VIRUS - voici mon rapport Hijackthis

il te di vrai jorai di la même sen me lancé des fleur bon taf

D'accord, j'ai viré les "no name" et "file missing" comme demandé :)
Voici le nouveau rapport. Je fais quoi maintenant ? :)



__________________________

Logfile of HijackThis v1.99.1
Scan saved at 13:43:20, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061206
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.akeo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/fr-fr?c=fr&l=fr&s=gen&redirect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5061206
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {75A469FF-0681-4EC3-8CEC-95DB40C9A285} - C:\WINDOWS\system32\wvuroml.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: {50fda236-0b76-124a-34d4-692d12a5dbdc} - {cdbd5a21-d296-4d43-a421-67b0632adf05} - C:\WINDOWS\system32\ownawker.dll
O2 - BHO: (no name) - {D31C6945-8951-4615-BB3C-4F5120A760CE} - C:\WINDOWS\system32\geede.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [f8d41c54] rundll32.exe "C:\WINDOWS\system32\osdlmhtv.dll",b
O4 - HKLM\..\Run: [BMfbe72fc8] Rundll32.exe "C:\WINDOWS\system32\phcuajqk.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?69f8b1c706a4495394eab8b59e14a9b6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?69f8b1c706a4495394eab8b59e14a9b6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wvuroml - C:\WINDOWS\SYSTEM32\wvuroml.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Et ses deux infections, tu ne t'en occupes pas?

Et sa version HitJacThis périmée qui fait que certaines infections peuvent ne pas apparaitre, tu ne t'en occupes pas ?

En quoi une défragmentation va supprimer ce qui le pourri ?

Pourquoi tu donnes la clef d'un logiciel en dépit de la charte ?

Merci de t'occuper de moi booddha :)


- combofix ne marche pas. Ca me lance une fenetre bleu. Il attend que je tappe une commande. Mais rien ne s'affiche. Si je tappe "1" rien ne se passe. Donc 1 + Entrée ne marche pas.
En plus je ne peux pas fermer la fernetre bleue qui s'affiche, je suis obligé de faire le violent par ctrl+alt+supr pour la fermer

- vundofix marche. Il a corrigé plusieurs problemes.

- VirtumundoBeGone a d'abbord fait planter le PC. J'ai été obligé de couper l'alim.
WinXP a heureusement bien voulu redemarrer.
J'ai relancé VirtumundoBeGone.exe il m'a juste ouvert un rapport avec notepad. Tu en as besoin ?


J'attends ta réponse avant de te filer les rapports de VirtumundoBeGone et de Hijackthis car ca pollu un peut mon thread tous ces rapports lol

(ok je te rappelle que combofix n'a pas marché, c'est peut etre dommage ?)

