Help Antivirus 2009 - Windows Security Center

Bonjour,

Mon PC est apparemment infecté par un virus qui ouvre des fenêtres me signalant des infections multiples. Ces fenêtres s'ouvrent régulièrement. Il fait des 'dump' par moments.
Je ne peux plus travailler dessus.
Le nom des fenetres s'appellent Antivirus 2009 et Security Center.
J'ai lu qu'il fallait l'aide d'un spécialiste.
Merci de m'aider.

Merci d'avance pour votre aide.

Je voulais ajouter qu'en plus des fenêtres pop-up intempestives, j'ai également des fenêtes IE qui s'ouvrent parfois sur le site www.eorezo.com


Le rapport de Gmer se trouve à l'URL suivant : http://www.mediafire.com/?ztwdr4ji94g

Et voici le fichier DDS.txt :


DDS (Ver_09-01-07.01) - NTFSx86
Run by CAROLINE at 15:06:10,01 on 18/01/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: EoBho Class: {64f56fc1-1272-44cd-ba6e-39723696e350} - c:\progra~1\eorezo\eoadv\EOREZO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [18684820219065477091747260225501] c:\program files\antivirus 2009\av2009.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Drag'n Drop CD+DVD] c:\program files\drag'n drop cd+dvd\binfiles\DragDrop.exe /StartUp
mRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IPHSend] c:\program files\fichiers communs\aol\iphsend\IPHSend.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [EoEngine] "c:\program files\eorezo\EoEngine.exe"
mRun: [EoClock]
mRun: [RealTray] c:\program files\real\realone player\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SSBkgdUpdate] "c:\program files\fichiers communs\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [F-Secure Manager] "c:\program files\orange\antivirusfirewall\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\orange\antivirusfirewall\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: ebay.fr\www
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties" );
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties" );

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-18 14:34 250 a------- c:\windows\gmer.ini
2009-01-18 14:30 <DIR> --d----- c:\program files\gmer
2009-01-18 10:25 0 a------- c:\windows\system32\ieupdates.exe.tmp
2009-01-15 10:42 65,024 a------- c:\windows\system32\ieupdates.0xe
2009-01-15 10:42 <DIR> --d----- c:\program files\Antivirus 2009

==================== Find3M ====================

2008-12-11 11:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-03 12:29 455,526 a------- c:\windows\system32\perfh00C.dat
2008-12-03 12:29 68,844 a------- c:\windows\system32\perfc00C.dat
2008-12-02 16:34 86,669 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 13:36 286,720 a------- c:\windows\system32\gdi32.dll
2005-02-27 18:20 284 a------- c:\docume~1\caroline\applic~1\ViewerApp.dat

============= FINISH: 15:12:06,82 ===============

Voilà!

Bonsoir,
J'ai lancé Combofix mais au moment d'installer la console, je n'ai pas pu car il avait besoin d'internet et j'avais désactivé la liaison (WIfi) et je n'ai pas pu la remettre pendant la manip.
Cela ne l'a pas empéché de faire un rapport que voici.

ComboFix 09-01-17.04 - CAROLINE 2009-01-18 18:40:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.145 [GMT 1:00]
Lancé depuis: c:\documents and settings\CAROLINE\Bureau\ComboFix.exe
AV: AntiVirus Firewall 7.00 *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
FW: AntiVirus Firewall 7.00 *disabled*
* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CAROLINE\err.log
c:\program files\Antivirus 2009
c:\program files\Antivirus 2009\av2009.exe
c:\windows\IE4 Error Log.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\ieupdates.exe.tmp

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-18 au 2009-01-18 ))))))))))))))))))))))))))))))))))))
.

2009-01-18 14:34 . 2009-01-18 14:34 250 --a------ c:\windows\gmer.ini
2009-01-18 14:30 . 2009-01-18 14:30 <REP> d-------- c:\program files\gmer
2009-01-15 10:42 . 2009-01-15 10:42 65,024 --a------ c:\windows\system32\ieupdates.0xe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 17:24 --------- d-----w c:\program files\eoRezo
2009-01-18 17:24 --------- d-----w c:\documents and settings\CAROLINE\Application Data\EoRezo
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2007-01-30 23:18 4,136,448 ----a-w c:\documents and settings\Bureau\praat.exe
2005-02-27 17:20 284 ----a-w c:\documents and settings\CAROLINE\Application Data\ViewerApp.dat
2006-12-04 07:30 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-04 07:30 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-04 07:30 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-19 335872]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-12-02 94208]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2003-10-24 167936]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-27 98304]
"IPHSend"="c:\program files\Fichiers communs\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"EoEngine"="c:\program files\eoRezo\EoEngine.exe" [2006-11-02 454656]
"RealTray"="c:\program files\Real\RealOne Player\RealPlay.exe" [2007-10-29 26112]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll
"msacm.dvacm"= dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\sony\\vaio media 2.5\\Vc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-04-03 51072]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-03 41184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-03 52736]
R4 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [2006-12-07 32768]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2008-04-03 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2008-04-03 18432]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-EoClock - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
Trusted Zone: www.ebay.fr
Trusted Zone: *.sony-europe.com
Trusted Zone: *.sonystyle-europe.com
Trusted Zone: *.vaio-link.com
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties" );
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 18:42:33
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX600 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"??]???????K????????????a?wn?a??????????????????????????????????b?w????????????????8???????????h??w????????????z??w????????????)??|???????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(676)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(596)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
.
Heure de fin: 2009-01-18 18:45:16
ComboFix-quarantined-files.txt 2009-01-18 17:44:41

