Avast détecte vbs malware-gen [Résolu]

Salut,

Tu as un big problème car antivir t'a détécté 10 virus ou programmes non souhaités.
10 viruses and/or unwanted programs were found
Donc oui ton ordinateur est bel et bien infecté et avast n'avait pas tout vu.

@+

oui effectivement j'ai mis les 10 malwares en quarantaines est ce la bonne solution ?

je joins le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:49, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\KARIMB~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Karim Bellahcene\Mes documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Windows Updater] WinUpdater.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: DirectX Service (DirectZikz) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

bonjour à toutes et à tous

quelqu'un peut il jeter un coup d'oeil au rapport HijackThis juste au dessus et me dire si je dois faire quelque chose ?

bien à vous

Salut,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

A+

bonjour Regis59 et merci beaucoup pour ton aide

rapport sdfix:


SDFix: Version 1.120

Run by Karim Bellahcene on 30/12/2007 at 15:28

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
DirectZikz

Path:
C:\WINDOWS\system32\directx.exe

DirectZikz - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 15:34:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Sat 7 Oct 2006 390,023 A.SHR --- "C:\Program Files\wunauclt.zip"
Sat 19 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 19 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 19 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 19 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 19 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Fri 3 Feb 2006 2,045 ...H. --- "C:\WINDOWS\system32\whlb32f.dll"
Tue 2 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 29 Dec 2007 6,656 A..H. --- "C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP5\A0000942.exe"
Sat 29 Dec 2007 1,024 A..H. --- "C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP5\A0000943.sys"
Wed 4 Apr 2001 28,738 ...HR --- "C:\Documents and Settings\All Users\Documents\MSDE2000\SQLRESLD.DLL"
Tue 7 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:09, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\DOCUME~1\KARIMB~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Documents and Settings\Karim Bellahcene\Mes documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

C'est deja mieux.

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

ça y est Regis59 combofix sur le bureau et voici le résultat :

ComboFix 07-12-21.4 - Karim Bellahcene 2007-12-30 15:54:35.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.655 [GMT 1:00]
Running from: C:\Documents and Settings\Karim Bellahcene\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-28 to 2007-12-30 ))))))))))))))))))))))))))))))))))))
.

2007-12-30 15:26 . 2007-12-30 15:26 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-30 00:34 . 2007-12-30 00:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-30 00:33 . 2007-12-30 00:33 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-30 00:32 . 2007-12-30 00:32 <REP> d-------- C:\WINDOWS\Internet Logs
2007-12-28 23:10 . 2007-12-28 23:10 <REP> d-------- C:\Program Files\Avira
2007-12-28 23:10 . 2007-12-28 23:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-18 21:19 . 2007-12-18 21:19 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-12-08 21:23 . 2007-12-08 21:23 <REP> d-------- C:\Program Files\Windows Live
2007-12-08 21:23 . 2007-12-08 21:23 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-08 21:22 . 2007-12-08 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-15 10:16 . 2007-11-15 10:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-09 18:08 . 2007-11-09 18:08 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2007-11-09 16:58 . 2007-11-09 16:58 <REP> d-------- C:\Virtual
2007-11-09 16:56 . 2007-11-09 16:56 <REP> d-------- C:\WINDOWS\E4153266612C460FAB94C9DB6802459A.TMP
2007-11-09 16:56 . 2007-11-09 16:56 <REP> d-------- C:\Program Files\securedie
2007-11-09 16:56 . 2007-11-09 16:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BufferZone
2007-11-06 19:07 . 2007-11-06 19:07 <REP> d-------- C:\Program Files\uTorrent
2007-11-06 19:06 . 2007-11-06 19:06 <REP> d-------- C:\Documents and Settings\Karim Bellahcene\Application Data\uTorrent
2007-11-04 16:55 . 2007-11-04 17:05 486 --a------ C:\WINDOWS\SStylerPro.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-30 14:21 8,224 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-30 14:21 1,172 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 23:34 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 23:34 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-16 19:14 87,608 ----a-w C:\Documents and Settings\Karim Bellahcene\Application Data\ezpinst.exe
2007-12-16 19:14 47,360 ----a-w C:\Documents and Settings\Karim Bellahcene\Application Data\pcouffin.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:01 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-01 20:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2006-10-07 20:54 390,023 --sha-r C:\Program Files\wunauclt.zip
2006-10-07 20:54 390,023 --sha-r C:\Program Files\wunauclt.tbe
2006-08-27 15:19 56,239 ----a-w C:\Program Files\svchosts.tbe
.

