BONJOUR

Télécharger sur le bureau
http://www.trendsecure.com/portal/en-US/_download/HiJackThis­.exe
= clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe) <== Important
=Double-clic dessus
= Clic Do a system scan and save the log
= un rapport s'ouvre ==> l'enregistrer sur le bureau ET POSTE LE RAPPORT
courir ça sert a rien il suffit juste d'arriver a temps

Merci de repondre si vite voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:06, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ejlgowsk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} - C:\WINDOWS\system32\awttuvvw.dll
O2 - BHO: (no name) - {B8CB333B-1460-40F3-B351-F8F110758277} - C:\WINDOWS\system32\ljJBqppP.dll (file missing)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\opnmKaYo.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ejlgowsk] C:\WINDOWS\system32\ejlgowsk.exe
O4 - HKLM\..\Run: [341ff292] rundll32.exe "C:\WINDOWS\system32\qmdmxfcb.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [englvedj] C:\WINDOWS\system32\whsvqpmr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [LrQicezbhI] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnmKaYo - C:\WINDOWS\SYSTEM32\opnmKaYo.dll
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
End of file - 8338 bytes

Télécharger Vundofix.exe (par Atribune) sur votre Bureau.

http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton fix Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, POSTE LE
* Refaire un rapport hijackthis, courir ça sert a rien il suffit juste d'arriver a temps

Il m'annonce : aucun fichier infecté n'a été trouvé..

Voila pour VBG:
[04/24/2008, 1:40:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\VirtumundoBeGone.exe" )
[04/24/2008, 1:40:48] - Detected System Information:
[04/24/2008, 1:40:48] - Windows Version: 5.1.2600, Service Pack 2
[04/24/2008, 1:40:48] - Current Username: sbuatois (Admin)
[04/24/2008, 1:40:48] - Windows is in NORMAL mode.
[04/24/2008, 1:40:48] - Searching for Browser Helper Objects:
[04/24/2008, 1:40:48] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/24/2008, 1:40:48] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/24/2008, 1:40:48] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/24/2008, 1:40:48] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - No filename found. Continuing.
[04/24/2008, 1:40:48] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/24/2008, 1:40:48] - BHO 6: {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\awttuvvw
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\awttuvvw, continuing.
[04/24/2008, 1:40:48] - BHO 7: {B8CB333B-1460-40F3-B351-F8F110758277} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\ljJBqppP
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\ljJBqppP, continuing.
[04/24/2008, 1:40:48] - BHO 8: {EE5A1465-1E73-4784-8F63-45983FDF0DB8} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\opnmKaYo
[04/24/2008, 1:40:48] - Found: HKLM\...\Winlogon\Notify\opnmKaYo - This is probably Virtumundo.
[04/24/2008, 1:40:48] - Assigning {EE5A1465-1E73-4784-8F63-45983FDF0DB8} MSEvents Object
[04/24/2008, 1:40:48] - BHO list has been changed! Starting over...
[04/24/2008, 1:40:48] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/24/2008, 1:40:48] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/24/2008, 1:40:48] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/24/2008, 1:40:48] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:49] - No filename found. Continuing.
[04/24/2008, 1:40:49] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/24/2008, 1:40:49] - BHO 6: {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} ()
[04/24/2008, 1:40:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:49] - Checking for HKLM\...\Winlogon\Notify\awttuvvw
[04/24/2008, 1:40:49] - Key not found: HKLM\...\Winlogon\Notify\awttuvvw, continuing.
[04/24/2008, 1:40:49] - BHO 7: {B8CB333B-1460-40F3-B351-F8F110758277} ()
[04/24/2008, 1:40:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:49] - Checking for HKLM\...\Winlogon\Notify\ljJBqppP
[04/24/2008, 1:40:49] - Key not found: HKLM\...\Winlogon\Notify\ljJBqppP, continuing.
[04/24/2008, 1:40:49] - BHO 8: {EE5A1465-1E73-4784-8F63-45983FDF0DB8} (MSEvents Object)
[04/24/2008, 1:40:49] - ALERT: Found MSEvents Object!
[04/24/2008, 1:40:49] - Finished Searching Browser Helper Objects
[04/24/2008, 1:40:49] - *** Detected MSEvents Object
[04/24/2008, 1:40:49] - Trying to remove MSEvents Object...
[04/24/2008, 1:40:50] - Terminating Process: IEXPLORE.EXE
[04/24/2008, 1:40:51] - Terminating Process: RUNDLL32.EXE
[04/24/2008, 1:40:52] - Disabling Automatic Shell Restart
[04/24/2008, 1:40:52] - Terminating Process: EXPLORER.EXE
[04/24/2008, 1:40:54] - Suspending the NT Session Manager System Service
[04/24/2008, 1:40:54] - Terminating Windows NT Logon/Logoff Manager
[04/24/2008, 1:40:54] - Re-enabling Automatic Shell Restart
[04/24/2008, 1:40:55] - File to disable: C:\WINDOWS\system32\opnmKaYo.dll
[04/24/2008, 1:40:55] - Renaming C:\WINDOWS\system32\opnmKaYo.dll -> C:\WINDOWS\system32\opnmKaYo.dll.vir
[04/24/2008, 1:40:55] - File successfully renamed!
[04/24/2008, 1:40:55] - Removing HKLM\...\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}
[04/24/2008, 1:40:55] - Removing HKCR\CLSID\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}
[04/24/2008, 1:40:55] - Adding Kill Bit for ActiveX for GUID: {EE5A1465-1E73-4784-8F63-45983FDF0DB8}
[04/24/2008, 1:40:55] - Deleting ATLEvents/MSEvents Registry entries
[04/24/2008, 1:40:55] - Removing HKLM\...\Winlogon\Notify\opnmKaYo
[04/24/2008, 1:40:55] - Searching for Browser Helper Objects:
[04/24/2008, 1:40:55] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/24/2008, 1:40:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/24/2008, 1:40:55] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/24/2008, 1:40:55] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/24/2008, 1:40:55] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:55] - No filename found. Continuing.
[04/24/2008, 1:40:55] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/24/2008, 1:40:55] - BHO 6: {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:55] - Checking for HKLM\...\Winlogon\Notify\awttuvvw
[04/24/2008, 1:40:55] - Key not found: HKLM\...\Winlogon\Notify\awttuvvw, continuing.
[04/24/2008, 1:40:55] - BHO 7: {B8CB333B-1460-40F3-B351-F8F110758277} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:56] - Checking for HKLM\...\Winlogon\Notify\ljJBqppP
[04/24/2008, 1:40:56] - Key not found: HKLM\...\Winlogon\Notify\ljJBqppP, continuing.
[04/24/2008, 1:40:56] - Finished Searching Browser Helper Objects
[04/24/2008, 1:40:56] - Finishing up...
[04/24/2008, 1:40:56] - A restart is needed.
[04/24/2008, 1:40:56] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[04/24/2008, 1:41:08] - Attempting to Restart via STOP error (Blue Screen!)