Avant-CF: 15ÿ433ÿ359ÿ360 octets libres
AprÞs-CF: 15,533,924,352 octets libres

136 --- E O F --- 2009-01-15 14:36:36

Je ne voudrai garder que l'antivirus d'orange et le firewall d'orange, quel est l'autre antivirus/firewall qu'il faut que j'enlève, je ne le vois pas.
D'autre part, les fenêtres pop-up intempestives ont maintenant disparues, ce qui est une bonne chose. Il reste un icone en bas à droite en forme de petit bonhomme du nom de Eorezo et cela ne me dit rien de bon.
Merci

Bonsoir,

Je ne vois pas de traces de cet Avira Antivir sous c:\Program files ou dans Ajouter/Supprimer programmes.
J'ai récupéré ce PC en l'état et je ne connais pas tout l'historique.
Une idée ?

bonsoir,

J'ai relancé Combofix et là j'ai un message me disant en effet que Avira Antivir et que je devrai le désactiver sinon les résultats seront imprévisibles.
Je ne trouve rien sur ce logiciel sur le PC; c bizarre.
Le résultat de Combofix est le suivant :

ComboFix 09-01-21.04 - CAROLINE 2009-01-22 23:47:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.215 [GMT 1:00]
Lancé depuis: c:\documents and settings\CAROLINE\Bureau\ComboFix.exe
AV: AntiVirus Firewall 7.00 *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
FW: AntiVirus Firewall 7.00 *enabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
.

2009-01-18 14:34 . 2009-01-18 14:34 250 --a------ c:\windows\gmer.ini
2009-01-18 14:30 . 2009-01-18 14:30 <REP> d-------- c:\program files\gmer
2009-01-15 10:42 . 2009-01-15 10:42 65,024 --a------ c:\windows\system32\ieupdates.0xe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 22:23 --------- d-----w c:\documents and settings\CAROLINE\Application Data\EoRezo
2009-01-22 22:09 --------- d-----w c:\program files\eoRezo
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2007-01-30 23:18 4,136,448 ----a-w c:\documents and settings\Bureau\praat.exe
2005-02-27 17:20 284 ----a-w c:\documents and settings\CAROLINE\Application Data\ViewerApp.dat
2006-12-04 07:30 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-04 07:30 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-04 07:30 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-19 335872]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-12-02 94208]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2003-10-24 167936]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-27 98304]
"IPHSend"="c:\program files\Fichiers communs\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"EoEngine"="c:\program files\eoRezo\EoEngine.exe" [2006-11-02 454656]
"RealTray"="c:\program files\Real\RealOne Player\RealPlay.exe" [2007-10-29 26112]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-02-27 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-02-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll
"msacm.dvacm"= dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\sony\\vaio media 2.5\\Vc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-04-03 51072]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-03 41184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-03 52736]
R4 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [2006-12-07 32768]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2008-04-03 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2008-04-03 18432]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
Trusted Zone: ebay.fr\www
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties" );
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 23:48:51
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX600 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"??]???????K????????????a?wn?a??????????????????????????????????b?w????????????????8???????????h??w????????????z??w????????????)??|???????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(668)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(584)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
.
Heure de fin: 2009-01-22 23:51:17
ComboFix-quarantined-files.txt 2009-01-22 22:50:41

Avant-CF: 15 483 641 856 octets libres
Après-CF: 15,471,902,720 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /noexecute=optin

137 --- E O F --- 2009-01-15 14:36:36

D'autre part, le Pc est très lent.
Merci de votre aide.

Bonjour,

Voici le résultat de l'analyse de
c:\windows\system32\ieupdates.0xe par Virustotal :

