Cafards et ecran bleu... j'ai aussi

Bonjour,

Installe MalwareByte's> :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
Lance une analyse complète.
A la fin du scan, clique sur "Supprimer la sélection"
Copie/colle le rapport final.



#Télécharge SDFix (créé par AndyManchesta)
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
#Double-clique sur SDFix.exe
#Choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
#Redémarre en mode sans échec
http://www.pcloisirs.eu/mode_sans_echec.html
#Ouvre le dossier SDFix qui vient d'être créé à la racine de ton disque dur C:\
#Double clique sur RunThis.bat pour lancer le script.
#Appuie sur Y pour commencer le processus de nettoyage.
#Appuie sur une touche pour redémarrer quand SDFix te demander d'appuyer sur une touche pour redémarrer.
#Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
#Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
#Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
#Les icônes du Bureau affichées, le rapport SDFix s'ouvrira. Il porte le nom de Report.txt.
#Copie/colle le contenu

tu m'étonnes clic, sur cette ligne, tu vas directement vers la page de ultimate cleaner
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
et cela avec l'aide d'avg et kaspersky!

télécharge mbam et installe suis le tuto
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php
fait le nettoyage
et post le rapport et tes commentaires

Soyez précis et complet dans vos questions, les lecteurs ne sont pas devins.
Les moteurs de recherche sont là pour vous aider.

Bonjour,

comme indiqué j'ai procédé à l'analyse avec mbam
en voici le résultat

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 812

06:17:11 02/06/2008
mbam-log-6-2-2008 (06-17-04).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 172753
Temps écoulé: 2 hour(s), 18 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{ea3ee0a1-2ca5-4235-adb5-21e87b0­c95c3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07a63edc-27dd-4fd1-a50f-ce953ecfd624} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{279aee49-b966-45a8-859e-e3b979bcd956} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{abec5c0b-d57c-4c34-952f-2bbc1e3ce9b7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5682b8d8-83a4-4ba3-bb01-d2282246c5c5} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.bfpq (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> No action taken.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> No action taken.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> No action taken.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> No action taken.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> No action taken.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0060951-73954) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{231A2526-377D-42E3-80E3-0777AF86688B}\RP1\A0000016.scr (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Victor\Local Settings\Temp\msprint.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Victor\Bureau\Privacy Protector.url (Rogue.Link) -> No action taken.


par contre je n'ai pu passer en mode sans echec, je suis donc passé à la deuxieme proposiotion avec ULTIMATE CLEANER

et je vous envoie le résultat du nouvem Mbam

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 812

12:16:25 02/06/2008
mbam-log-6-2-2008 (12-16-25).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 172850
Temps écoulé: 1 hour(s), 1 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{7b7657ea-3510-49e4-a205-99efe860d9b5} (Rogue.UltimateCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ultimate cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\UCSecureDelete (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\UCSecureDelete (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7b7657ea-3510-49e4-a205-99efe860d9b5} (Rogue.UltimateCleaner) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Cleaner\com (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rémy\Application Data\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rémy\Application Data\Ultimate Cleaner\backup (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rémy\Application Data\Ultimate Cleaner\logs (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Ultimate Cleaner\com\ucsecuredelete.dll (Rogue.UltimateCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Cleaner\program.info (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Cleaner\ucleaner.pkg (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Cleaner\UltimateCleaner.db (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Cleaner\Uninstall.exe (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rémy\Application Data\Ultimate Cleaner\settings.dat (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.

merci de me donner vos conclusions
a tres bientot

Tu n'as pas pu passer en mode sans échec, c'est-à-dire ? Comment as tu fais ? ..

bonjour,

j'ai pu passer un mode sans echec avec la touche f8 par contre une fois lancé et après avoir choisi un utilisateur, l'ordi plante en indiquant un message que je n'ai pas le temps de lire.

Esparant avoir été assez clair, peut être avez vous un moyen à me donner pour pouvoir lire le message en question

avec tous mes remerciements

On va faire autrement :

/!\ Déconnecte toi d'Internet, désactive toutes tes protections résidentes et ne touche à rien pendant le scan /!\

#Télécharge ComboFix (place-le dans un dossier où tu pourras le retrouver facilement !)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
#Exécute-le.
#Choisis l'option 1.
#Le bureau peut disparaître pendant le scan : c'est normal.
#À la fin, il va créer un rapport situé à la racine de ton disque dur. (C:\ComboFix.txt)
#Ouvre-le et colle-le ici.

