Mon explorer.exe se ferme tout le temps =(

Bonsoir à tous,

Je vous explique , mon explorer.exe se ferme sans cesse ( plsu de barre de tâche ni d'icones , spybot à trouvé un virtumonde ( je l'ai supprimé ) mais le problème persiste..

Voici mon log hijackthis :

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads_\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31227991-B34A-4A92-B2FF-DACB23B20048} - C:\WINDOWS\system32\awtqRKcd.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - (no file)
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\S-1-5-21-1220945662-413027322-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - S-1-5-21-1220945662-413027322-725345543-1003 Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe (User '?')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DE7C51C-6FF6-4351-9B15-9EED6CB3C212}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{659B65B5-7102-448F-9D24-2124DA8C23AC}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5FA375-6218-4705-A0C1-601C3A1C87BE}: NameServer = 212.27.54.252,212.27.53.252
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

Merci de m'aidé au plus vite

Salut voici mon log combofix :

ComboFix 08-07-11.1 - Dj ErmS 97.4 2008-07-12 4:32:55.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1545 [GMT 2:00]
Endroit: C:\Documents and Settings\Dj ErmS 97.4\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dcKRqtwa.ini
C:\WINDOWS\system32\dcKRqtwa.ini2
.
---- Previous Run -------
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\WINDOWS\egxk.exe
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\dcKRqtwa.ini
C:\WINDOWS\system32\dcKRqtwa.ini2
C:\WINDOWS\system32\JkjjkUtv.ini
C:\WINDOWS\system32\JkjjkUtv.ini2
C:\WINDOWS\system32\OXbaIRqr.ini
C:\WINDOWS\system32\OXbaIRqr.ini2
C:\WINDOWS\system32\UBabHkkj.ini
C:\WINDOWS\system32\UBabHkkj.ini2
C:\WINDOWS\system32\yJlnnnnn.ini
C:\WINDOWS\system32\yJlnnnnn.ini2
C:\WINDOWS\system32\YyxIknnn.ini
C:\WINDOWS\system32\YyxIknnn.ini2

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))))))
.