Fichier ieupdates.exe reçu le 2009.01.20 21:07:18 (CET)Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.20 -
AhnLab-V3 2009.1.21.0 2009.01.20 -
AntiVir 7.9.0.57 2009.01.20 TR/Dldr.Agent.bdhq
Authentium 5.1.0.4 2009.01.19 W32/Downldr3.AJ
Avast 4.8.1281.0 2009.01.20 -
AVG 8.0.0.229 2009.01.20 FakeAlert.EY
BitDefender 7.2 2009.01.20 Trojan.Generic.1362111
CAT-QuickHeal 10.00 2009.01.20 -
ClamAV 0.94.1 2009.01.20 -
Comodo 939 2009.01.20 -
DrWeb 4.44.0.09170 2009.01.20 -
eSafe 7.0.17.0 2009.01.20 Win32.TrojanDownload
eTrust-Vet 31.6.6315 2009.01.19 -
F-Prot 4.4.4.56 2009.01.19 W32/Downldr3.AJ
F-Secure 8.0.14470.0 2009.01.20 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.20 Trojan.Generic.1362111
Ikarus T3.1.1.45.0 2009.01.20 -
K7AntiVirus 7.10.596 2009.01.20 Trojan-Downloader.Win32.Agent.bdhq
Kaspersky 7.0.0.125 2009.01.20 Trojan-Downloader.Win32.Agent.bdhq
McAfee 5501 2009.01.20 Generic Dropper.bw
McAfee+Artemis 5501 2009.01.20 Generic Dropper.bw
Microsoft 1.4205 2009.01.20 TrojanDownloader:Win32/Yektel.A
NOD32 3781 2009.01.20 Win32/TrojanDownloader.Delf.ONK
Norman 5.93.01 2009.01.20 W32/Antivirus2008.BTE
nProtect 2009.1.8.0 2009.01.20 -
Panda 9.5.1.2 2009.01.20 -
PCTools 4.4.2.0 2009.01.20 RogueAntiSpyware.AntiVirusPro
Prevx1 V2 2009.01.20 Fraudulent Security Program
Rising 21.13.11.00 2009.01.20 -
SecureWeb-Gateway 6.7.6 2009.01.20 Trojan.Dldr.Agent.bdhq
Sophos 4.37.0 2009.01.20 Troj/Dloadr-CEX
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.20 Downloader
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.20 -
VBA32 3.12.8.10 2009.01.19 Trojan-Downloader.Win32.Agent.bdhq
ViRobot 2009.1.20.1569 2009.01.20 -
VirusBuster 4.5.11.0 2009.01.20 -

Information additionnelle
File size: 65024 bytes
MD5...: d12a77068e73ed64d46bc783bcd159d8
SHA1..: c3014a5d7dbe8e81775bd6f28f297e89928a0c89
SHA256: 8a5893dbdbe9b0f8d1402520806e490be8ab9843566ce326bac84cf5d7ea4db1
SHA512: e6175bd3ee79f77c0d0703adf6103e2aabc71b0f2c6352f37c19f8778a5d6a45<BR>c5b3a0ab1d4186133bbd5adb5887a611d86e1709958bb7aa8e662e0dad672f99<BR>
ssdeep: 768:Uk6KHBPS6GDf0wztrxPDViGmnLgPMaDHvC+ubaFEx3Fmwp1/7bVaa+0xxeXE<BR>Uq:z6KH1FwrViGmkPZHRKx3fbVR+0y<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (38.4%)<BR>Win32 Dynamic Link Library (generic) (34.2%)<BR>Clipper DOS Executable (9.1%)<BR>Generic Win/DOS Executable (9.0%)<BR>DOS Executable Generic (9.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401300<BR>timedatestamp.....: 0x45bbcc80 (Sat Jan 27 22:04:48 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 7 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x928 0xa00 5.35 98b6a213ff248518d432f3ef2ff4daa0<BR>.bbs 0x2000 0xf85 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.data 0x3000 0xd450 0xd600 5.78 9f958268ae403369d271c1b7be52497c<BR>.idata 0x11000 0xf83 0x1000 5.00 a18d61c8ff8886b806b44975f8bd6bea<BR>.edata 0x12000 0xa3 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<BR>.rdata 0x13000 0x2ab 0x200 0.21 82989834c177ad8f2c33575366a49a20<BR>.rsrc 0x14000 0x6204 0x400 3.22 8a5da4b0b29e5dd2453211b03e75692c<BR><BR>( 10 imports ) <BR>&gt; KERNEL32.DLL: ExitThread, GlobalFree, WriteFile, GetCommandLineA, DeleteFileW, CopyFileW, DeleteFileA, ReadConsoleA, GetFileSize, ReadFile, OpenFile, GetStdHandle, GetCPInfo, Sleep, CreateProcessA, CreateDirectoryA<BR>&gt; KERNEL32.DLL: GetFileSize, GetCommandLineA, DeleteFileW, CreateThread, GetConsoleMode, GetFileTime, CreateProcessA, FindFirstFileA, CreateDirectoryA, CopyFileExA, FindAtomA, GetStdHandle, CopyFileExW, ReadConsoleA, GlobalFree, Sleep, WriteFile, ReadFile, DeleteAtom<BR>&gt; USER32.DLL: AppendMenuW, DrawIconEx, IsWindow, AlignRects, GetDlgItem, IsMenu, GetCursor, DialogBoxParamA, DrawIcon, InsertMenuA, AppendMenuA, CopyRect, GetWindowTextA, GetFocus, LoadCursorA<BR>&gt; USER32.DLL: CopyIcon, AppendMenuW, CreateIcon, GetCursor, EndDialog, GetDC, DrawIcon, DialogBoxParamA, CopyRect, GetWindowTextLengthA, DrawTextA, GetWindowTextA, GetMenu, CopyImage, IsWindow, InsertMenuA<BR>&gt; KERNEL32.DLL: GetFileSize, CreateThread, WriteFile, GlobalFree, DeleteFileW, CopyFileExW, DeleteFileA, OpenFile, GetFileTime, CreateDirectoryA, CreateProcessA, GetConsoleMode, ReadFile, SetLastError, GetStdHandle, CopyFileW, FindFirstFileA<BR>&gt; KERNEL32.DLL: GetFileSize, GetConsoleMode, FindFirstFileA, CopyFileA, ReadFile, GetCommandLineA, OpenFile, Sleep, CreateDirectoryA, WriteFile, GetLastError, CopyFileExW<BR>&gt; KERNEL32.DLL: GetCPInfo, GetFileTime, CreateProcessA, ExitThread, GetStdHandle, CopyFileExW, CopyFileExA, GetCommandLineA, FindFirstFileA, Sleep, GetComputerNameA, GetConsoleMode, FindAtomA, CreateThread<BR>&gt; COMCTL32.DLL: ImageList_AddMasked, ImageList_GetIconSize, ImageList_LoadImageA, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Destroy, ImageList_LoadImageW, ImageList_GetDragImage, ImageList_Draw, ImageList_GetImageCount, ImageList_Read, ImageList_LoadImage, ImageList_Copy, ImageList_Replace<BR>&gt; COMCTL32.DLL: InitCommonControls, ImageList_Merge, ImageList_AddIcon, ImageList_DrawEx, ImageList_Replace, ImageList_EndDrag, ImageList_Draw, ImageList_GetIcon, ImageList_GetImageInfo, ImageList_DragEnter, ImageList_LoadImageA, ImageList_GetDragImage, ImageList_AddMasked, ImageList_GetImageRect, ImageList_DrawIndirect, ImageList_Read, ImageList_Remove<BR>&gt; KERNEL32.DLL: GetLastError, SetLastError, CopyFileExA, CopyFileA, ReadFile, CreateDirectoryA, WriteFile, GetCPInfo, GetStdHandle, ReadConsoleA, GlobalFree<BR><BR>( 0 exports ) <BR>
Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=59A13AD5002C469BFEF900B62875F200FE9C80D1" target=_blank>http://info.prevx.com/aboutprogramtext.asp?PX5=59A13AD5002C469BFEF900B62875F200FE9C80D1</A>

