Urgent !

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

merci de ta reponse  

voici le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:19, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Controle Parental\bin\optproxy.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\UAService7.exe
I:\Program Files\Canon\CAL\CALMAIN.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\QuickTime\QTTask.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\MSN Messenger\msnmsgr.exe
I:\Program Files\MSN Messenger\usnsvc.exe
I:\DOCUME~1\Novick\LOCALS~1\Temp\video1018.cfg
I:\WINDOWS\system32\mbszsngb.exe
I:\Documents and Settings\All Users\Application Data\yfqjqfub\gpebkpsx.exe
I:\DOCUME~1\Novick\LOCALS~1\Temp\c.exe
I:\Program Files\SecureExpertCleaner\Reminder.exe
I:\Program Files\SecureExpertCleaner\SEC.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\PC-Antispy\PC-Antispy.exe
I:\Documents and Settings\Novick\Local Settings\Temporary Internet Files\Content.IE5\67711ITU\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - I:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - I:\WINDOWS\system32\msxml71.dll
O2 - BHO: PC-Antispy Site Blocker Button - {60B244BE-559D-4269-B96E-CD264D828EC9} - I:\Program Files\PC-Antispy\ASpyStBlk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SecureExpertCleaner] I:\Program Files\SecureExpertCleaner\sec.exe
O4 - HKLM\..\Run: [Reminder] I:\Program Files\SecureExpertCleaner\Reminder.exe
O4 - HKLM\..\Run: [PC-Antispy] "I:\Program Files\PC-Antispy\PC-Antispy.exe" hide
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AdVantage] "I:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "I:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Somefox] I:\DOCUME~1\Novick\LOCALS~1\Temp\video1018.cfg.exe
O4 - HKCU\..\Run: [DscInfo] I:\WINDOWS\system32\mbszsngb.exe
O4 - HKLM\..\Policies\Explorer\Run: [J3QZJ7Q1QV] I:\Documents and Settings\All Users\Application Data\yfqjqfub\gpebkpsx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - I:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - I:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - I:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.com/qp2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED5E6DA4-1F95-48AD-BE36-23B2085804A0}: NameServer = 192.168.5.1
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - I:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - I:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - I:\WINDOWS\system32\UAService7.exe

--
End of file - 10634 bytes

voila, j'espere que tu pourras m'aider  

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

donc voici le rapport :

ComboFix 08-09-05.14 - Novick 2008-09-10 18:23:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.245 [GMT 2:00]
Endroit: I:\Documents and Settings\Novick\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Novick\Application Data\inst.exe
I:\Program Files\akl
I:\Program Files\akl\akl.dll
I:\Program Files\akl\akl.exe
I:\Program Files\akl\uninstall.exe
I:\Program Files\akl\unsetup.exe
I:\Program Files\Inet Delivery
I:\Program Files\Inet Delivery\inetdl.exe
I:\Program Files\Inet Delivery\intdel.exe
I:\Program Files\ShoppingReport
I:\Program Files\ShoppingReport\Uninst.exe
I:\WINDOWS\a.bat
I:\WINDOWS\base64.tmp
I:\WINDOWS\bdn.com
I:\WINDOWS\FVProtect.exe
I:\WINDOWS\iTunesMusic.exe
I:\WINDOWS\mslagent
I:\WINDOWS\mslagent\2_mslagent.dll
I:\WINDOWS\mslagent\mslagent.exe
I:\WINDOWS\mslagent\uninstall.exe
I:\WINDOWS\mssecu.exe
I:\WINDOWS\system32\akttzn.exe
I:\WINDOWS\system32\anticipator.dll
I:\WINDOWS\system32\awtoolb.dll
I:\WINDOWS\system32\bdn.com
I:\WINDOWS\system32\bsva-egihsg52.exe
I:\WINDOWS\system32\dpcproxy.exe
I:\WINDOWS\system32\emesx.dll
I:\WINDOWS\system32\h@tkeysh@@k.dll
I:\WINDOWS\system32\hoproxy.dll
I:\WINDOWS\system32\hxiwlgpm.dat
I:\WINDOWS\system32\hxiwlgpm.exe
I:\WINDOWS\system32\medup012.dll
I:\WINDOWS\system32\medup020.dll
I:\WINDOWS\system32\Microsoft\backup.ftp
I:\WINDOWS\system32\Microsoft\backup.tftp
I:\WINDOWS\system32\msgp.exe
I:\WINDOWS\system32\msnbho.dll
I:\WINDOWS\system32\mssecu.exe
I:\WINDOWS\system32\msvchost.exe
I:\WINDOWS\system32\mtr2.exe
I:\WINDOWS\system32\mwin32.exe
I:\WINDOWS\system32\netode.exe
I:\WINDOWS\system32\newsd32.exe
I:\WINDOWS\system32\ps1.exe
I:\WINDOWS\system32\psof1.exe
I:\WINDOWS\system32\psoft1.exe
I:\WINDOWS\system32\regc64.dll
I:\WINDOWS\system32\regm64.dll
I:\WINDOWS\system32\Rundl1.exe
I:\WINDOWS\system32\smp
I:\WINDOWS\system32\smp\msrc.exe
I:\WINDOWS\system32\sncntr.exe
I:\WINDOWS\system32\ssurf022.dll
I:\WINDOWS\system32\ssvchost.com
I:\WINDOWS\system32\ssvchost.exe
I:\WINDOWS\system32\sysreq.exe
I:\WINDOWS\system32\taack.dat
I:\WINDOWS\system32\taack.exe
I:\WINDOWS\system32\temp#01.exe
I:\WINDOWS\system32\thun.dll
I:\WINDOWS\system32\thun32.dll
I:\WINDOWS\system32\uninstall.exe
I:\WINDOWS\system32\urlmsnlink.dat
I:\WINDOWS\system32\VBIEWER.OCX
I:\WINDOWS\system32\vbsys2.dll
I:\WINDOWS\system32\vcatchpi.dll
I:\WINDOWS\system32\winlogonpc.exe
I:\WINDOWS\system32\winsystem.exe
I:\WINDOWS\system32\WINWGPX.EXE
I:\WINDOWS\temp\perflib_perfdata_1cc.dat
I:\WINDOWS\userconfig9x.dll
I:\WINDOWS\winsystem.exe
I:\WINDOWS\zip1.tmp
I:\WINDOWS\zip2.tmp
I:\WINDOWS\zip3.tmp
I:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
.