2008-07-12 04:32 . 2008-07-12 04:32 0 --a------ C:\WINDOWS\LCDMedia.INI
2008-07-11 19:59 . 2008-07-11 20:06 1,281 --a------ C:\WINDOWS\wininit.ini
2008-07-11 19:48 . 2008-07-11 19:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-11 19:48 . 2008-07-11 20:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-11 19:31 . 2008-07-11 19:31 321,792 --a------ C:\WINDOWS\system32\awtqRKcd.dll
2008-07-11 18:29 . 2008-07-11 18:29 321,792 --a------ C:\WINDOWS\system32\jkkHbaBU.dll
2008-07-11 16:57 . 2008-07-11 16:57 321,792 --a------ C:\WINDOWS\system32\vtUkjjkJ.dll
2008-07-11 15:47 . 2008-07-11 15:47 321,792 --a------ C:\WINDOWS\system32\nnnnnlJy.dll
2008-07-10 21:55 . 2008-07-10 21:55 <REP> d-------- C:\Program Files\Valve
2008-07-09 23:09 . 2008-07-09 23:09 <REP> d-------- C:\Documents and Settings\Dj ErmS 97.4\Application Data\Uniblue
2008-07-09 23:09 . 2008-07-09 23:09 <REP> d-------- C:\Documents and Settings\Dj ErmS 97.4\Application Data\Grisoft
2008-07-09 23:06 . 2008-07-09 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-09 23:06 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-09 22:57 . 2008-07-09 22:57 1,368 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-09 22:56 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-09 22:56 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-09 22:56 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-09 22:56 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-09 22:56 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-09 22:56 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-09 22:56 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-09 22:56 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-09 22:56 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-09 21:40 . 2008-07-09 21:40 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-09 21:40 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-09 21:40 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-09 00:59 . 2008-07-09 00:59 318,208 --------- C:\WINDOWS\system32\rqRIabXO.dll
2008-07-09 00:55 . 2008-07-09 00:55 29,568 --a------ C:\WINDOWS\system32\rqRHbYRL.dll
2008-07-09 00:55 . 2008-07-09 00:55 29,568 --a------ C:\WINDOWS\system32\pmnmNGAr.dll
2008-07-09 00:54 . 2008-07-09 00:54 29,568 --a------ C:\WINDOWS\system32\jkkHApmm.dll
2008-07-09 00:54 . 2008-07-09 00:54 29,568 --a------ C:\WINDOWS\system32\efcBsSlI.dll.vir
2008-06-29 15:05 . 2008-06-29 15:05 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2008-06-29 15:05 . 2008-06-29 15:05 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2008-06-29 15:05 . 2008-06-29 15:05 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2008-06-29 14:57 . 2008-06-29 14:57 102,400 --a------ C:\WINDOWS\DIIUnin.exe
2008-06-29 14:57 . 2008-06-29 15:06 35,341 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-29 14:57 . 2008-06-29 14:57 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-29 14:51 . 2008-07-09 15:40 <REP> d-------- C:\Program Files\Diablo II
2008-06-24 13:47 . 2008-06-24 13:47 <REP> d-------- C:\Program Files\eRightSoft
2008-06-24 13:47 . 2008-06-24 13:47 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-06-24 13:22 . 2008-06-24 13:22 <REP> d-------- C:\Program Files\Real
2008-06-24 13:22 . 2008-06-24 13:22 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-06-24 13:22 . 2008-06-24 13:22 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys
2008-06-18 20:11 . 2008-06-18 20:11 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-06-18 20:11 . 2008-06-18 20:11 <REP> d-------- C:\Program Files\Ahead
2008-06-18 20:11 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-18 20:11 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-18 20:11 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-18 20:11 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-18 20:11 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-18 20:11 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-18 20:11 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-18 20:11 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-18 20:11 . 2005-09-01 11:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-16 23:46 . 2008-06-16 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-13 13:15 . 2008-06-13 13:15 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-13 13:15 . 2008-06-13 13:15 <REP> d-------- C:\Documents and Settings\Dj ErmS 97.4\Application Data\Media Player Classic
2008-06-13 13:15 . 2008-01-10 14:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-13 13:15 . 2006-09-24 17:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-13 13:15 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-06-13 13:15 . 2008-01-10 14:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-13 13:15 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-06-13 13:15 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-06-13 13:15 . 2008-03-28 19:41 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-13 13:15 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-06-13 13:15 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 17:59 --------- d-----w C:\Program Files\Everest Poker
2008-07-11 13:33 1,037,312 ----a-w C:\WINDOWS\explorer.exe
2008-07-11 10:04 --------- d-----w C:\Program Files\Google
2008-07-09 22:36 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-09 22:34 --------- d-----w C:\Program Files\Dofus
2008-07-09 22:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 13:04 --------- d-----w C:\Documents and Settings\Dj ErmS 97.4\Application Data\teamspeak2
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 15:33 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-16 15:30 --------- d-----w C:\Program Files\Windows Live
2008-06-16 15:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:14 --------- d-----w C:\Program Files\DivX
2008-06-12 13:08 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-08 14:51 --------- d-----w C:\Program Files\World of Warcraft
2008-05-31 17:01 --------- d-----w C:\Documents and Settings\Dj ErmS 97.4\Application Data\Nokia Multimedia Player
2008-05-18 19:02 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-05-16 13:36 --------- d-----w C:\Documents and Settings\Dj ErmS 97.4\Application Data\FileZilla
2008-05-16 13:07 --------- d-----w C:\Program Files\JAlbumWin
2008-05-15 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-05-14 19:35 --------- d-----w C:\Documents and Settings\Dj ErmS 97.4\Application Data\Nvu
2008-05-14 15:39 --------- d-----w C:\Program Files\Nokia
2008-05-14 15:39 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-05-14 15:39 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-05-14 14:16 --------- d-----w C:\Documents and Settings\Dj ErmS 97.4\Application Data\Nokia
2008-05-14 14:11 --------- d-----w C:\Program Files\My Radiomatisme
2008-05-14 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-14 13:54 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-14 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-05-14 13:50 --------- d-----w C:\Documents and Settings\Dj ErmS 97.4\Application Data\PC Suite
2008-05-14 13:47 0 -c-ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-14 13:47 0 -c-ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-14 13:43 --------- d-----w C:\Program Files\DIFX
2008-05-14 13:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-14 13:42 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-05-13 17:12 --------- d-----w C:\Program Files\VirtualDJ
2008-05-13 16:50 --------- d-----w C:\Documents and Settings\Dj ErmS 97.4\Application Data\Winamp
2008-05-13 16:38 --------- d-----w C:\Program Files\Winamp Remote
2008-05-13 16:38 --------- d-----w C:\Program Files\Winamp
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2006-03-09 10:25 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31227991-B34A-4A92-B2FF-DACB23B20048}]
2008-07-11 19:31 321792 --a------ C:\WINDOWS\system32\awtqRKcd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 20:03 3587120]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-07-10 22:05 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-10 21:14 1836544]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 17:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 17:14 497152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-06-24 13:22 185896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 00:03 8429568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\Program Files\\VirtualDJ\\virtualdj_djc.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2007-02-08 19:28]
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2007-02-08 19:23]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]