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2009.01.20 -
AhnLab-V3 2009.1.21.0 2009.01.20 -
AntiVir 7.9.0.57 2009.01.20 TR/Dldr.Agent.bdhq
Authentium 5.1.0.4 2009.01.19 W32/Downldr3.AJ
Avast 4.8.1281.0 2009.01.20 -
AVG 8.0.0.229 2009.01.20 FakeAlert.EY
BitDefender 7.2 2009.01.20 Trojan.Generic.1362111
CAT-QuickHeal 10.00 2009.01.20 -
ClamAV 0.94.1 2009.01.20 -
Comodo 939 2009.01.20 -
DrWeb 4.44.0.09170 2009.01.20 -
eSafe 7.0.17.0 2009.01.20 Win32.TrojanDownload
eTrust-Vet 31.6.6315 2009.01.19 -
F-Prot 4.4.4.56 2009.01.19 W32/Downldr3.AJ
F-Secure 8.0.14470.0 2009.01.20 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.20 Trojan.Generic.1362111
Ikarus T3.1.1.45.0 2009.01.20 -
K7AntiVirus 7.10.596 2009.01.20 Trojan-Downloader.Win32.Agent.bdhq
Kaspersky 7.0.0.125 2009.01.20 Trojan-Downloader.Win32.Agent.bdhq
McAfee 5501 2009.01.20 Generic Dropper.bw
McAfee+Artemis 5501 2009.01.20 Generic Dropper.bw
Microsoft 1.4205 2009.01.20 TrojanDownloader:Win32/Yektel.A
NOD32 3781 2009.01.20 Win32/TrojanDownloader.Delf.ONK
Norman 5.93.01 2009.01.20 W32/Antivirus2008.BTE
nProtect 2009.1.8.0 2009.01.20 -
Panda 9.5.1.2 2009.01.20 -
PCTools 4.4.2.0 2009.01.20 RogueAntiSpyware.AntiVirusPro
Prevx1 V2 2009.01.20 Fraudulent Security Program
Rising 21.13.11.00 2009.01.20 -
SecureWeb-Gateway 6.7.6 2009.01.20 Trojan.Dldr.Agent.bdhq
Sophos 4.37.0 2009.01.20 Troj/Dloadr-CEX
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.20 Downloader
TheHacker 6.3.1.5.224 2009.01.20 -
TrendMicro 8.700.0.1004 2009.01.20 -
VBA32 3.12.8.10 2009.01.19 Trojan-Downloader.Win32.Agent.bdhq
ViRobot 2009.1.20.1569 2009.01.20 -
VirusBuster 4.5.11.0 2009.01.20 -