Et voila pour hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:48:51, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ejlgowsk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2F3DAFC-C09A-4DB5-B6D1-3457F1B6EA99} - C:\WINDOWS\system32\awttuvvw.dll
O2 - BHO: (no name) - {B8CB333B-1460-40F3-B351-F8F110758277} - C:\WINDOWS\system32\ljJBqppP.dll (file missing)
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ejlgowsk] C:\WINDOWS\system32\ejlgowsk.exe
O4 - HKLM\..\Run: [341ff292] rundll32.exe "C:\WINDOWS\system32\qmdmxfcb.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [englvedj] C:\WINDOWS\system32\whsvqpmr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [LrQicezbhI] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
End of file - 7989 bytes

ComboFix 08-04-22.5 - sbuatois 2008-04-24 12:42:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
Endroit: C:\Documents and Settings\sbuatois\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sbuatois\Bureaublackbird.jpg
C:\Documents and Settings\sbuatois\BureauEditorFKWP1.5.exe
C:\Documents and Settings\sbuatois\BureauEditorFKWP2.0.exe
C:\Documents and Settings\sbuatois\Bureaufilemanagerclient.exe
C:\Documents and Settings\sbuatois\Bureaufkwp1.5.exe
C:\Documents and Settings\sbuatois\Bureaufkwp2.0.exe
C:\Documents and Settings\sbuatois\Bureaufwebd.exe
C:\Documents and Settings\sbuatois\BureauFWebdEditor.exe
C:\Documents and Settings\sbuatois\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\sbuatois\Bureauvirii
C:\Documents and Settings\sbuatois\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\awttuvvw.dll
C:\WINDOWS\system32\bcfxmdmq.ini
C:\WINDOWS\system32\gbtrmgfm.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfgmrtbg.dll
C:\WINDOWS\system32\PppqBJjl.ini
C:\WINDOWS\system32\PppqBJjl.ini2
C:\WINDOWS\system32\qmdmxfcb.dll
C:\WINDOWS\system32\wvvuttwa.ini
C:\WINDOWS\system32\wvvuttwa.ini2
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 11:38 . 2008-04-23 10:49 1,542,093 ---hs---- C:\WINDOWS\system32\tibjplad.ini
2008-04-21 11:37 . 2008-04-22 11:37 1,541,913 ---hs---- C:\WINDOWS\system32\uaeltoqw.ini
2008-04-20 10:36 . 2008-04-21 11:36 1,541,793 ---hs---- C:\WINDOWS\system32\nmypdteg.ini
2008-04-19 14:28 . 2008-04-19 14:28 <REP> d-------- C:\VundoFix Backups
2008-04-19 14:20 . 2008-04-19 14:20 110,592 --a------ C:\WINDOWS\system32\vckbirou.dll
2008-04-19 14:20 . 2008-04-19 14:20 106,496 --a------ C:\WINDOWS\system32\ejlgowsk.exe
2008-04-19 14:19 . 2008-04-19 14:19 38 --a------ C:\WINDOWS\system32\a.bat
2008-04-19 11:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-19 11:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-19 11:59 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-19 11:59 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-19 11:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-19 11:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-19 11:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-19 11:59 . 2008-04-19 12:09 2,330 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-19 08:35 . 2008-04-20 10:36 1,541,673 ---hs---- C:\WINDOWS\system32\yjxtqkjp.ini
2008-04-17 21:45 . 2008-04-17 21:45 37,888 --a------ C:\WINDOWS\system32\opnmKaYo.dll.vir
2008-04-17 21:44 . 2008-04-17 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\whgtutwb
2008-04-17 21:44 . 2008-04-16 10:07 290,816 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-17 21:44 . 2008-04-16 10:07 98,304 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-17 21:44 . 2008-04-17 21:44 94,208 --a------ C:\WINDOWS\system32\whsvqpmr.exe
2008-04-17 21:32 . 2008-04-17 21:32 27,136 --a------ C:\WINDOWS\system32\winzdn32.dll
2008-04-17 21:10 . 2008-04-18 13:20 <REP> d-------- C:\Program Files\VirtualDJ
2008-04-13 10:42 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-13 10:36 . 2008-04-13 10:36 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-13 10:32 . 2008-04-13 10:32 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-13 10:30 . 2008-04-13 10:38 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-13 10:29 . 2008-04-13 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-13 10:28 . 2008-04-13 10:28 <REP> dr-h----- C:\MSOCache
