System security - aide demandée [Résolu]

Ok merci pour tes instructions.
Par contre, pas moyen de démarrer en mode sans échec (heureusment que j'ai deux ordis!). J'arrive bien sur la page de choix après le démarrage de windows maiis impossible de bouger le curseur...Les flèches ne marchent pas, le clavier semble comme mort...
As tu une idée ?

Plopus,

Ok j'ai fait tout ce que tu as dit, voici les rapports :
(merci d'avance !)

Smitfraud :

SmitFraudFix v2.388

Rapport fait à 23:06:09,18, 02/01/2009
Executé à partir de C:\Documents and Settings\Deuse\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé
C:\WINDOWS\system32\msxml71.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix



Combofix :

ComboFix 09-01-01.02 - Deuse 2009-01-02 23:15:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.767.468 [GMT 1:00]
LancÚ depuis: c:\documents and settings\Deuse\Bureau\ComboFix.exe
* Un nouveau point de restauration a ÚtÚ crÚÚ

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE R+CUP+RATION N'EST PAS INSTALL+E SUR CETTE MACHINE !!/B/COLOR
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\egdaccess.inf
c:\windows\msskinner
c:\windows\msskinner\msbackup.dat
c:\windows\pack.epk
c:\windows\system32\5Dq5sykG.exe.a_a
c:\windows\system32\eglivecam.dll
c:\windows\system32\mseggrpid.dll
c:\windows\system32\nvs2.inf
c:\windows\system32\siyyyca.dat
c:\windows\system32\siyyyca.exe
c:\windows\system32\siyyyca_nav.dat
c:\windows\system32\siyyyca_navps.dat
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers crÚÚs du 2008-12-02 au 2009-01-02 ))))))))))))))))))))))))))))))))))))
.

2009-01-02 23:13 . 2009-01-02 23:13 <REP> d-------- C:\32788R22FWJFW
2009-01-02 22:49 . 2009-01-02 22:49 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 22:49 . 2009-01-02 22:49 <REP> d-------- c:\documents and settings\Deuse\Application Data\Malwarebytes
2009-01-02 22:49 . 2009-01-02 22:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-02 22:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 22:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-02 22:47 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2009-01-02 20:23 . 2009-01-02 20:23 <REP> d-------- c:\program files\Trend Micro
2009-01-02 20:00 . 2009-01-02 20:00 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2009-01-02 18:01 . 2009-01-02 18:01 <REP> d-------- c:\documents and settings\All Users\Application Data\1483702301
2009-01-02 17:58 . 2009-01-02 18:13 73,728 --a------ c:\windows\system32\5Dq5sykG.exe
2008-12-20 20:46 . 2008-12-20 20:46 <REP> d-------- c:\program files\Alwil Software

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 10:26 --------- d-----w c:\program files\DivX
2008-12-20 19:39 --------- d-----w c:\program files\Avast4
2008-12-19 21:49 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-11-30 15:22 --------- d-----w c:\program files\WowCartographe
2008-11-28 11:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 11:41 --------- d-----w c:\program files\ViaMichelin
2008-11-28 11:33 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-28 11:33 --------- d-----w c:\program files\Common Files
2008-11-28 11:33 --------- d-----w c:\program files\AvantGo Connect
2008-11-15 18:15 --------- d-----w c:\program files\Teamspeak2_RC2
2008-11-15 18:15 --------- d-----w c:\documents and settings\Deuse\Application Data\teamspeak2
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2006-12-30 20:26 2,167,119 ----a-w c:\program files\dMC-r11.5.exe
2006-06-20 08:54 68 ----a-w c:\documents and settings\Deuse\getfile.dat
2006-05-10 18:18 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2005-12-10 19:58 1,665,325 ----a-w c:\program files\agsetup.exe
2005-02-17 19:32 8,628 ---ha-w c:\program files\Carcassonne.GID
2005-02-17 17:07 1,564 ----a-w c:\program files\AVG Free.lnk
2004-08-07 17:33 3,566,866 ----a-w c:\program files\wace25.exe
2004-03-07 13:03 620 ----a-w c:\program files\config.eu
2004-03-07 12:51 0 ----a-w c:\program files\netlog.txt
2004-03-07 12:51 0 ----a-w c:\program files\log.txt
2004-03-07 12:51 0 ----a-w c:\program files\debug.txt
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ÚlÚments vides & les ÚlÚments initiaux lÚgitimes ne sont pas listÚs
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-09-12 155896]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-30 28672]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-02-24 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-08 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"1889696942"="c:\documents and settings\All Users\Application Data\1483702301\1889696942.exe" [2009-01-02 1810466]
"nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.3-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-frFR-downloader.exe"=
"f:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-frFR-downloader.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7af90bc-15d3-11dd-9ba5-000b6a1da728}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'TÔches planifiÚes'

