98-42CE-B01E-BBF22022C466} 86B37608
Device \Driver\usbuhci \Device\USBFDO-0 86EFA1E8
Device \Driver\usbuhci \Device\USBFDO-1 86EFA1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86CE57A0
Device \Driver\usbehci \Device\USBFDO-2 86FB95C0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86CE57A0
Device \Driver\usbuhci \Device\USBFDO-3 86EFA1E8
Device \Driver\usbuhci \Device\USBFDO-4 86EFA1E8
Device \Driver\Ftdisk \Device\FtControl 871D31E8
Device \Driver\usbuhci \Device\USBFDO-5 86EFA1E8
Device \Driver\usbehci \Device\USBFDO-6 86FB95C0
Device \Driver\anqcg6b0 \Device\Scsi\anqcg6b01 86ECB1E8
Device \Driver\anqcg6b0 \Device\Scsi\anqcg6b01Port6Path0Target0Lun0 86ECB1E8
Device \FileSystem\Cdfs \Cdfs 86AC7468

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x6A 0x5C 0xF9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x49 0xE7 0xEA 0xB1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0xFE 0xBE 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\ssmdrv\Products@Avira AntiVir Personal \x2013 Free Antivirus D:\Program Files\Avira\AntiVir PersonalEdition Classic\??????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x6A 0x5C 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x49 0xE7 0xEA 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0xFE 0xBE 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ssmdrv\Products@Avira AntiVir Personal \x2013 Free Antivirus D:\Program Files\Avira\AntiVir PersonalEdition Classic\??????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1162389967
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -515347545
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x6A 0x5C 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x49 0xE7 0xEA 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDA 0xFE 0xBE 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\ssmdrv\Products@Avira AntiVir Personal \x2013 Free Antivirus D:\Program Files\Avira\AntiVir PersonalEdition Classic\??????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls@Avira AntiVir Personal \x2013 Free Antivirus D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

---- EOF - GMER 1.0.14 ----


voila voila  

re
on va vérifier qu'un fichier normalement légitime n'est pas patché par une infection.




Rends toi sur ce lien : Virus Total

Clique sur Parcourir

Rends toi jusque sur ce fichier si tu le trouves :

D:\WINDOWS\system32\drivers\sptd.sys

Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.

Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.

Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté

Une nouvelle fenêtre de ton navigateur va apparaître

Clique alors sur cette image :

Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier

Enfin colle le résultat dans ta prochaine réponse.
Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

dsl je cale sur l'envoi du fichier
le lien me dis une fois que j'ai sélectionné le fichier :

0 bytes size received / Se ha recibido un archivo vacio

re

on va regarder:

Télécharge IceSword de pjf_ sur ce lien http://mail2.ustc.edu.cn/~jfpan/download/IceSword120_en.zip

Dézippe le sur ton bureau.

Ouvre le dossier qui vient d'être créé

Double-clique sur IceSword

Dans la colonne de gauche, clique sur File

Clique sur la croix de Local Disk ( D: )

Clique sur la croix de Windows

Clique sur le dossier system32 puis ouvre le dossier drivers

Recherche le fichier suivant: sptd.sys

Une fois trouvé, clique-droit dessus, choisis Copie to...

Nomme le "Malware.sys" et enregistre le sur ton Bureau.

Ferme IceSword


après, tu scannes le fichier du bureau chez virus total:
D:\Documents and Settings\Florent\Bureau\Malware.sys

VOILA  


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 4f576e516cc76ec50a244586bcfa1c78
SHA1: a05ae09feba1212e812cb1068600a1087324f617
SHA256: 75bca3475af5e211307ee3feeb523a935971f56884f1174fd117e4afe0b0dbd6
SHA512: 4dd4c3b7b1dbfb9e9f85de9a3bbebf602e9bb0f51e3ca05100550b1dbc0d5442aa3bf0ed569d2e865db9a9a9880b35eaa870dd899e807b17172c73e0aaa49938

bonsoir

crée un sujet ici:Section hardware

le scan chez virus total n'est pas assez concluant. à mon avis, tu as un problème matériel.

D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\Mini060108-01.dmp
D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\sysdata.xml

tiens mon ordi s'est éteind tout seul et il il a créé un rapport d'erreur voila les fichiers incriminés

BCCode : a BCP1 : 00000065 BCP2 : 0000001C BCP3 : 00000000
BCP4 : 8050272E OSVer : 5_1_2600 SP : 2_0 Product : 256_1

D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\Mini060108-01.dmp
D:\DOCUME~1\Florent\LOCALS~1\Temp\WER1420.dir00\sysdata.xml

tiens mon ordi s'est éteind tout seul et il il a créé un rapport d'erreur voila les fichiers incriminés

BCCode : a BCP1 : 00000065 BCP2 : 0000001C BCP3 : 00000000
BCP4 : 8050272E OSVer : 5_1_2600 SP : 2_0 Product : 256_1

bonsoir

crée un sujet en hardware, c'est au delà de mes compétences.
Section hardware