2008-09-10 18:36 . 2008-09-10 18:36 94,208 --a------ I:\WINDOWS\system32\clujszwv.exe
2008-09-10 17:18 . 2008-09-10 17:21 <REP> d-------- I:\Documents and Settings\Novick\Application Data\PC-Antispy
2008-09-10 17:18 . 2008-09-10 17:18 25,600 --a------ I:\WINDOWS\system32\drivers\pcantispy.sys
2008-09-10 17:18 . 2008-09-10 17:18 0 --ah----- I:\WINDOWS\.security
2008-09-10 17:16 . 2008-09-10 17:21 <REP> d-------- I:\Program Files\PC-Antispy
2008-09-10 17:13 . 2008-09-10 17:13 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Logs
2008-09-10 17:03 . 2008-09-10 17:13 <REP> d-------- I:\Program Files\SecureExpertCleaner
2008-09-10 17:03 . 2008-09-10 18:20 <REP> d-------- I:\Documents and Settings\All Users\Application Data\SEC
2008-09-10 16:11 . 2008-09-10 16:11 <REP> d-------- I:\Program Files\SAV
2008-09-10 16:11 . 2008-09-10 16:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\yfqjqfub
2008-09-10 16:11 . 2008-09-10 16:11 117,252 --a------ I:\WINDOWS\system32\msxml71.dll
2008-09-10 16:11 . 2008-09-10 16:11 86,016 --a------ I:\WINDOWS\system32\mbszsngb.exe
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Program Files\Kristanix
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Password Generator Professional
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Documents and Settings\All Users\Application Data\TEMP
2008-09-10 14:29 . 2008-09-10 14:29 <REP> d-------- I:\Program Files\JEDISware
2008-09-09 21:31 . 2001-09-03 07:52 766 --a------ I:\WINDOWS\win98Logo.ico
2008-09-08 14:17 . 2008-09-08 14:18 <REP> d-------- I:\Documents and Settings\client\Application Data\ShoppingReport
2008-09-08 14:13 . 2008-09-08 14:13 <REP> d-------- I:\Documents and Settings\Sasha\Application Data\ShoppingReport
2008-09-02 11:42 . 2008-07-22 00:04 245,760 --a------ I:\Program Files\Uninstall Ask Toolbar.dll
2008-09-01 20:19 . 2008-09-01 20:19 <REP> d-------- I:\Program Files\Sports Interactive
2008-09-01 11:05 . 2008-09-01 11:05 <REP> d-------- I:\Program Files\EA GAMES
2008-09-01 10:00 . 2008-09-01 10:01 <REP> d-------- I:\Documents and Settings\LocalService\Application Data\ShoppingReport
2008-09-01 00:25 . 2008-09-01 00:25 50 --a------ I:\WINDOWS\MegaManager.INI
2008-09-01 00:19 . 2008-09-01 00:24 <REP> d-------- I:\Documents and Settings\Novick\Application Data\DMCache
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\Novick\Application Data\EmailNotifier
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Megaupload
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-08-31 20:53 . 2008-09-09 20:01 <REP> d-------- I:\Documents and Settings\Novick\Application Data\ShoppingReport