.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 04:37:12
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-07-12 4:40:23
ComboFix-quarantined-files.txt 2008-07-12 02:39:17

Pre-Run: 18,874,789,888 octets libres
Post-Run: 18,866,536,448 octets libres

248 --- E O F --- 2008-07-09 14:03:17

Salut , impossible d'ouvrir combofix , il apparait bien dans mes processus mais après il se ferme :S

Up

Bonjour,

Mbam m'as trouvé deux infections , voici son rapport :

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 930
Windows 5.1.2600 Service Pack 2

12:33:11 13/07/2008
mbam-log-7-13-2008 (12-33-07).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 99822
Temps écoulé: 13 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

et celui de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:49, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Downloads_\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\S-1-5-21-1220945662-413027322-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DE7C51C-6FF6-4351-9B15-9EED6CB3C212}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{659B65B5-7102-448F-9D24-2124DA8C23AC}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5FA375-6218-4705-A0C1-601C3A1C87BE}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7927 bytes

Re,

Voilà le rapport :



Avira AntiVir Personal
Report file date: dimanche 13 juillet 2008 17:52

Scanning for 1419754 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Dj ErmS 97.4
Computer name: ENRICK

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:53:56
ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 14:53:59
ANTIVIR3.VDF : 7.0.5.103 247296 Bytes 11/07/2008 14:54:01
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 13/07/2008 14:54:15
AESCN.DLL : 8.1.0.22 119157 Bytes 13/07/2008 14:54:14
AERDL.DLL : 8.1.0.20 418165 Bytes 13/07/2008 14:54:13
AEPACK.DLL : 8.1.1.6 364918 Bytes 13/07/2008 14:54:12
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 13/07/2008 14:54:10
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 13/07/2008 14:54:09
AEHELP.DLL : 8.1.0.15 115063 Bytes 13/07/2008 14:54:06
AEGEN.DLL : 8.1.0.29 307573 Bytes 13/07/2008 14:54:05
AEEMU.DLL : 8.1.0.6 430451 Bytes 13/07/2008 14:54:03
AECORE.DLL : 8.1.0.32 168311 Bytes 13/07/2008 14:54:02
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 13 juillet 2008 17:52

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '11' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir
[DETECTION] Contains detection pattern of the dropper DR/Agent.789545
[NOTE] The file was moved to '48df2e0a.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche 13 juillet 2008 18:36
Used time: 43:43 min

The scan has been done completely.

7299 Scanning directories
179688 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
179687 Files not concerned
1670 Archives were scanned
1 Warnings
1 Notes

Et j'ai un autre problème quand je veux faire propriété sur le bureau ( pour changé fond d'écran ou le thème ) il me dise que j'ai pas les droits ... Et je peux pas avoir accès à ajout / suppr de programme car y'a un problème avec rundll32.exe ... désolé de te donné du fil à retordre ^^'

Voici le rapport de Sdfix :