Information additionnelle
File size: 65024 bytes
MD5...: d12a77068e73ed64d46bc783bcd159d8
SHA1..: c3014a5d7dbe8e81775bd6f28f297e89928a0c89
SHA256: 8a5893dbdbe9b0f8d1402520806e490be8ab9843566ce326bac84cf5d7ea4db1
SHA512: e6175bd3ee79f77c0d0703adf6103e2aabc71b0f2c6352f37c19f8778a5d6a45<BR>c5b3a0ab1d4186133bbd5adb5887a611d86e1709958bb7aa8e662e0dad672f99<BR>
ssdeep: 768:Uk6KHBPS6GDf0wztrxPDViGmnLgPMaDHvC+ubaFEx3Fmwp1/7bVaa+0xxeXE<BR>Uq:z6KH1FwrViGmkPZHRKx3fbVR+0y<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (38.4%)<BR>Win32 Dynamic Link Library (generic) (34.2%)<BR>Clipper DOS Executable (9.1%)<BR>Generic Win/DOS Executable (9.0%)<BR>DOS Executable Generic (9.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401300<BR>timedatestamp.....: 0x45bbcc80 (Sat Jan 27 22:04:48 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 7 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x928 0xa00 5.35 98b6a213ff248518d432f3ef2ff4daa0<BR>.bbs 0x2000 0xf85 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.data 0x3000 0xd450 0xd600 5.78 9f958268ae403369d271c1b7be52497c<BR>.idata 0x11000 0xf83 0x1000 5.00 a18d61c8ff8886b806b44975f8bd6bea<BR>.edata 0x12000 0xa3 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<BR>.rdata 0x13000 0x2ab 0x200 0.21 82989834c177ad8f2c33575366a49a20<BR>.rsrc 0x14000 0x6204 0x400 3.22 8a5da4b0b29e5dd2453211b03e75692c<BR><BR>( 10 imports ) <BR>&gt; KERNEL32.DLL: ExitThread, GlobalFree, WriteFile, GetCommandLineA, DeleteFileW, CopyFileW, DeleteFileA, ReadConsoleA, GetFileSize, ReadFile, OpenFile, GetStdHandle, GetCPInfo, Sleep, CreateProcessA, CreateDirectoryA<BR>&gt; KERNEL32.DLL: GetFileSize, GetCommandLineA, DeleteFileW, CreateThread, GetConsoleMode, GetFileTime, CreateProcessA, FindFirstFileA, CreateDirectoryA, CopyFileExA, FindAtomA, GetStdHandle, CopyFileExW, ReadConsoleA, GlobalFree, Sleep, WriteFile, ReadFile, DeleteAtom<BR>&gt; USER32.DLL: AppendMenuW, DrawIconEx, IsWindow, AlignRects, GetDlgItem, IsMenu, GetCursor, DialogBoxParamA, DrawIcon, InsertMenuA, AppendMenuA, CopyRect, GetWindowTextA, GetFocus, LoadCursorA<BR>&gt; USER32.DLL: CopyIcon, AppendMenuW, CreateIcon, GetCursor, EndDialog, GetDC, DrawIcon, DialogBoxParamA, CopyRect, GetWindowTextLengthA, DrawTextA, GetWindowTextA, GetMenu, CopyImage, IsWindow, InsertMenuA<BR>&gt; KERNEL32.DLL: GetFileSize, CreateThread, WriteFile, GlobalFree, DeleteFileW, CopyFileExW, DeleteFileA, OpenFile, GetFileTime, CreateDirectoryA, CreateProcessA, GetConsoleMode, ReadFile, SetLastError, GetStdHandle, CopyFileW, FindFirstFileA<BR>&gt; KERNEL32.DLL: GetFileSize, GetConsoleMode, FindFirstFileA, CopyFileA, ReadFile, GetCommandLineA, OpenFile, Sleep, CreateDirectoryA, WriteFile, GetLastError, CopyFileExW<BR>&gt; KERNEL32.DLL: GetCPInfo, GetFileTime, CreateProcessA, ExitThread, GetStdHandle, CopyFileExW, CopyFileExA, GetCommandLineA, FindFirstFileA, Sleep, GetComputerNameA, GetConsoleMode, FindAtomA, CreateThread<BR>&gt; COMCTL32.DLL: ImageList_AddMasked, ImageList_GetIconSize, ImageList_LoadImageA, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Destroy, ImageList_LoadImageW, ImageList_GetDragImage, ImageList_Draw, ImageList_GetImageCount, ImageList_Read, ImageList_LoadImage, ImageList_Copy, ImageList_Replace<BR>&gt; COMCTL32.DLL: InitCommonControls, ImageList_Merge, ImageList_AddIcon, ImageList_DrawEx, ImageList_Replace, ImageList_EndDrag, ImageList_Draw, ImageList_GetIcon, ImageList_GetImageInfo, ImageList_DragEnter, ImageList_LoadImageA, ImageList_GetDragImage, ImageList_AddMasked, ImageList_GetImageRect, ImageList_DrawIndirect, ImageList_Read, ImageList_Remove<BR>&gt; KERNEL32.DLL: GetLastError, SetLastError, CopyFileExA, CopyFileA, ReadFile, CreateDirectoryA, WriteFile, GetCPInfo, GetStdHandle, ReadConsoleA, GlobalFree<BR><BR>( 0 exports ) <BR>
Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=59A13AD5002C469BFEF900B62875F200FE9C80D1" target=_blank>http://info.prevx.com/aboutprogramtext.asp?PX5=59A13AD5002C469BFEF900B62875F200FE9C80D1</A>

bonsoir, j'ai désinstallé Eoengine et voici le rapport de Combofix.
Y a-t-il autre chose à éradiquer ? Merci