Voici tout d'abord le rapport de VirtumundoBeGone



________________


[03/20/2008, 15:58:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Romain\Bureau\VirtumundoBeGone.exe" )
[03/20/2008, 15:58:33] - Detected System Information:
[03/20/2008, 15:58:33] - Windows Version: 5.1.2600, Service Pack 2
[03/20/2008, 15:58:33] - Current Username: Romain (Admin)
[03/20/2008, 15:58:33] - Windows is in NORMAL mode.
[03/20/2008, 15:58:33] - Searching for Browser Helper Objects:
[03/20/2008, 15:58:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/20/2008, 15:58:33] - BHO 2: {1D16B42E-4D0B-40A5-9C4F-9417A36AF353} ()
[03/20/2008, 15:58:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:33] - No filename found. Continuing.
[03/20/2008, 15:58:33] - BHO 3: {3e9dd9c6-dfa0-44d6-9301-49163770a6b3} ()
[03/20/2008, 15:58:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 4: {41DAE941-9116-4E92-A63D-0AD42BEE065C} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/20/2008, 15:58:34] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[03/20/2008, 15:58:34] - BHO 7: {5CB6AD17-2C52-4D98-8494-EA958D0FE3D3} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 8: {6559BE4E-77DD-45B7-A647-DCA854D61DED} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 9: {70ced720-e1b0-4959-b378-1dbf6f70cd56} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 10: {75A469FF-0681-4EC3-8CEC-95DB40C9A285} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - Checking for HKLM\...\Winlogon\Notify\wvuroml
[03/20/2008, 15:58:34] - Found: HKLM\...\Winlogon\Notify\wvuroml - This is probably Virtumundo.
[03/20/2008, 15:58:34] - Assigning {75A469FF-0681-4EC3-8CEC-95DB40C9A285} MSEvents Object
[03/20/2008, 15:58:34] - BHO list has been changed! Starting over...
[03/20/2008, 15:58:34] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/20/2008, 15:58:34] - BHO 2: {1D16B42E-4D0B-40A5-9C4F-9417A36AF353} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 3: {3e9dd9c6-dfa0-44d6-9301-49163770a6b3} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 4: {41DAE941-9116-4E92-A63D-0AD42BEE065C} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/20/2008, 15:58:34] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[03/20/2008, 15:58:34] - BHO 7: {5CB6AD17-2C52-4D98-8494-EA958D0FE3D3} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 8: {6559BE4E-77DD-45B7-A647-DCA854D61DED} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 9: {70ced720-e1b0-4959-b378-1dbf6f70cd56} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 10: {75A469FF-0681-4EC3-8CEC-95DB40C9A285} (MSEvents Object)
[03/20/2008, 15:58:34] - ALERT: Found MSEvents Object!
[03/20/2008, 15:58:34] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/20/2008, 15:58:34] - BHO 12: {81ADA27C-6D18-4C01-AA9C-159C3C246865} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 13: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[03/20/2008, 15:58:34] - BHO 14: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/20/2008, 15:58:34] - BHO 15: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[03/20/2008, 15:58:34] - BHO 16: {cdbd5a21-d296-4d43-a421-67b0632adf05} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - Checking for HKLM\...\Winlogon\Notify\ownawker
[03/20/2008, 15:58:34] - Key not found: HKLM\...\Winlogon\Notify\ownawker, continuing.
[03/20/2008, 15:58:34] - BHO 17: {D0FB3614-7C63-479E-9F93-BF08D91D4AEC} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - Checking for HKLM\...\Winlogon\Notify\geede
[03/20/2008, 15:58:34] - Key not found: HKLM\...\Winlogon\Notify\geede, continuing.
[03/20/2008, 15:58:34] - BHO 18: {D31C6945-8951-4615-BB3C-4F5120A760CE} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 19: {D40A083C-3972-4A08-A486-A015CCBD51E6} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - BHO 20: {E6F1CEF3-813A-4BC9-80D3-F2D1D428E833} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/20/2008, 15:58:34] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/20/2008, 15:58:34] - BHO 21: {F8307AD8-F7E4-4360-B953-4AD86B12A2DA} ()
[03/20/2008, 15:58:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:34] - No filename found. Continuing.
[03/20/2008, 15:58:34] - Finished Searching Browser Helper Objects
[03/20/2008, 15:58:34] - *** Detected MSEvents Object
[03/20/2008, 15:58:34] - Trying to remove MSEvents Object...
[03/20/2008, 15:58:35] - Terminating Process: IEXPLORE.EXE
[03/20/2008, 15:58:35] - Terminating Process: RUNDLL32.EXE
[03/20/2008, 15:58:36] - Disabling Automatic Shell Restart
[03/20/2008, 15:58:36] - Terminating Process: EXPLORER.EXE
[03/20/2008, 15:58:36] - Suspending the NT Session Manager System Service
[03/20/2008, 15:58:36] - Terminating Windows NT Logon/Logoff Manager
[03/20/2008, 15:58:37] - Re-enabling Automatic Shell Restart
[03/20/2008, 15:58:37] - File to disable: C:\WINDOWS\system32\wvuroml.dll
[03/20/2008, 15:58:37] - Renaming C:\WINDOWS\system32\wvuroml.dll -> C:\WINDOWS\system32\wvuroml.dll.vir
[03/20/2008, 15:58:37] - File successfully renamed!
[03/20/2008, 15:58:37] - Removing HKLM\...\Browser Helper Objects\{75A469FF-0681-4EC3-8CEC-95DB40C9A285}
[03/20/2008, 15:58:37] - Removing HKCR\CLSID\{75A469FF-0681-4EC3-8CEC-95DB40C9A285}
[03/20/2008, 15:58:37] - Adding Kill Bit for ActiveX for GUID: {75A469FF-0681-4EC3-8CEC-95DB40C9A285}
[03/20/2008, 15:58:37] - Deleting ATLEvents/MSEvents Registry entries
[03/20/2008, 15:58:37] - Removing HKLM\...\Winlogon\Notify\wvuroml
[03/20/2008, 15:58:37] - Searching for Browser Helper Objects:
[03/20/2008, 15:58:37] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/20/2008, 15:58:37] - BHO 2: {1D16B42E-4D0B-40A5-9C4F-9417A36AF353} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 3: {3e9dd9c6-dfa0-44d6-9301-49163770a6b3} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 4: {41DAE941-9116-4E92-A63D-0AD42BEE065C} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/20/2008, 15:58:37] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[03/20/2008, 15:58:37] - BHO 7: {5CB6AD17-2C52-4D98-8494-EA958D0FE3D3} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 8: {6559BE4E-77DD-45B7-A647-DCA854D61DED} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 9: {70ced720-e1b0-4959-b378-1dbf6f70cd56} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/20/2008, 15:58:37] - BHO 11: {81ADA27C-6D18-4C01-AA9C-159C3C246865} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[03/20/2008, 15:58:37] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/20/2008, 15:58:37] - BHO 14: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[03/20/2008, 15:58:37] - BHO 15: {cdbd5a21-d296-4d43-a421-67b0632adf05} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - Checking for HKLM\...\Winlogon\Notify\ownawker
[03/20/2008, 15:58:37] - Key not found: HKLM\...\Winlogon\Notify\ownawker, continuing.
[03/20/2008, 15:58:37] - BHO 16: {D0FB3614-7C63-479E-9F93-BF08D91D4AEC} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - Checking for HKLM\...\Winlogon\Notify\geede
[03/20/2008, 15:58:37] - Key not found: HKLM\...\Winlogon\Notify\geede, continuing.
[03/20/2008, 15:58:37] - BHO 17: {D31C6945-8951-4615-BB3C-4F5120A760CE} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 18: {D40A083C-3972-4A08-A486-A015CCBD51E6} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - BHO 19: {E6F1CEF3-813A-4BC9-80D3-F2D1D428E833} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/20/2008, 15:58:37] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/20/2008, 15:58:37] - BHO 20: {F8307AD8-F7E4-4360-B953-4AD86B12A2DA} ()
[03/20/2008, 15:58:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 15:58:37] - No filename found. Continuing.
[03/20/2008, 15:58:37] - Finished Searching Browser Helper Objects
[03/20/2008, 15:58:37] - Finishing up...
[03/20/2008, 15:58:37] - A restart is needed.
[03/20/2008, 15:58:37] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[03/20/2008, 15:58:50] - Attempting to Restart via STOP error (Blue Screen!)