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 16:36 --------- d-----w I:\Documents and Settings\Novick\Application Data\AdobeUM
2008-09-10 14:23 --------- d-----w I:\Documents and Settings\Novick\Application Data\uTorrent
2008-09-07 09:00 --------- d-----w I:\Program Files\Valve
2008-09-02 09:46 --------- d-----w I:\Program Files\AskTBar
2008-09-01 09:48 --------- d-----w I:\Program Files\GameSpy Arcade
2008-09-01 09:46 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-09-01 07:58 --------- d-----w I:\Program Files\Google
2008-08-30 14:39 --------- d-----w I:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-22 01:44 --------- d-----w I:\Documents and Settings\Novick\Application Data\Vso
2008-07-22 01:44 --------- d-----w I:\Documents and Settings\Novick\Application Data\CopyToDvd
2008-07-22 01:11 47,360 ----a-w I:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-22 01:11 47,360 ----a-w I:\Documents and Settings\Novick\Application Data\pcouffin.sys
2008-07-22 01:11 --------- d-----w I:\Program Files\VSO
2008-07-21 19:36 --------- d-----w I:\Program Files\PSPWare
2008-07-21 19:36 --------- d-----w I:\Program Files\NTFS Undelete
2008-07-11 21:37 --------- d-----w I:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2007-05-17 11:12 1,714 ----a-w I:\Documents and Settings\Novick\Application Data\SAS7_000.DAT
2006-07-14 14:24 12,814,336 ----a-w I:\Program Files\windowsmediaplayer10setup.exe
2006-07-14 14:21 19,101,391 ----a-w I:\Program Files\klcodec272f.exe
2006-07-14 14:17 8,282,187 ----a-w I:\Program Files\vlc-0.8.5-win32.exe
2006-07-14 11:59 13,884,264 ----a-w I:\Program Files\AdbeRdr70_fra.exe
2006-06-03 10:04 6,844,841 ----a-w I:\Program Files\Gestionnaire_internetLB.exe
2006-05-03 21:40 5,763,072 ----a-w I:\Program Files\WindowsDefender.msi
2006-04-30 16:34 11,132,160 ----a-w I:\Program Files\Avast v2.exe
2006-04-17 21:01 1,014,477 ----a-w I:\Program Files\winRAR351.exe
2006-04-15 12:14 19,318,281 ----a-w I:\Program Files\klcodec271f.exe
2006-04-15 11:57 13,122,160 ----a-w I:\Program Files\WMplayer.exe
2006-04-15 11:43 414,197 ----a-w I:\Program Files\XviD-22032003-1.zip
2006-04-13 17:59 9,692,886 ----a-w I:\Program Files\vlc-0.8.4a-win32.exe
2006-04-13 17:58 3,594,704 ----a-w I:\Program Files\médiaplayerfull.exe
2006-04-13 10:51 15,560,008 ----a-w I:\Program Files\DivXPlay.exe
2006-04-11 19:34 11,135,463 ----a-w I:\Program Files\setup.exe
2006-04-08 20:01 1,465,856 ----a-w I:\Program Files\DSLTest.exe
2006-04-04 17:00 4,653,917 ----a-w I:\Program Files\eMule0.47a-Installer.exe
2006-04-04 15:03 278,528 ----a-w I:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 09:51 3,432,656 ----a-w I:\Program Files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w I:\Program Files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w I:\Program Files\BDAXP.cab
2004-07-16 13:30 3,858 ----a-w I:\Program Files\directx redist.txt
2004-07-09 13:17 13,265,040 ----a-w I:\Program Files\dxnt.cab
2004-07-09 08:13 703,080 ----a-w I:\Program Files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w I:\Program Files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w I:\Program Files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w I:\Program Files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w I:\Program Files\DSETUP.dll
2004-03-11 11:27 40,960 ----a-w I:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60B244BE-559D-4269-B96E-CD264D828EC9}]
2008-09-10 17:17 208896 --a------ I:\Program Files\PC-Antispy\ASpyStBlk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="I:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"updateMgr"="I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Steam"="I:\Program Files\Valve\Steam\Steam.exe" [2008-09-07 1271032]
"DscInfo"="I:\WINDOWS\system32\mbszsngb.exe" [2008-09-10 86016]
"SmartProc"="I:\WINDOWS\system32\clujszwv.exe" [2008-09-10 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="I:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SecureExpertCleaner"="I:\Program Files\SecureExpertCleaner\sec.exe" [2008-08-18 1556480]
"Reminder"="I:\Program Files\SecureExpertCleaner\Reminder.exe" [2008-08-14 480768]
"PC-Antispy"="I:\Program Files\PC-Antispy\PC-Antispy.exe" [2008-09-10 11124736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"J3QZJ7Q1QV"="I:\Documents and Settings\All Users\Application Data\yfqjqfub\gpebkpsx.exe" [2008-09-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=I:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=I:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-16 01:19 79224 I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-05 14:00 15360 I:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2006-06-30 04:45 1404928 I:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-04-09 21:57 122368 I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-05-16 17:58 213936 I:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 I:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 I:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 I:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 I:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 I:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 I:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 10:26 86016 I:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 I:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 I:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 16:00 155648 I:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 10:55 68856 I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-01-23 22:53 185896 I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"I:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\WINDOWS\\system32\\dpvsetup.exe"=
"I:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"I:\\Program Files\\MSN Messenger\\livecall.exe"=
"I:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"I:\\WINDOWS\\system32\\rtcshare.exe"=
"I:\\Program Files\\Valve\\Steam\\SteamApps\\novdjama\\condition zero\\hl.exe"=
"I:\\Program Files\\Valve\\Steam\\Steam.exe"=
"I:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"I:\\Program Files\\iTunes\\iTunes.exe"=
"I:\\Program Files\\TmNationsForever\\TmForever.exe"=
"I:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"I:\\Documents and Settings\\Novick\\Bureau\\Documents de Novick\\Jeux\\Half-Life 2\\hl2.exe"=
"I:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R1 pcantispy;pcantispy;I:\WINDOWS\system32\drivers\pcantispy.sys [2008-09-10 25600]
R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 OPTENET_FILTER;Control Parental;I:\Program Files\Controle Parental\bin\optproxy.exe [2006-03-02 564400]
S3 ausbccgp;ausbccgp;I:\DOCUME~1\Novick\LOCALS~1\Temp\ausbccgp.sys [ ]
S3 Boonty Games;Boonty Games;I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-12-02 69120]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;I:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;I:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-09 261632]
S3 USB-100;SMC Compact USB to Ethernet converter;I:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2001-09-25 27519]
S3 wacpiec;wacpiec;I:\DOCUME~1\Novick\LOCALS~1\Temp\wacpiec.sys [ ]
S3 xdiskdum;xdiskdum;I:\DOCUME~1\Novick\LOCALS~1\Temp\xdiskdum.sys [ ]
S3 ZDCndis5;ZDCndis5 Protocol Driver;I:\WINDOWS\system32\ZDCndis5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28708558-8eba-11da-8cbe-0011d893c366}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b6b70a-b386-11da-8d12-0011d893c366}]
\Shell\AutoRun\command - D:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - I:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-AdVantage - I:\Program Files\AdVantage\AdVantage.exe
MSConfigStartUp-DAEMON Tools - I:\Program Files\DAEMON Tools\daemon.exe
MSConfigStartUp-NBJ - I:\Program Files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-NeroFilterCheck - I:\WINDOWS\system32\NeroCheck.exe
MSConfigStartUp-Savedeaf - I:\DOCUME~1\Novick\APPLIC~1\BOOKCL~1\binuploadseek.exe
MSConfigStartUp-WOOKIT - I:\Program Files\Wanadoo\Shell.exe
MSConfigStartUp-WOOTASKBARICON - I:\PROGRA~1\Wanadoo\GestMaj.exe
MSConfigStartUp-WOOWATCH - I:\PROGRA~1\Wanadoo\Watch.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - I:\Documents and Settings\Novick\Application Data\Mozilla\Firefox\Profiles\aum7sahf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 18:35:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