ComboFix 09-02-05.01 - CAROLINE 2009-02-05 21:58:55.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.211 [GMT 1:00]
Lancé depuis: c:\documents and settings\CAROLINE\Bureau\ComboFix.exe
AV: AntiVirus Firewall 7.00 *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
FW: AntiVirus Firewall 7.00 *enabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-05 au 2009-02-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-18 14:34 . 2009-01-18 14:34 250 --a------ c:\windows\gmer.ini
2009-01-18 14:30 . 2009-01-18 14:30 <REP> d-------- c:\program files\gmer
2009-01-15 10:42 . 2009-01-15 10:42 65,024 --a------ c:\windows\system32\ieupdates.0xe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 18:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-05 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-05 18:29 --------- d-----w c:\program files\eoRezo
2009-02-05 18:29 --------- d-----w c:\documents and settings\CAROLINE\Application Data\EoRezo
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-30 23:18 4,136,448 ----a-w c:\documents and settings\Bureau\praat.exe
2005-02-27 17:20 284 ----a-w c:\documents and settings\CAROLINE\Application Data\ViewerApp.dat
2006-12-04 07:30 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-04 07:30 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-04 07:30 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-19 335872]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-12-02 94208]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2003-10-24 167936]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-27 98304]
"IPHSend"="c:\program files\Fichiers communs\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"RealTray"="c:\program files\Real\RealOne Player\RealPlay.exe" [2007-10-29 26112]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-02-27 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-02-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll
"msacm.dvacm"= dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\sony\\vaio media 2.5\\Vc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-04-03 51072]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-03 41184]
R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [2006-12-07 32768]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-03 52736]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2008-04-03 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2008-04-03 18432]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-EoEngine - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
Trusted Zone: ebay.fr\www
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties" );
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 22:02:13
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX600 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"??]???????K????????????a?wn?a??????????????????????????????????b?w????????????????8???????????h??w????????????z??w????????????)??|???????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(676)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(592)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
.
Heure de fin: 2009-02-05 22:04:27
ComboFix-quarantined-files.txt 2009-02-05 21:03:48
ComboFix2.txt 2009-01-22 22:51:19

Avant-CF: 15 566 700 544 octets libres
Après-CF: 15,556,493,312 octets libres

133 --- E O F --- 2009-01-15 14:36:36

Bonsoir,

Je sais que j'ai toujours Avira antivir d'activer mais je ne le trouve pas. dsl
Voici le résultat de Combofix :

ComboFix 09-02-06.04 - CAROLINE 2009-02-07 19:07:27.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.197 [GMT 1:00]
Lancé depuis: c:\documents and settings\CAROLINE\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CAROLINE\Bureau\CFScript.txt
AV: AntiVirus Firewall 7.00 *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)
FW: AntiVirus Firewall 7.00 *enabled*
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\ieupdates.0xe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\eoRezo
c:\program files\eoRezo\cmhost.cyp
c:\program files\eoRezo\EoAdv\eoAdv.url
c:\program files\eoRezo\EoAdv\EoRezoBho.old
c:\program files\eoRezo\EoRezoImg_9.dll
c:\program files\eoRezo\EoRezoTools_9.dll
c:\windows\system32\ieupdates.0xe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-07 au 2009-02-07 ))))))))))))))))))))))))))))))))))))
.

2009-01-18 14:34 . 2009-01-18 14:34 250 --a------ c:\windows\gmer.ini
2009-01-18 14:30 . 2009-01-18 14:30 <REP> d-------- c:\program files\gmer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 18:33 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-05 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-05 18:29 --------- d-----w c:\documents and settings\CAROLINE\Application Data\EoRezo
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-01-30 23:18 4,136,448 ----a-w c:\documents and settings\Bureau\praat.exe
2005-02-27 17:20 284 ----a-w c:\documents and settings\CAROLINE\Application Data\ViewerApp.dat
2006-12-04 07:30 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-04 07:30 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-04 07:30 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-18_18.43.34,15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-09-04 07:12:26 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-07 17:42:37 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-11-20 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-11-20 499712]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-19 335872]
"HKSERV.EXE"="c:\program files\Sony\HotKey Utility\HKserv.exe" [2003-12-02 94208]
"SonyPowerCfg"="c:\program files\sony\vaio power management\SPMgr.exe" [2003-10-24 167936]
"Drag'n Drop CD+DVD"="c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe" [2003-08-08 1175552]
"EPSON Stylus Photo RX600"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE" [2003-09-11 99840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-27 98304]
"IPHSend"="c:\program files\Fichiers communs\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"RealTray"="c:\program files\Real\RealOne Player\RealPlay.exe" [2007-10-29 26112]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-10 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-10 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2005-02-27 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2005-02-27 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\FICHIE~1\SONYSH~1\videolib\sonydv.dll
"msacm.dvacm"= dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\sony\\vaio media 2.5\\Vc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-04-03 51072]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-03 41184]
R2 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\Bin\WGE_SRV.exe [2006-12-07 32768]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-03 52736]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2008-04-03 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2008-04-03 18432]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
Trusted Zone: ebay.fr\www
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
FF - ProfilePath -