[03/20/2008, 16:02:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Romain\Bureau\VirtumundoBeGone.exe" )
[03/20/2008, 16:03:04] - Detected System Information:
[03/20/2008, 16:03:04] - Windows Version: 5.1.2600, Service Pack 2
[03/20/2008, 16:03:04] - Current Username: Romain (Admin)
[03/20/2008, 16:03:04] - Windows is in NORMAL mode.
[03/20/2008, 16:03:04] - Searching for Browser Helper Objects:
[03/20/2008, 16:03:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[03/20/2008, 16:03:04] - BHO 2: {1D16B42E-4D0B-40A5-9C4F-9417A36AF353} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 3: {3e9dd9c6-dfa0-44d6-9301-49163770a6b3} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 4: {41DAE941-9116-4E92-A63D-0AD42BEE065C} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/20/2008, 16:03:04] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[03/20/2008, 16:03:04] - BHO 7: {5CB6AD17-2C52-4D98-8494-EA958D0FE3D3} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 8: {6559BE4E-77DD-45B7-A647-DCA854D61DED} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 9: {70ced720-e1b0-4959-b378-1dbf6f70cd56} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 10: {75A469FF-0681-4EC3-8CEC-95DB40C9A285} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 11: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/20/2008, 16:03:04] - BHO 12: {81ADA27C-6D18-4C01-AA9C-159C3C246865} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 13: {866F9D4A-05A6-4932-BA09-CA37B68E2B8B} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/20/2008, 16:03:04] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/20/2008, 16:03:04] - BHO 14: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[03/20/2008, 16:03:04] - BHO 15: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/20/2008, 16:03:04] - BHO 16: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[03/20/2008, 16:03:04] - BHO 17: {cdbd5a21-d296-4d43-a421-67b0632adf05} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - Checking for HKLM\...\Winlogon\Notify\ownawker
[03/20/2008, 16:03:04] - Key not found: HKLM\...\Winlogon\Notify\ownawker, continuing.
[03/20/2008, 16:03:04] - BHO 18: {D0FB3614-7C63-479E-9F93-BF08D91D4AEC} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - Checking for HKLM\...\Winlogon\Notify\geede
[03/20/2008, 16:03:04] - Key not found: HKLM\...\Winlogon\Notify\geede, continuing.
[03/20/2008, 16:03:04] - BHO 19: {D31C6945-8951-4615-BB3C-4F5120A760CE} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 20: {D40A083C-3972-4A08-A486-A015CCBD51E6} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 21: {E6F1CEF3-813A-4BC9-80D3-F2D1D428E833} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - BHO 22: {F8307AD8-F7E4-4360-B953-4AD86B12A2DA} ()
[03/20/2008, 16:03:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/20/2008, 16:03:04] - No filename found. Continuing.
[03/20/2008, 16:03:04] - Finished Searching Browser Helper Objects
[03/20/2008, 16:03:04] - Finishing up...
[03/20/2008, 16:03:04] - Nothing found! Exiting...