I:\WINDOWS\system32\clujszwv.exe 94208 bytes executable

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
I:\WINDOWS\system32\ati2evxx.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\WINDOWS\system32\UAService7.exe
I:\Program Files\Canon\CAL\CALMAIN.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\ati2evxx.exe
I:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-10 18:47:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-10 16:47:34

Pre-Run: 6,469,722,112 octets libres
Post-Run: 10,509,746,176 octets libres

337 --- E O F --- 2008-09-09 19:59:52

verdict ? lol  

up

Tu connais la patience ? J'ai le droit de sortir de chez moi hein.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1137
Windows 5.1.2600 Service Pack 2

11/09/2008 19:04:06
mbam-log-2008-09-11 (19-04-06).txt

Type de recherche: Examen complet (I:\|)
Eléments examinés: 280578
Temps écoulé: 1 hour(s), 42 minute(s), 31 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 34
Fichier(s) infecté(s): 63

Processus mémoire infecté(s):
I:\Program Files\SecureExpertCleaner\Reminder.exe (Rogue.SecureExpertCleaner) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
I:\Program Files\SecureExpertCleaner\mfc80.dll (Rogue.SecureExpertCleaner) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{60b244be-559d-4269-b96e-cd264d828ec9} (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60b244be-559d-4269-b96e-cd264d828ec9} (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcantispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pcantispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcantispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc-antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3p_usecfr_is1 (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dscinfo (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smartproc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\j3qzj7q1qv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc-antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reminder (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\secureexpertcleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
I:\Program Files\PC-Antispy (Rogue.PCAntispy) -> Delete on reboot.
I:\Program Files\SecureExpertCleaner (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\Download (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\meow four dale link (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\PC-Antispy\logs (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\PC-Antispy\startup (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
I:\WINDOWS\system32\mbszsngb.exe (Trojan.FakeAlert.H) -> Delete on reboot.
I:\WINDOWS\system32\clujszwv.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\yfqjqfub\gpebkpsx.exe (Trojan.FakeAlert.H) -> Delete on reboot.
I:\Program Files\PC-Antispy\ASpyStBlk.dll (Rogue.PCAntispy) -> Delete on reboot.
I:\WINDOWS\system32\drivers\pcantispy.sys (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\PC-Antispy\ASpyPopUpBlk.dll (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\PC-Antispy\download.tmp (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\PC-Antispy\PC-Antispy.db (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\PC-Antispy\PC-Antispy.exe (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\PC-Antispy\pcantispy.pkg (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\PC-Antispy\program.info (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\PC-Antispy\Uninstall.exe (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\base.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\mfc80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\Microsoft.VC80.MFC.manifest (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\Reminder.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\SEC.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\SEC.ico (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\SEC.xml (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\unins.ico (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\unins000.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\unins000.exe (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcp80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SecureExpertCleaner\Microsoft.VC80.CRT\msvcr80.dll (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Sasha\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\client\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\PC-Antispy\config.xml (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\PC-Antispy\Sites.bl (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\PC-Antispy\logs\1221060104.log (Rogue.PCAntispy) -> Quarantined and deleted successfully.
I:\Documents and Settings\All Users\Application Data\SEC\schedule.dat (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
I:\Program Files\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
I:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
I:\Program Files\SAV\sav.ooo (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully.
I:\Documents and Settings\Novick\Application Data\Microsoft\Internet Explorer\Quick Launch\SecureExpertCleaner.lnk (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:28, on 11/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Controle Parental\bin\optproxy.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\UAService7.exe
I:\Program Files\Canon\CAL\CALMAIN.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\QuickTime\QTTask.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\DAEMON Tools Lite\daemon.exe
I:\Program Files\Valve\Steam\Steam.exe
I:\WINDOWS\system32\qtavylkj.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Documents and Settings\Novick\Local Settings\Temporary Internet Files\Content.IE5\6UFPYL4P\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "I:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [srvui] I:\WINDOWS\system32\qtavylkj.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - I:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.com/qp2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED5E6DA4-1F95-48AD-BE36-23B2085804A0}: NameServer = 192.168.5.1
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - I:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - I:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - I:\WINDOWS\system32\UAService7.exe

--
End of file - 8662 bytes

Refais un scan Combofix  

ComboFix 08-09-05.14 - Novick 2008-09-11 20:51:17.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.201 [GMT 2:00]
Endroit: I:\Documents and Settings\Novick\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.