((((((((((((((((((((((((((((( snapshot@2007-12-29_11.19.00.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-12-29 06:04:44 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-30 14:27:08 9,179,136 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-30 14:27:08 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-29 06:04:44 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-30 14:26:38 9,179,136 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-30 14:26:38 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-05-30 23:03:48 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-05-30 23:03:50 119,576 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-06-21 20:55:28 21,904 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll
+ 2007-06-21 20:55:28 17,808 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll
+ 2007-06-21 20:54:26 796,048 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
+ 2004-04-27 03:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
+ 2007-06-21 20:54:30 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-06-21 20:54:52 394,984 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-06-21 20:54:32 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-06-21 20:54:32 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-06-21 20:54:32 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-06-21 20:54:32 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-06-21 20:54:34 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-06-21 20:55:30 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll
+ 2007-06-21 20:54:34 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-06-21 20:54:34 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2007-06-21 20:54:34 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-06-21 20:54:34 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-12-29 23:36:04 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-06-21 20:54:24 366,112 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-06-21 20:55:26 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll
+ 2007-05-30 23:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 13:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 23:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 22:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-05-30 23:03:16 258,048 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 17:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-30 23:03:18 118,784 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 17:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-06-21 20:54:24 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2007-06-21 20:55:26 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll
+ 2004-01-30 11:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-06-21 20:54:24 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-06-21 20:54:26 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-06-21 20:54:26 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll
+ 2007-06-21 20:55:26 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
+ 2007-06-21 20:55:28 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
+ 2007-06-21 20:54:54 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-06-21 20:54:54 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-06-21 20:54:54 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-06-21 20:56:16 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-06-21 20:56:16 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-06-11 11:43:50 714,472 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-06-11 11:43:52 788,200 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-06-21 20:54:28 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-06-11 11:43:56 1,496,808 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 11:44:10 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-06-21 20:54:28 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-06-21 20:56:16 210,432 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-06-21 20:56:18 3,229,176 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2007-06-21 20:55:28 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll
+ 2006-09-04 19:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2007-12-30 08:11:26 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-06-21 20:54:46 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-06-21 20:55:30 75,152 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll
+ 2007-01-11 16:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-06-21 20:54:30 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-06-21 20:54:30 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll
+ 2007-06-21 20:54:46 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-06-21 20:55:30 46,480 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll
+ 2007-06-21 20:54:32 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-06-21 20:54:32 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-06-21 20:55:30 198,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll
+ 2007-06-21 20:54:34 243,176 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-06-21 20:55:30 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-06-21 20:54:36 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-06-21 20:54:36 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-06-21 20:55:32 17,808 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll
+ 2007-06-21 20:54:36 378,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-06-21 20:55:32 21,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll
+ 2007-06-21 20:54:36 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-06-21 20:54:40 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
+ 2007-06-21 20:54:48 75,248 ----a-w C:\WINDOWS\zllsputility.exe
+ 2007-06-21 20:55:32 42,384 ----a-w C:\WINDOWS\zllsputility_loc040c.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34]
"LaunchApp"="Alaunch" []
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 20:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-07-20 05:58 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RunDLL32.exe" [2004-08-10 20:00 C:\WINDOWS\system32\rundll32.exe]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 18:54 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-28 23:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"= 0 (0x0)
"NoTrayItemsDisplay"= 0 (0x0)

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 14:10]
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-06-16 19:17]
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-06-16 19:17]
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-06-16 19:17]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Karim Bellahcene\Local Settings\TEMP\DrvFltIp []
S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00]

*Newly Created Service* - INT15.SYS
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-07-13 13:00:02 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-13 19:00:02 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe

"2007-04-13 09:00:02 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-13 19:00:02 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-04-13 09:00:02 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-07-13 13:00:02 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-11-07 06:48:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 15:56:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 15:57:18
C:\ComboFix2.txt ... 2007-12-29 11:19
.
2007-12-13 07:08:27 --- E O F ---

Ok.