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties" );
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties" );
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 19:10:32
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo RX600 = c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"??]???????K????????????a?wn?a??????????????????????????????????b?w????????????????8???????????h??w????????????z??w????????????)??|???????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\Ati2evxx.dll
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(684)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll

- - - - - - - > 'csrss.exe'(604)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
.
Heure de fin: 2009-02-07 19:13:05
ComboFix-quarantined-files.txt 2009-02-07 18:12:30
ComboFix2.txt 2009-02-05 21:04:30
ComboFix3.txt 2009-01-22 22:51:19

Avant-CF: 15 528 394 752 octets libres
Après-CF: 15,517,233,152 octets libres

150 --- E O F --- 2009-01-15 14:36:36


Quant à Hijackthis, je ne l'ai pas encore utilisé alors je l'ai téléchargé. Volci le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:50, on 07/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\CAROLINE\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O15 - Trusted Zone: http://www.ebay.fr
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molb [...] insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 9693801230
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 5453157239
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molb [...] cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - http://www.microsoft.com/France/wi [...] S_Aqua.jpg
O24 - Desktop Component 1: (no name) - file:///Fhtml/images/infos_bg.gif
O24 - Desktop Component 2: (no name) - http://www.commeaucinema.com/sites [...] rie_10.jpg

--
End of file - 12041 bytes

Voici ce que tu m'as demandé :

DDS.txt :


DDS (Ver_09-01-07.01) - NTFSx86
Run by CAROLINE at 16:02:46,94 on 14/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.218 [GMT 1:00]

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
AV: AntiVirus Firewall 7.00 *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
FW: AntiVirus Firewall 7.00 *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\CAROLINE\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.fr/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: EoBho Class: {64f56fc1-1272-44cd-ba6e-39723696e350} - c:\progra~1\eorezo\eoadv\EOREZO~1.DLL
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HKSERV.EXE] c:\program files\sony\hotkey utility\HKserv.exe
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [Drag'n Drop CD+DVD] c:\program files\drag'n drop cd+dvd\binfiles\DragDrop.exe /StartUp
mRun: [EPSON Stylus Photo RX600] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IPHSend] c:\program files\fichiers communs\aol\iphsend\IPHSend.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [RealTray] c:\program files\real\realone player\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [SSBkgdUpdate] "c:\program files\fichiers communs\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [F-Secure Manager] "c:\program files\orange\antivirusfirewall\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\orange\antivirusfirewall\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\lancem~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: ebay.fr\www
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties" );
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties" );

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-4-3 51072]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\orange\antivirusfirewall\hips\fshs.sys [2008-4-3 41184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\orange\antivirusfirewall\anti-virus\minifilter\fsgk.sys [2008-4-3 52736]
R4 EBP Pervasive.SQL;EBP Pervasive.SQL;c:\pvsw\bin\WGE_SRV.exe [2006-12-7 32768]
R4 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\orange\antivirusfirewall\anti-virus\fsgk32st.exe [2008-4-3 41043]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\orange\antivirusfirewall\anti-virus\win2k\fsfilter.sys [2008-4-3 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\orange\antivirusfirewall\anti-virus\win2k\fsrec.sys [2008-4-3 18432]

=============== Created Last 30 ================

2009-01-22 23:46 <DIR> a-dshr-- C:\cmdcons
2009-01-22 23:43 161,792 a------- c:\windows\SWREG.exe
2009-01-22 23:43 98,816 a------- c:\windows\sed.exe
2009-01-18 14:34 250 a------- c:\windows\gmer.ini
2009-01-18 14:30 <DIR> --d----- c:\program files\gmer

==================== Find3M ====================

2008-12-20 23:47 826,368 a------- c:\windows\system32\wininet.dll
2008-12-03 12:29 455,526 a------- c:\windows\system32\perfh00C.dat
2008-12-03 12:29 68,844 a------- c:\windows\system32\perfc00C.dat
2008-12-02 16:34 86,669 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2005-02-27 18:20 284 a------- c:\docume~1\caroline\applic~1\ViewerApp.dat

============= FINISH: 16:04:50,25 ===============





Ancien Attach.txt :


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 28/02/2005 23:51:06
System Uptime: 18/01/2009 10:13:57 (5 hours ago)