2008-09-11 06:56 . 2008-09-11 06:56 98,304 --a------ I:\WINDOWS\system32\qtavylkj.exe
2008-09-10 21:16 . 2008-09-10 21:16 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Malwarebytes
2008-09-10 21:15 . 2008-09-10 21:16 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 21:15 . 2008-09-10 21:15 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 21:15 . 2008-09-10 00:04 38,528 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 21:15 . 2008-09-10 00:03 17,200 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 18:47 . 2008-09-10 18:47 <REP> d-------- I:\Documents and Settings\InvitÚ
2008-09-10 18:38 . 2008-09-10 18:38 38,665 --a------ I:\Documents and Settings\Novick\base.dat
2008-09-10 17:13 . 2008-09-10 17:13 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Logs
2008-09-10 16:11 . 2008-09-11 19:04 <REP> d-------- I:\Program Files\SAV
2008-09-10 16:11 . 2008-09-11 19:05 <REP> d-------- I:\Documents and Settings\All Users\Application Data\yfqjqfub
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Program Files\Kristanix
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Password Generator Professional
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Documents and Settings\All Users\Application Data\TEMP
2008-09-10 14:29 . 2008-09-10 14:29 <REP> d-------- I:\Program Files\JEDISware
2008-09-09 21:31 . 2001-09-03 07:52 766 --a------ I:\WINDOWS\win98Logo.ico
2008-09-02 11:42 . 2008-07-22 00:04 245,760 --a------ I:\Program Files\Uninstall Ask Toolbar.dll
2008-09-01 20:19 . 2008-09-01 20:19 <REP> d-------- I:\Program Files\Sports Interactive
2008-09-01 11:05 . 2008-09-01 11:05 <REP> d-------- I:\Program Files\EA GAMES
2008-09-01 00:25 . 2008-09-01 00:25 50 --a------ I:\WINDOWS\MegaManager.INI
2008-09-01 00:19 . 2008-09-01 00:24 <REP> d-------- I:\Documents and Settings\Novick\Application Data\DMCache
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\Novick\Application Data\EmailNotifier
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Megaupload
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\All Users\Application Data\EmailNotifier

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 17:07 --------- d-----w I:\Documents and Settings\Novick\Application Data\AdobeUM
2008-09-10 14:23 --------- d-----w I:\Documents and Settings\Novick\Application Data\uTorrent
2008-09-07 09:00 --------- d-----w I:\Program Files\Valve
2008-09-02 09:46 --------- d-----w I:\Program Files\AskTBar
2008-09-01 09:48 --------- d-----w I:\Program Files\GameSpy Arcade
2008-09-01 09:46 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-09-01 07:58 --------- d-----w I:\Program Files\Google
2008-08-30 14:39 --------- d-----w I:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-22 01:44 --------- d-----w I:\Documents and Settings\Novick\Application Data\Vso
2008-07-22 01:44 --------- d-----w I:\Documents and Settings\Novick\Application Data\CopyToDvd
2008-07-22 01:11 47,360 ----a-w I:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-22 01:11 47,360 ----a-w I:\Documents and Settings\Novick\Application Data\pcouffin.sys
2008-07-22 01:11 --------- d-----w I:\Program Files\VSO
2008-07-21 19:36 --------- d-----w I:\Program Files\PSPWare
2008-07-21 19:36 --------- d-----w I:\Program Files\NTFS Undelete
2008-07-11 21:37 --------- d-----w I:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2008-07-07 20:31 253,952 ----a-w I:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w I:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w I:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w I:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
2007-05-17 11:12 1,714 ----a-w I:\Documents and Settings\Novick\Application Data\SAS7_000.DAT
2006-07-14 14:24 12,814,336 ----a-w I:\Program Files\windowsmediaplayer10setup.exe
2006-07-14 14:21 19,101,391 ----a-w I:\Program Files\klcodec272f.exe
2006-07-14 14:17 8,282,187 ----a-w I:\Program Files\vlc-0.8.5-win32.exe
2006-07-14 11:59 13,884,264 ----a-w I:\Program Files\AdbeRdr70_fra.exe
2006-06-03 10:04 6,844,841 ----a-w I:\Program Files\Gestionnaire_internetLB.exe
2006-05-03 21:40 5,763,072 ----a-w I:\Program Files\WindowsDefender.msi
2006-04-30 16:34 11,132,160 ----a-w I:\Program Files\Avast v2.exe
2006-04-17 21:01 1,014,477 ----a-w I:\Program Files\winRAR351.exe
2006-04-15 12:14 19,318,281 ----a-w I:\Program Files\klcodec271f.exe
2006-04-15 11:57 13,122,160 ----a-w I:\Program Files\WMplayer.exe
2006-04-15 11:43 414,197 ----a-w I:\Program Files\XviD-22032003-1.zip
2006-04-13 17:59 9,692,886 ----a-w I:\Program Files\vlc-0.8.4a-win32.exe
2006-04-13 17:58 3,594,704 ----a-w I:\Program Files\médiaplayerfull.exe
2006-04-13 10:51 15,560,008 ----a-w I:\Program Files\DivXPlay.exe
2006-04-08 20:01 1,465,856 ----a-w I:\Program Files\DSLTest.exe
2006-04-04 17:00 4,653,917 ----a-w I:\Program Files\eMule0.47a-Installer.exe
2006-04-04 15:03 278,528 ----a-w I:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 09:51 3,432,656 ----a-w I:\Program Files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w I:\Program Files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w I:\Program Files\BDAXP.cab
2004-07-16 13:30 3,858 ----a-w I:\Program Files\directx redist.txt
2004-07-09 13:17 13,265,040 ----a-w I:\Program Files\dxnt.cab
2004-07-09 08:13 703,080 ----a-w I:\Program Files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w I:\Program Files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w I:\Program Files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w I:\Program Files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w I:\Program Files\DSETUP.dll
2004-03-11 11:27 40,960 ----a-w I:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-10_18.47.06.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-11 17:06:06 16,384 ----atw I:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="I:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"updateMgr"="I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Steam"="I:\Program Files\Valve\Steam\Steam.exe" [2008-09-07 1271032]
"srvui"="I:\WINDOWS\system32\qtavylkj.exe" [2008-09-11 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="I:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