2008-04-10 17:52 . 2008-04-10 17:52 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-10 17:51 . 2008-04-10 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-07 18:39 . 2008-04-07 18:39 <REP> d-------- C:\Documents and Settings\sbuatois\Application Data\Template
2008-04-07 18:35 . 2008-04-13 10:39 <REP> d-------- C:\Program Files\Microsoft Works
2008-04-06 16:44 . 2008-04-06 16:44 <REP> d-------- C:\Documents and Settings\sbuatois\Application Data\skypePM
2008-04-06 16:44 . 2008-04-06 16:44 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-06 16:39 . 2008-04-06 20:49 <REP> d-------- C:\Documents and Settings\sbuatois\Application Data\Skype
2008-04-06 16:38 . 2008-04-06 16:38 <REP> d-------- C:\Program Files\Skype
2008-04-06 16:38 . 2008-04-06 16:38 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-06 16:38 . 2008-04-06 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-06 15:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-06 15:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-24 17:14 . 2008-03-24 17:14 268 --ah----- C:\sqmdata07.sqm
2008-03-24 17:14 . 2008-03-24 17:14 244 --ah----- C:\sqmnoopt07.sqm
2008-03-24 03:20 . 2008-03-24 03:20 268 --ah----- C:\sqmdata06.sqm
2008-03-24 03:20 . 2008-03-24 03:20 244 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 10:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 19:35 --------- d-----w C:\Program Files\Azureus
2008-04-17 19:35 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\Azureus
2008-04-13 08:39 --------- d-----w C:\Program Files\MSBuild
2008-04-10 15:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 05:31 --------- d-----w C:\Program Files\Avast4
2008-03-21 21:09 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\Apple Computer
2008-03-21 21:01 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\VideoReDo-TVSuite
2008-03-16 16:47 --------- d-----w C:\Program Files\DAP
2008-03-16 16:45 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-03-12 20:30 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\DivX
2008-03-08 21:27 --------- d-----w C:\Program Files\TF1Vision
2008-03-08 21:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-25 00:21 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\vlc
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 12:06 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 10:07 827392]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2007-12-24 11:38 345600]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-16 18:42 3057152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FEAR Perseus Mandate\\FEARXP2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 12:00]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-16 18:44]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-16 18:44]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 W8335PCI;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 08:42]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:33:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 12:48:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 88

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\locator.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 12:53:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 10:53:52

Pre-Run: 46,251,581,440 octets libres
Post-Run: 51,769,528,320 octets libres

252 --- E O F --- 2008-04-11 21:14:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:50, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\test.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
End of file - 6803 bytes

Bonne lecture ^^

Tout est nikel fluide et plus aucun problème avec les apparitions d'anti-virus! je te confirme ça se soir merci beaucoup!!!

Je n'ai plus aucun problème merci pour tout!