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le Smitfraudfix.exe et choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

A+

Ok voici :

SmitFraudFix v2.274

Rapport fait à 16:14:57,65, 30/12/2007
Executé à partir de C:\Documents and Settings\Karim Bellahcene\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\DOCUME~1\KARIMB~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Karim Bellahcene


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Karim Bellahcene\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KARIMB~1\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Re,

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport.

Pendant que tu es en mode sans échec, scanne ton PC avec antivir.

Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum de Smitfraudfix et Antivir.

A+

Re Regis59,

désolé pour le temps que cela a pris

rapport Smitfraudix :

SmitFraudFix v2.274

Rapport fait à 16:31:20,25, 30/12/2007
Executé à partir de C:\Documents and Settings\Karim Bellahcene\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\Tasks\At?.job supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DF310156-43A1-4812-9FB5-5D87645F3EC0}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

rapport scan antivir :



AntiVir PersonalEdition Classic
Report file date: dimanche 30 décembre 2007 17:49

Scanning for 995385 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Karim Bellahcene
Computer name: ACER-BELLAHCENE

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:12:06
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 22:12:06
ANTIVIR3.VDF : 7.0.1.175 14848 Bytes 30/12/2007 15:09:02
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 28/12/2007 22:12:06
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 28/12/2007 22:12:06
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 30 décembre 2007 17:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>


End of the scan: dimanche 30 décembre 2007 19:52
Used time: 2:02:31 min

The scan has been done completely.

6403 Scanning directories
426467 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
426467 Files not concerned
9179 Archives were scanned
3 Warnings
18 Notes

Re,

Ou en sont tes soucis?

A+

Re Regis59 et je te remercie de t'occuper de mon pc

bah disons que j'ai pensé que mon pc était peut être encore infecté. Tu en penses quoi ? Mon PC est clean ? j'ai remarqué 3 warnings détecté par antivir.

merci pour tout

Re

Je n'ai pas le détail du rapport donc je ne sais pas ou sont les Warning.

Si tu veux vérifier encore plus, je peux te proposer un scan en ligne !

A+

Regis59

je t'ai posté les deux rapports le premier de Smitfraudix et en dessous j'ai posté le rapport antivir
je te le remets :



AntiVir PersonalEdition Classic
Report file date: dimanche 30 décembre 2007 17:49

Scanning for 995385 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Karim Bellahcene
Computer name: ACER-BELLAHCENE

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:12:06
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 22:12:06
ANTIVIR3.VDF : 7.0.1.175 14848 Bytes 30/12/2007 15:09:02
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 28/12/2007 22:12:06
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 28/12/2007 22:12:06
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 30 décembre 2007 17:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>


End of the scan: dimanche 30 décembre 2007 19:52
Used time: 2:02:31 min

The scan has been done completely.

6403 Scanning directories
426467 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
426467 Files not concerned
9179 Archives were scanned
3 Warnings
18 Notes

Au temps pour moi, je n'avais pas vu les Warning.

C'est ok pour les rapports !

Ou en sont tes soucis?

A+

Merci pour tout Regis59

En fait j'avais un souci quand j'avais avast qui me détectait tout le temps vbs malware-gen. J'ai désinstallé avast et mis antivir qui m'a détecté 10 virus que j'ai mis en quarantaine. Comme tu as certainement dû le constater j'ai également installé Zonealarm. Et ensuite j'ai posté mon log HijackThis et c'est à ce moment que tu es intervenu.
donc je suppose que tout est ok maintenant surtout si tu me confirmes que mes rapports sont clean.

merci encore

D'ailleurs Régis59

tous les programmes que tu m'as dit d'installer sur le bureau dois-je les conserver ? de même les rapports ?

encore merci

Yes c'est clean.

Pour supprimer les programmes qu'on a utilisé, utilise ceci, il va le faire automatiquement:

[*]Télécharge http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe sur ton Bureau.
[*]Clique sur Recherche et laisse le scan se terminer.
[*]Clique sur Suppression pour finaliser.
[*]Tu peux, si tu le souhaites, te servir des Options facultatives.
[*]Clique sur Quitter, pour que le rapport puisse se créer.
[*]Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

A+