I:\Documents and Settings\Novick\Menu D‚marrer\Programmes\D‚marrage\
.security [2008-09-11 0]

I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
.security [2008-09-11 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=I:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=I:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-16 01:19 79224 I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-05 14:00 15360 I:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2006-06-30 04:45 1404928 I:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-04-09 21:57 122368 I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-05-16 17:58 213936 I:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 I:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 I:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 I:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 I:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 I:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 I:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 10:26 86016 I:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 I:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 I:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 16:00 155648 I:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 10:55 68856 I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-01-23 22:53 185896 I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"I:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\WINDOWS\\system32\\dpvsetup.exe"=
"I:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"I:\\Program Files\\MSN Messenger\\livecall.exe"=
"I:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"I:\\WINDOWS\\system32\\rtcshare.exe"=
"I:\\Program Files\\Valve\\Steam\\SteamApps\\novdjama\\condition zero\\hl.exe"=
"I:\\Program Files\\Valve\\Steam\\Steam.exe"=
"I:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"I:\\Program Files\\iTunes\\iTunes.exe"=
"I:\\Program Files\\TmNationsForever\\TmForever.exe"=
"I:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"I:\\Documents and Settings\\Novick\\Bureau\\Documents de Novick\\Jeux\\Half-Life 2\\hl2.exe"=
"I:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 OPTENET_FILTER;Control Parental;I:\Program Files\Controle Parental\bin\optproxy.exe [2006-03-02 564400]
S3 ausbccgp;ausbccgp;I:\DOCUME~1\Novick\LOCALS~1\Temp\ausbccgp.sys [ ]
S3 Boonty Games;Boonty Games;I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-12-02 69120]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;I:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;I:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-09 261632]
S3 USB-100;SMC Compact USB to Ethernet converter;I:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2001-09-25 27519]
S3 wacpiec;wacpiec;I:\DOCUME~1\Novick\LOCALS~1\Temp\wacpiec.sys [ ]
S3 xdiskdum;xdiskdum;I:\DOCUME~1\Novick\LOCALS~1\Temp\xdiskdum.sys [ ]
S3 ZDCndis5;ZDCndis5 Protocol Driver;I:\WINDOWS\system32\ZDCndis5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28708558-8eba-11da-8cbe-0011d893c366}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b6b70a-b386-11da-8d12-0011d893c366}]
\Shell\AutoRun\command - D:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - I:\Documents and Settings\Novick\Application Data\Mozilla\Firefox\Profiles\aum7sahf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 20:59:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-11 21:08:32
ComboFix-quarantined-files.txt 2008-09-11 19:08:24
ComboFix2.txt 2008-09-10 16:47:44

Pre-Run: 10,543,624,192 octets libres
Post-Run: 10,577,842,176 octets libres

227 --- E O F --- 2008-09-09 19:59:52

le message du pare feu windows comme quoi j'ai un cheval de troie s'affiche encore ...

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

ComboFix 08-09-05.14 - Novick 2008-09-11 21:46:43.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.200 [GMT 2:00]Endroit: I:\Documents and Settings\Novick\Bureau\ComboFix.exe
Command switches used :: I:\Documents and Settings\Novick\Bureau\Documents de Novick\Jeux\CFScript.txt..txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Program Files\AskTBar
I:\Program Files\AskTBar\bar\History\search2
I:\Program Files\AskTBar\PopSwatr\History\allowed
I:\Program Files\AskTBar\PopSwatr\History\notallow
I:\Program Files\Uninstall Ask Toolbar.dll
I:\WINDOWS\system32\actskn43.ocx
I:\WINDOWS\system32\qtavylkj.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.