2007-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{75061E09-4E76-4122-A40D-A0215F2801C0} - (no file)
WebBrowser-{75061E09-4E76-4122-A40D-A0215F2801C0} - (no file)
HKCU-Run-RVC6Player - c:\windows\system32\tskdbg.exe
HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\Shell.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-RVC6Player - c:\windows\system32\tskdbg.exe
HKLM-Run-NsUpdate - c:\windows\NsUpdate.exe
HKLM-Run-siyyyca - c:\windows\system32\siyyyca.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Examen supplÚmentaire -------
.
uInternet Settings,ProxyServer = 213.244.15.6:3128
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\cenetflt.dll

c:\windows\Downloaded Program Files\PackageHtml.dll - O16 -: PackageHtmlCab
hxxp://acces.blonde.com/package/PackageHtmlCab.CAB
c:\windows\Downloaded Program Files\OSD20.OSD

c:\windows\Downloaded Program Files\installer.dll - O16 -: {01347765-1965-426B-91A4-AA6BB342B9A3}
hxxp://www.1-click.com/common/files/installer-hidden-test.cab

c:\windows\Eve.dll - O16 -: {3AEA6239-7D97-4B70-A342-A824B55E5A5B}
hxxp://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
c:\windows\Downloaded Program Files\Eve.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 23:19:04
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachÚs ...

Recherche d'ÚlÚments en dÚmarrage automatique cachÚs ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????[????`??[???[`??[???????????????[???[???[???[$??????[???????????????[???????????[???w????(????3?w???w?????3?w ??w???[:???????d???r??[1??[???[d??????[?-?[????z??w8h?[\2?[?1?[htinst.INI?[?u?[????d????????F?

Recherche de fichiers cachÚs ...

Scan terminÚ avec succÞs
Fichiers cachÚs: 0

**************************************************************************
.
Heure de fin: 2009-01-02 23:22:11
ComboFix-quarantined-files.txt 2009-01-02 22:20:56

Avant-CF: 1 382 625 280 octets libres
AprÞs-CF: 2,012,217,344 octets libres

181 --- E O F --- 2008-12-18 20:50:54

Malwarebytes :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1597
Windows 5.1.2600 Service Pack 3

03/01/2009 09:06:01
Malwareby.txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 190667
Temps écoulé: 1 hour(s), 46 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\p2ecom.egp2ecom.1 (Adware.EGDAccess) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\eglivecam_1029.dll (Adware.EGDAccess) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\5Dq5sykG.exe (Trojan.FakeAlert) -> No action taken.
F:\System Volume Information\_restore{4364E63D-BC3A-43AF-B985-7DF69C5E7649}\RP95\A0010312.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\eglivecam_1029.dll (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\Deuse\Bureau\System Security.lnk (Rogue.SystemSecurity) -> No action taken.

HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:47, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\All Users\Application Data\1483702301\1889696942.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ExtremePad\ExtremePad22.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.244.15.6:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB002" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [1889696942] "C:\Documents and Settings\All Users\Application Data\1483702301\1889696942.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto.com/ectelechargement/xupload/XUpload.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Hello

Voici les rapports :

Thx ! :)

Maleware :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1597
Windows 5.1.2600 Service Pack 3

03/01/2009 12:35:33
mbam-log-2009-01-03 (12-35-33).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 188790
Temps écoulé: 1 hour(s), 32 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\eglivecam_1029.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\5Dq5sykG.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{4364E63D-BC3A-43AF-B985-7DF69C5E7649}\RP95\A0010312.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eglivecam_1029.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\Deusedas\Bureau\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.


USBfix :

-------------- UsbFix V2.413.8 ---------------

* User : Deuse - DEUSE-PC7QY1HG3
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 12:45:43 le 03/01/2009
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur de CD-ROM

F: - Lecteur fixe

G: - Lecteur amovible


+- Contenu de l'autorun : D:\autorun.inf

[autorun]
Open=AutoRun.exe
Icon=SETUP.EXE
Name=Rush Hour


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[20/12/2003 15:34][--a------] C:\AUTOEXEC.BAT
[22/10/2004 22:40][-rahs----] C:\NTDETECT.COM
[30/07/2004 22:25][--a------] C:\psa201se_DLM_fre_full.exe
[30/07/2004 22:25][--a------] C:\reboot.exe
[30/07/2004 22:25][--a------] C:\StubInstaller.exe
[22/10/2004 23:02][-rahs----] C:\boot.ini
[30/07/2006 15:23][--a------] C:\additdiag.txt
[30/07/2006 15:23][--a------] C:\Bug.txt
[30/07/2006 15:23][--a------] C:\ComboFix.txt
[30/07/2006 15:23][--a------] C:\install_comp.txt
[30/07/2006 15:23][--a------] C:\rapport.txt
[30/07/2006 15:23][--a------] C:\UsbFix.txt
[20/12/2003 15:34][--a------] C:\CONFIG.SYS
[20/12/2003 15:34][--a------] C:\IO.SYS
[20/12/2003 15:34][--a------] C:\MSDOS.SYS
[20/12/2003 15:34][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur de CD-ROM


+- Listing des fichiers présents :