- SDFix a bien fonctionné.
Maintenant, il n'y a plus le www.007guard.com ecrit un peu partout dans mon firewall. Ca a disparu.


- je confirme que depuis hier soir, les pop ups d'IE ont totalement disparu.


- ComboFix ne marche toujours pas. Ca me met "version expirée", et ca quitte. Je n'arrive pas a trouver de version de ComboFix non expirée...c'est quoi le site officiel ? je ne le trouve pas.


- j'ai toujours cette erreur au démarage:
RUNdll
Erreur de chargement de C:\WINDOWS\system32\osdlmhtv.dll
Le module spécifié est introuvable.


- MSN ne se connecte toujours pas, MSN ne marche plus depuis que je suis infecté, ca vient forcement d'un virus qui a foutu le bordel. Je l'ai pourtant desinstallé et reinstallé mais ca ne change rien.


- j'ai toujours 600 fichiers ZIP vides qui se creent de temps en temps dans mon dossiers downloads (là ou je mets mes téléchargements)



Voici mon rapport SDFix (tu veux un nouveau rapport Hijackthis ?):



___________________________________





[b]SDFix: Version 1.159 /b

Run by Administrateur on 20/03/2009 at 21:55

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFIX\SDFix

[b]Checking Services /b:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\WINDOWS\system32\WinSpooler.exe - Deleted





Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 22:29:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:4e0934b2
"s2"=dword:b41ef20f
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f0,cd,72,0a,da,b2,a5,b4,e5,df,71,19,7a,14,75,be,47,b2,cd,0a,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1c,2e,e8,b6,6d,19,4a,cc,bc,1a,50,78,40,81,36,a3,72,..
"khjeh"=hex:2d,29,fa,60,e8,b2,18,55,b7,04,8e,43,64,91,26,a0,6a,00,f4,f0,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e5,08,be,a9,72,b7,84,1d,cd,6d,c1,2d,a5,7a,76,9e,98,e7,09,e4,79,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C92FBAA7-07ED-4C65-9E32-052F02771A3C}]
"DhcpRetryTime"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f0,cd,72,0a,da,b2,a5,b4,e5,df,71,19,7a,14,75,be,47,b2,cd,0a,49,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1c,2e,e8,b6,6d,19,4a,cc,bc,1a,50,78,40,81,36,a3,72,..
"khjeh"=hex:2d,29,fa,60,e8,b2,18,55,b7,04,8e,43,64,91,26,a0,6a,00,f4,f0,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e5,08,be,a9,72,b7,84,1d,cd,6d,c1,2d,a5,7a,76,9e,98,e7,09,e4,79,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"
"Version"=dword:000a0000
"Sub-Version"=dword:000010ec
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"
"Version"=dword:000a0000
"Sub-Version"=dword:000010ec
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"
"Version"=dword:000a0000
"Sub-Version"=dword:0000108c
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"
"Version"=dword:000a0000
"Sub-Version"=dword:000010ec
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"
"Version"=dword:000a0000
"Sub-Version"=dword:000010ec
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]
"FriendlyName"="Windows Media Files"
"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"
"Version"=dword:000a0000
"Sub-Version"=dword:000010ec
"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"
"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"LoadAppInit_DLLs"=dword:00000001