2008-09-11 21:40 . 2008-09-11 21:40 <REP> d-------- I:\Program Files\Avira
2008-09-11 21:40 . 2008-09-11 21:40 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Avira
2008-09-11 21:32 . 2008-09-11 21:32 <REP> d-------- I:\Program Files\Enigma Software Group
2008-09-10 21:16 . 2008-09-10 21:16 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Malwarebytes
2008-09-10 21:15 . 2008-09-10 21:16 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 21:15 . 2008-09-10 21:15 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 21:15 . 2008-09-10 00:04 38,528 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 21:15 . 2008-09-10 00:03 17,200 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 18:47 . 2008-09-10 18:47 <REP> d-------- I:\Documents and Settings\InvitÚ
2008-09-10 18:38 . 2008-09-10 18:38 38,665 --a------ I:\Documents and Settings\Novick\base.dat
2008-09-10 17:13 . 2008-09-10 17:13 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Logs
2008-09-10 16:11 . 2008-09-11 19:04 <REP> d-------- I:\Program Files\SAV
2008-09-10 16:11 . 2008-09-11 19:05 <REP> d-------- I:\Documents and Settings\All Users\Application Data\yfqjqfub
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Documents and Settings\Novick\Application Data\Password Generator Professional
2008-09-10 14:38 . 2008-09-10 14:38 <REP> d-------- I:\Documents and Settings\All Users\Application Data\TEMP
2008-09-09 21:31 . 2001-09-03 07:52 766 --a------ I:\WINDOWS\win98Logo.ico
2008-09-01 20:19 . 2008-09-01 20:19 <REP> d-------- I:\Program Files\Sports Interactive
2008-09-01 11:05 . 2008-09-01 11:05 <REP> d-------- I:\Program Files\EA GAMES
2008-09-01 00:25 . 2008-09-01 00:25 50 --a------ I:\WINDOWS\MegaManager.INI
2008-09-01 00:19 . 2008-09-01 00:24 <REP> d-------- I:\Documents and Settings\Novick\Application Data\DMCache
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\Novick\Application Data\EmailNotifier
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Megaupload
2008-08-31 23:56 . 2008-08-31 23:56 <REP> d-------- I:\Documents and Settings\All Users\Application Data\EmailNotifier

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 17:07 --------- d-----w I:\Documents and Settings\Novick\Application Data\AdobeUM
2008-09-10 14:23 --------- d-----w I:\Documents and Settings\Novick\Application Data\uTorrent
2008-09-07 09:00 --------- d-----w I:\Program Files\Valve
2008-09-01 09:48 --------- d-----w I:\Program Files\GameSpy Arcade
2008-09-01 09:46 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-09-01 07:58 --------- d-----w I:\Program Files\Google
2008-08-30 14:39 --------- d-----w I:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-22 01:44 --------- d-----w I:\Documents and Settings\Novick\Application Data\Vso
2008-07-22 01:44 --------- d-----w I:\Documents and Settings\Novick\Application Data\CopyToDvd
2008-07-22 01:11 47,360 ----a-w I:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-22 01:11 47,360 ----a-w I:\Documents and Settings\Novick\Application Data\pcouffin.sys
2008-07-22 01:11 --------- d-----w I:\Program Files\VSO
2008-07-21 19:36 --------- d-----w I:\Program Files\PSPWare
2008-07-21 19:36 --------- d-----w I:\Program Files\NTFS Undelete
2008-07-11 21:37 --------- d-----w I:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2008-07-07 20:31 253,952 ----a-w I:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w I:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w I:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w I:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
2007-05-17 11:12 1,714 ----a-w I:\Documents and Settings\Novick\Application Data\SAS7_000.DAT
2006-07-14 14:24 12,814,336 ----a-w I:\Program Files\windowsmediaplayer10setup.exe
2006-07-14 14:21 19,101,391 ----a-w I:\Program Files\klcodec272f.exe
2006-07-14 14:17 8,282,187 ----a-w I:\Program Files\vlc-0.8.5-win32.exe
2006-07-14 11:59 13,884,264 ----a-w I:\Program Files\AdbeRdr70_fra.exe
2006-06-03 10:04 6,844,841 ----a-w I:\Program Files\Gestionnaire_internetLB.exe
2006-05-03 21:40 5,763,072 ----a-w I:\Program Files\WindowsDefender.msi
2006-04-30 16:34 11,132,160 ----a-w I:\Program Files\Avast v2.exe
2006-04-17 21:01 1,014,477 ----a-w I:\Program Files\winRAR351.exe
2006-04-15 12:14 19,318,281 ----a-w I:\Program Files\klcodec271f.exe
2006-04-15 11:57 13,122,160 ----a-w I:\Program Files\WMplayer.exe
2006-04-15 11:43 414,197 ----a-w I:\Program Files\XviD-22032003-1.zip
2006-04-13 17:59 9,692,886 ----a-w I:\Program Files\vlc-0.8.4a-win32.exe
2006-04-13 17:58 3,594,704 ----a-w I:\Program Files\médiaplayerfull.exe
2006-04-13 10:51 15,560,008 ----a-w I:\Program Files\DivXPlay.exe
2006-04-08 20:01 1,465,856 ----a-w I:\Program Files\DSLTest.exe
2006-04-04 17:00 4,653,917 ----a-w I:\Program Files\eMule0.47a-Installer.exe
2006-04-04 15:03 278,528 ----a-w I:\Program Files\Fichiers communs\FDEUnInstaller.exe
2004-07-22 09:51 3,432,656 ----a-w I:\Program Files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w I:\Program Files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w I:\Program Files\BDAXP.cab
2004-07-16 13:30 3,858 ----a-w I:\Program Files\directx redist.txt
2004-07-09 13:17 13,265,040 ----a-w I:\Program Files\dxnt.cab
2004-07-09 08:13 703,080 ----a-w I:\Program Files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w I:\Program Files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w I:\Program Files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w I:\Program Files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w I:\Program Files\DSETUP.dll
2004-03-11 11:27 40,960 ----a-w I:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-10_18.47.06.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-09 11:15:51 45,376 ----a-w I:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:28 22,336 ----a-w I:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:55 75,072 ----a-w I:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:22 28,352 ----a-w I:\WINDOWS\system32\drivers\ssmdrv.sys
- 2003-11-19 12:59:36 512,688 ----a-w I:\WINDOWS\system32\XceedCry.dll
+ 2006-09-11 09:56:00 526,184 ------w I:\WINDOWS\system32\XceedCry.dll
+ 2006-12-21 13:18:00 497,496 ------w I:\WINDOWS\system32\XceedZip.dll
+ 2008-09-11 17:06:06 16,384 ----atw I:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"MSMSGS"="I:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Lite"="I:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"updateMgr"="I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Steam"="I:\Program Files\Valve\Steam\Steam.exe" [2008-09-07 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="I:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="I:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