[28/08/2003 23:39][-r-------] D:\AutoRun.exe
[28/08/2003 23:39][-r-------] D:\SC4_UNINST.EXE
[28/08/2003 23:39][-r-------] D:\SETUP.EXE
[28/08/2003 23:52][-r-------] D:\autorun.inf
[28/08/2003 23:17][-r-------] D:\SECDRV.SYS

--------------- [ Lecteur F ] ----------------

F: - Lecteur fixe


+- Listing des fichiers présents :

[24/04/2003 13:00][-rahs----] F:\NTDETECT.COM
[21/03/2005 18:42][---hs----] F:\boot.ini
[20/08/2005 16:12][--ahs----] F:\hiberfil.sys
[20/08/2005 16:12][--ahs----] F:\pagefile.sys

--------------- [ Lecteur G ] ----------------

G: - Lecteur amovible


+- Listing des fichiers présents :


--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
HTpatch=C:\WINDOWS\htpatch.exe
SiSUSBRG=C:\WINDOWS\SiSUSBrg.exe
nwiz=nwiz.exe /install
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
EPSON Stylus DX4200 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB002" /M "Stylus DX4200"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
1889696942="C:\Documents and Settings\All Users\Application Data\1483702301\1889696942.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7af90bc-15d3-11dd-9ba5-000b6a1da728}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [03/01/2009 09:52][--a------] C:\WINDOWS\system32\tmp.reg
Supprimé ! - [03/01/2009 09:52][--a------] C:\WINDOWS\system32\tmp.txt
Echec de la supression !! - [28/08/2003 23:52] D:\autorun.inf
Echec de la supression !! - [28/08/2003 23:39] D:\autorun.exe
Echec de la supression !! - [28/08/2003 23:39] D:\Setup.exe
Echec de la supression !! - [28/08/2003 23:52] D:\autorun.inf
Echec de la supression !! - [28/08/2003 23:52] D:\AutoRun
Echec de la supression !! - [28/08/2003 23:52] D:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[20/12/2003 15:34][--a------] C:\AUTOEXEC.BAT
[22/10/2004 22:40][-rahs----] C:\NTDETECT.COM
[30/07/2004 22:25][--a------] C:\psa201se_DLM_fre_full.exe
[30/07/2004 22:25][--a------] C:\reboot.exe
[30/07/2004 22:25][--a------] C:\StubInstaller.exe
[22/10/2004 23:02][-rahs----] C:\boot.ini
[28/08/2003 23:39][-r-------] D:\AutoRun.exe
[28/08/2003 23:39][-r-------] D:\SC4_UNINST.EXE
[28/08/2003 23:39][-r-------] D:\SETUP.EXE
[28/08/2003 23:52][-r-------] D:\autorun.inf
[24/04/2003 13:00][-rahs----] F:\NTDETECT.COM
[21/03/2005 18:42][---hs----] F:\boot.ini

--------------- ! Fin du rapport ! ----------------

HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:31, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\All Users\Application Data\1483702301\1889696942.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.244.15.6:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB002" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [1889696942] "C:\Documents and Settings\All Users\Application Data\1483702301\1889696942.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto.com/ectelechargement/xupload/XUpload.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Alors, le soucis c'est que j'ai par erreur caché 'documents and settings' en croyant en fait faire apparaitre les fichier cachés (j'ai tout compris à l'envers en fait) et maintenant je ne parviens pas à le faire revenir...sais tu comment faire ?
De +, System Security est toujours là...en moins relou mais les popus viennent toujours toutes les 2 mn environs...
Merci :)

Re

J'ai fait tourner Rogueremover et tout est clean. Par contre, pas moyen de mettre la main sur le rapport, même en suivant le tuto. Peut etre n'y en a t-il pas, vu qu'il n'a rien trouvé ?
Et System Security est toujours là...
Merci d'avance :)
a+

Bon, apparemment plus de pub, System Security m'a l'air d'être parti ! oufff... :)
Mais je n'ai toujours pas retrouvé mes fichiers cachés :(
Merci pour ton aide :)

Je te poste ici les rapports :

MoveIt :

========== FILES ==========
C:\Documents and Settings\All Users\Application Data\1483702301\1889696942.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01032009_210404

Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:23, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.244.15.6:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB002" /M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.fr/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.fnacphoto.com/ectelechargement/xupload/XUpload.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Hello !

Bon maintenant tout marche bien, je m'occuperai d'avast dès demain. Encore merci pour ton aide, c'est super sympa :)


Voici le rapport de Tools cleaner :
[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\SDFIX: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Deusedas\Bureau\SmitFraudFix.zip: trouvé !
C:\Documents and Settings\Deusedas\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\Deusedas\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Deusedas\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Deusedas\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Deusedas\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\Deusedas\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\Deusedas\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\Deusedas\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Deusedas\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Deusedas\Bureau\SmitfraudFix\SmitFraudfix: trouvé !
C:\Documents and Settings\Deusedas\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\Deusedas\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Program Files\UsbFix\Tools\NIRCMD.exe: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !

a++

Encore merci, tout est nickel maintenant :)
a+++