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8


[b]Remaining Services /b:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC2\\server_windows.exe:*:Enabled:Server"
"C:\\Program Files\\Commandos II\\comm2.exe"="C:\\Program Files\\Commandos II\\comm2.exe:*:Enabled:comm2"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW-BI.exe"="C:\\Program Files\\Activision\\Rome - Total War\\RomeTW-BI.exe:*:Enabled:Rome: Total War - Barbarian Invasion"
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"="C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW-ALX.exe"="C:\\Program Files\\Activision\\Rome - Total War\\RomeTW-ALX.exe:*:Enabled:Rome: Total War - Alexander"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"="C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe:*:Enabled:Proxy Switcher"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Documents and Settings\\Romain\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Romain\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Downloads\\Charon\\Charon.exe"="C:\\Downloads\\Charon\\Charon.exe:*:Enabled:Charon - A proxy checking / scanning program."
"D:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe"="D:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"D:\\Program Files\\EA GAMES\\MOHDA DMW\\moh_spearhead.exe"="D:\\Program Files\\EA GAMES\\MOHDA DMW\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"D:\\Program Files\\EA GAMES\\Copie de MOHDA\\moh_spearhead.exe"="D:\\Program Files\\EA GAMES\\Copie de MOHDA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\GordianKnot\\EA GAMES\\MOHDA\\moh_spearhead.exe"="C:\\Program Files\\GordianKnot\\EA GAMES\\MOHDA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\HD Publishing\\Joint Task Force\\jtf.exe"="C:\\Program Files\\HD Publishing\\Joint Task Force\\jtf.exe:*:Disabled:jtf"
"C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"="C:\\Program Files\\Xi\\NetXfer\\NetTransport.exe:*:Enabled:NetXfer Download Manager"
"D:\\Program Files\\EA GAMES\\MOHDA le vrai\\moh_spearhead.exe"="D:\\Program Files\\EA GAMES\\MOHDA le vrai\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\EA GAMES\\MOHDA DMW\\moh_spearhead.exe"="C:\\Program Files\\EA GAMES\\MOHDA DMW\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead_server.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead_server.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Documents and Settings\\Romain\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\Romain\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:


File Backups: - C:\SDFIX\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 26 Dec 2006 168 ..SHR --- "C:\WINDOWS\system32\4BFE33DEE7.sys"
Sat 17 Feb 2007 8,086 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 8 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"


Fri 20 Mar 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BITC.tmp"
Wed 5 Mar 2008 444 ...HR --- "C:\Documents and Settings\Romain\Application Data\SecuROM\UserData\securom_v7_01.bak"

[b]Finished!/b

- plus de pop-ups IE


- il n'y a plus rien de bizarre dans mon firewall (www.007guard.com a dégagé)


- j'ai toujours l'erreur suivante au démarage de windows:
RUNdll
Erreur de chargement de C:\WINDOWS\system32\osdlmhtv.dll
Le module spécifié est introuvable.


- quant aux 600 fichiers zip qui apparaissent:
il me faut un peu de temps, c'est aléatoire ce truc. Pour l'instant, ce n'est pas revenu mais j'en saurai un peu plus dans quelques heures, disons demain matin quand j'aurai laissé le PC allumé et connecté a internet toute la nuit0


- MSN ne veut toujours pas se connecter.



Donc A PRIORI j'ai l'impression que tu as réuissi a regler le probleme principal et que MSN et l'erreur au démarrage de Windows sont des trucs plus facile a régler, ou en tout cas moins importants...