I:\Documents and Settings\Novick\Menu D‚marrer\Programmes\D‚marrage\
.security [2008-09-11 0]

I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
.security [2008-09-11 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=I:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\I:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk]
path=I:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk
backup=I:\WINDOWS\pss\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--------- 2004-08-05 14:00 15360 I:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2006-06-30 04:45 1404928 I:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-04-09 21:57 122368 I:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-05-16 17:58 213936 I:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 I:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 I:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 I:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 I:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 I:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 I:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 10:26 86016 I:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 I:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 I:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2003-09-29 16:00 155648 I:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 I:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-16 10:55 68856 I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-01-23 22:53 185896 I:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"=
"I:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\patchget.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\WINDOWS\\system32\\dpvsetup.exe"=
"I:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"I:\\Program Files\\MSN Messenger\\livecall.exe"=
"I:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=
"I:\\WINDOWS\\system32\\rtcshare.exe"=
"I:\\Program Files\\Valve\\Steam\\SteamApps\\novdjama\\condition zero\\hl.exe"=
"I:\\Program Files\\Valve\\Steam\\Steam.exe"=
"I:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"I:\\Program Files\\iTunes\\iTunes.exe"=
"I:\\Program Files\\TmNationsForever\\TmForever.exe"=
"I:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"I:\\Documents and Settings\\Novick\\Bureau\\Documents de Novick\\Jeux\\Half-Life 2\\hl2.exe"=
"I:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)

R2 OPTENET_FILTER;Control Parental;I:\Program Files\Controle Parental\bin\optproxy.exe [2006-03-02 564400]
S3 ausbccgp;ausbccgp;I:\DOCUME~1\Novick\LOCALS~1\Temp\ausbccgp.sys [ ]
S3 Boonty Games;Boonty Games;I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-12-02 69120]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;I:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;I:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-01-09 261632]
S3 USB-100;SMC Compact USB to Ethernet converter;I:\WINDOWS\system32\DRIVERS\SMC2208.SYS [2001-09-25 27519]
S3 wacpiec;wacpiec;I:\DOCUME~1\Novick\LOCALS~1\Temp\wacpiec.sys [ ]
S3 xdiskdum;xdiskdum;I:\DOCUME~1\Novick\LOCALS~1\Temp\xdiskdum.sys [ ]
S3 ZDCndis5;ZDCndis5 Protocol Driver;I:\WINDOWS\system32\ZDCndis5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28708558-8eba-11da-8cbe-0011d893c366}]
\Shell\AutoRun\command - J:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9b6b70a-b386-11da-8d12-0011d893c366}]
\Shell\AutoRun\command - D:\LaunchU3.exe

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB
*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-avast! - I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 21:54:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-09-11 22:01:23
ComboFix-quarantined-files.txt 2008-09-11 20:01:19
ComboFix2.txt 2008-09-11 19:08:33
ComboFix3.txt 2008-09-10 16:47:44

Pre-Run: 10,463,592,448 octets libres
Post-Run: 10,477,424,640 octets libres

242 --- E O F --- 2008-09-09 19:59:52

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:37, on 12/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Controle Parental\bin\optproxy.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\UAService7.exe
I:\Program Files\Canon\CAL\CALMAIN.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\QuickTime\QTTask.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\Program Files\internet explorer\iexplore.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Documents and Settings\Novick\Local Settings\Temporary Internet Files\Content.IE5\PKTBAHGB\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [updateMgr] "I:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [Steam] "I:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: .security
O4 - Global Startup: .security
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - I:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.com/qp2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/fl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED5E6DA4-1F95-48AD-BE36-23B2085804A0}: NameServer = 192.168.5.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - I:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - I:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - I:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - I:\WINDOWS\system32\UAService7.exe

--
End of file - 8611 bytes

Ton pc se comporte mieux ?

mon pc se porte mieux, mais le seul probleme, c'est qu'au lieu que ce soit le pare feu qui s'affiche toutes les heures pour me dire que j'ai un cheval de troie, maintenant c'est antivir qui me le fait

AntiVir te donne l'emplacement ?

chaque heure, antivir me demande si je veux supprimer un cheval de troie et a chaque fois je le supprime. A chaque fois ,c'est le meme virus. Diagnostic ?

Oui mais tu as l'emplacement (C:\...) ?