SDFix: Version 1.205
Run by Dj ErmS 97.4 on 14/07/2008 at 13:47

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 13:53:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe:*:Enabled:Server"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\ijji\\ENGLISH\\u_gunz.exe"="C:\\ijji\\ENGLISH\\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\\Program Files\\VirtualDJ\\virtualdj_djc.exe"="C:\\Program Files\\VirtualDJ\\virtualdj_djc.exe:*:Enabled:VirtualDJ"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabledrb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:EnabledrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabledrb Stream Client"
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue 24 Jun 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Tue 2 Oct 2007 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Program Files\eRightSoft\SUPER\spk\1stRun.exe"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02418795bf9ae0332d2724a0721b3b6a\BIT398.tmp"
Mon 5 Feb 2007 732,552 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02970179a133da43483e5e8495d03f51\BIT378.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\04d77a314e978a6d2e5e499ece3dd910\BIT39B.tmp"
Sat 23 Feb 2008 501,800 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0736b9819d78ce6fd28d7a44be52cc29\BIT382.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\09d89c4f86a37cea40e36ccd20da027b\BIT397.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12c9c7b74d009cd8f751411d54cc4b11\BIT38C.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\171d2120022f92869484c921d3263cc3\BIT386.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b0ec6af95107cd747155f214801a1de\BIT3B1.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\BIT3F8.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\428a8e1b8036b8225440fd6ce9cf9a62\BIT39C.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4896e7eb404b9f0d2ec9221b3c0f425b\BIT3AA.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c5c888ff189ce65af20cc141b13bcd3\BIT38B.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4febda7b78da8f94eaee96a8b432d591\BIT3A3.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\50b1dbf091e5ad2003668acab0cb3bc0\BIT385.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5857fd464a38367b479c179d651cd5d4\BIT3B2.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\598b3ea05d3c2f275520ea46f80fb98d\BIT3EE.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\BIT3F6.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5f04040f0ee4f5284e03d88e1fa5a7e1\BIT3F7.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT3A7.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6291f486ec5de5182ec3cff2071af184\BIT3B6.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\72480a427b1c43ed1a1d42cac8cadfc7\BIT3A8.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79dfe016119d9f9104f7a081382c2de7\BIT3B8.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7a40be1d5e41517009a903a286bf28bd\BIT3A4.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\BIT39A.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\BIT3F9.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\BIT3B7.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84db8362c64a1369b93bd1a60a67cb01\BIT3AD.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84fbc956da54d159058962d983555052\BIT39E.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8cf13444ad5b33cad5e4b774633810f9\BIT3A0.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d31f6e93a03bc7a736602ed1adb9986\BIT3A9.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d788a6c74bdc379d0d986e24df63dac\BIT38D.tmp"
Sat 23 Feb 2008 3,118,632 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\90e550d1a108d8bbd6da9841aafd83a8\BIT375.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\98e4ab2cb14986b0be91146bef7a2943\BIT39F.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\BIT3F5.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a0a06594bec34f1a4bfbddf6cd27d688\BIT399.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\BIT3BC.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\abca9e2bf0dd5e18df937d2b7f598387\BIT384.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba502b35f31a2bf19a595db79d7bef15\BIT3AC.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bd2f344a6cea520182f159a127c8f5ad\BIT3AF.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\BIT3B9.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb942767c499e4e5e870a77375906298\BIT3A5.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\BIT3A1.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d14d0217f816e7b705d500838dec3aae\BIT3A6.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d983f6bace749011714a05db9ad756fb\BIT3A2.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e17d2630592b6b8b86888b3ce879a3ab\BIT383.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT3B0.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6709a5593e8edb948fefef2ae74a35e\BIT39D.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\BIT3BB.tmp"
Sat 23 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edf770ea565c428bca41a4befcabb97b\BIT3AB.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:49, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Downloads_\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\S-1-5-21-1220945662-413027322-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DE7C51C-6FF6-4351-9B15-9EED6CB3C212}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{659B65B5-7102-448F-9D24-2124DA8C23AC}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD5FA375-6218-4705-A0C1-601C3A1C87BE}: NameServer = 212.27.54.252,212.27.53.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 7920 bytes

Bah là c'est bon mon explorer se ferme plus mais impossible d'allez dans ajout / suppr de programme ou faire propriété sur le bureau

Salut après la restauration mon fond d'écran et devenue bleu mais toujours impossible d'allé dans ajout / suppr ou propriété , apparament c'est un problème de rundll32.exe..

Voici son message :

C:\WINDOWS\System32\Rundll32.exe

Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l'élément. ( sa c'est pour ajout / suppr de programme dans le panneau de config )

Pour propriété sur le bureau voici son message :

Windows ne parvient pas à accéder au périphérique, au chemin d'accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l'élément. Pourtant j'ai qu'un compte sur le pc.

Ps : j'utilise Vista inspirat de bricopacks. Sa peut venir de là ??

Coucou ^^

Voilà mon problème et résolu grâce à toi et je t'en remercie infiniment =)

Le problème c'est que Kerio m'empecher d'allé dans les propriété donc je l'ai viré et maintenant en sécurité j'ai : ZoneAlarm , Antivir et Peerguardien pour une efficacité optimale .

Donc merci beaucoup à toi XmichouX surtotu d'avoir pris de ton temps pour moi sa me fait plaisir =) Bonne continuation à toi et à la prochaine sur IDN