Motherboard: Sony Corporation | | Q-Project
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | N/A | 2791/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 28 GiB total, 14,442 GiB free.
D: is FIXED (NTFS) - 28 GiB total, 27,932 GiB free.
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP504: 23/10/2008 12:14:16 - Point de vérification système
RP505: 30/10/2008 12:47:52 - Point de vérification système
RP506: 31/10/2008 15:48:43 - Point de vérification système
RP507: 28/11/2008 10:53:05 - Software Distribution Service 3.0
RP508: 02/12/2008 15:31:41 - Software Distribution Service 3.0
RP509: 15/01/2009 15:26:14 - Software Distribution Service 3.0
RP510: 17/01/2009 11:28:43 - Point de vérification système
RP511: 18/01/2009 12:18:28 - Point de vérification système

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.8 - Français
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
AntiVirus Firewall
applidemodcdlfr
ArcSoft Software Suite
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
AutoUpdate
Brother MFL-Pro Suite
Click to DVD 1.3
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB952287)
Cryptigo S/MIME Eudora Plugin
Digtal Camera-C
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drag'n Drop CD+DVD
DVgate Plus
EBP Btrieve 8.6
EBP Comptabilité 12.1
Ecran de veille AOL Photos
Enregistrement en ligne VAIO (Français)
eoEngine 4.0
EPSON CardMonitor
EPSON Copy Utility
EPSON Logiciel imprimante
EPSON Photo Print
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Scan
EPSON Smart Panel
ESPRX600 Guide de référence
ESPRX600 Guide des logiciels
ESPRX600 Guide fonctionnement
Google Toolbar for Firefox
HotKey Utility
InterVideo WinDVD 5 for VAIO
ISP Selector
ISP Selector (Français)
Java 2 Runtime Environment, SE v1.4.2_01
LAN-Express AS IEEE 802.11 Wireless LAN
Learn2 Player (Uninstall Only)
Logiciel WebCam de Labtec
Macromedia Flash Player
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Baseline Security Analyzer 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955839)
MoodLogic
Mozilla Firefox (1.5)
Music Visualizer Library 1.4.00
OpenMG Secure Module 3.3.01
Panda ActiveScan
PaperPort
Picture Package
PictureGear Studio 2.0
Programme de gestion Camera de Labtec®
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
ScanToWeb
SD Viewer for DSC
Security Update for CAPICOM (KB931906)
SoftV92 Data Fax Modem with SmartCP
SonicStage 1.6.00
Sony Notebook Setup
Sony USB Driver
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy 1.4
Synaptics Pointing Device Driver
SystemDoctor 2006 1.1.72.4
Ulead COOL 360 1.0
Ulead VideoStudio 5.0 DV
VAIO BrightColor Wallpaper
VAIO Clock Screen Saver
VAIO DeepSea Wallpaper
VAIO Edit Components
VAIO Enquête (Français)
VAIO Media 2.5
VAIO Media Music Server 2.5
VAIO Media Photo Server 2.5
VAIO Media Platform 2.5
VAIO Media Redistribution 2.5
VAIO Media Setup 2.5
VAIO Nature Screen Saver
VAIO Power Management
Viewpoint Media Player
VOR
VPS
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows XP Service Pack 3

==== End Of File ===========================



mbam log :

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3

14/02/2009 17:09:00
mbam-log-2009-02-14 (17-09-00).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 152465
Temps écoulé: 50 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\usdr6v_is1 (Rogue.SystemDoctor) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{6A781001-245C-47F4-AE5B-25092185B384}\RP517\A0068742.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystems.0ll (Trojan.Agent) -> Quarantined and deleted successfully.



et enfin le log de Kapersky scan :


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 15, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 15, 2009 03:52:21
Records in database: 1798136
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 87597
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:47:51


File name / Threat name / Threats count
C:\Documents and Settings\CAROLINE\Bureau\install.0xe Infected: Rootkit.Win32.TDSS.efc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ieupdates.0xe.vir Infected: Trojan-Downloader.Win32.Agent.bdhq 1
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe Infected: not-a-virusownloader.Win32.WinFixer.ar 1

The selected area was scanned.


Voilà! Que de softs pis en oeuvre !
Il reste apperemment des choses pas nettes ?
Sinon, le PC ne présente pas de comportement anormal désormais, du moins au premier abord.

désolé pour le retard.
J'ai fait ce que tu m'as dit (Combofix + désinstallation d'acrabat reader 7 et java.

Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:31, on 25/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PVSW\Bin\WGE_SRV.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\CAROLINE\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0M2.EXE /P24 "EPSON Stylus Photo RX600" /M "Stylus Photo RX600" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusea [...] xmk144YYFR
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O15 - Trusted Zone: http://www.ebay.fr
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.fr.aol.com/molb [...] insctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 9693801230
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 5453157239
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.fr.aol.com/molb [...] cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Fichiers communs\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EBP Pervasive.SQL - Unknown owner - C:\PVSW\Bin\WGE_SRV.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - http://www.microsoft.com/France/wi [...] S_Aqua.jpg
O24 - Desktop Component 1: (no name) - file:///Fhtml/images/infos_bg.gif
O24 - Desktop Component 2: (no name) - http://www.commeaucinema.com/sites [...] rie_10.jpg

--
End of file - 12718 bytes

Si tu ne vois rien de spécial à éradiquer, je crois qu'on peut conclure maintenant. Merci beaucoup pour ton aide.