PS : Si l'écran ne réapparaît pas :
Appuie simultanément sur CTRL + ALT + SUPPR.
Le Gestionnaire des tâches s'ouvre. Clique sur Fichier puis sur Exécuter. Tape explorer et valide. Le bureau s'affichera à nouveau.

/!\ Réactive toutes tes protections résidentes /!\

re bonjour

voila le resultat de combofix, toutefois je n'ai pas eu a aucun moment le chois d'une eventuelle option "1"

ComboFix 08-06-01.6 - Rémy 2008-06-02 19:17:34.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.505 [GMT 2:00]
Endroit: C:\Documents and Settings\Rémy\Mes documents\Mes fichiers reçus\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
.

2008-06-02 18:56 . 2008-01-20 13:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-02 18:56 . 2008-01-20 13:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-02 18:56 . 2008-01-20 12:44 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-02 18:56 . 2008-01-20 13:15 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-02 18:56 . 2008-01-20 13:15 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-02 18:56 . 2008-01-20 13:15 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-02 18:56 . 2008-01-20 13:15 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-02 18:56 . 2008-06-02 18:56 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-01 22:34 . 2008-06-02 06:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 22:34 . 2008-06-01 22:34 <REP> d-------- C:\Documents and Settings\Rémy\Application Data\Malwarebytes
2008-06-01 22:34 . 2008-06-01 22:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 22:34 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 22:34 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 22:04 . 2008-06-01 22:04 <REP> d-------- C:\Program Files\Trend Micro
2008-06-01 20:03 . 2008-06-01 20:03 <REP> d-------- C:\Documents and Settings\Rémy\Application Data\Grisoft
2008-06-01 18:22 . 2008-06-01 19:19 135 --a------ C:\WINDOWS\wininit.ini
2008-06-01 17:30 . 2008-06-01 17:30 <REP> d-------- C:\Documents and Settings\Victor\Application Data\TmpRecentIcons
2008-06-01 17:27 . 2008-06-01 17:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-01 17:27 . 2008-06-01 17:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-01 10:01 . 2008-06-01 10:01 <REP> d-------- C:\Documents and Settings\Victor\Application Data\Grisoft
2008-06-01 09:59 . 2008-06-01 09:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-01 09:59 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-31 19:33 . 2008-05-31 19:33 126,976 --a------ C:\WINDOWS\War3Unin.exe
2008-05-31 19:33 . 2008-05-31 19:33 16,012 --a------ C:\WINDOWS\War3Unin.dat
2008-05-31 19:33 . 2008-05-31 19:33 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-31 19:14 . 2008-05-31 19:14 <REP> d-------- C:\Program Files\CCleaner
2008-05-29 22:37 . 2008-05-31 15:20 <REP> d-------- C:\Program Files\PokerStars
2008-05-27 19:58 . 2008-05-27 19:58 <REP> d-------- C:\Documents and Settings\Justine\Application Data\3M
2008-05-27 05:05 . 2008-05-27 05:05 <REP> d-------- C:\Documents and Settings\Fabienne\Application Data\OpenOffice.org2
2008-05-27 05:00 . 2008-05-27 05:00 <REP> d-------- C:\Documents and Settings\Fabienne\Application Data\3M
2008-05-27 02:10 . 2008-05-27 02:10 <REP> d-------- C:\Documents and Settings\Rémy\Application Data\3M
2008-05-25 17:40 . 2008-05-25 17:40 <REP> d-------- C:\Documents and Settings\Victor\Application Data\3M
2008-05-25 14:33 . 2008-05-25 14:33 268 --ah----- C:\sqmdata13.sqm
2008-05-25 14:33 . 2008-05-25 14:33 244 --ah----- C:\sqmnoopt13.sqm
2008-05-25 14:33 . 2008-05-25 14:33 172 --ah----- C:\sqmnoopt14.sqm
2008-05-25 14:33 . 2008-05-25 14:33 148 --ah----- C:\sqmdata14.sqm
2008-05-25 09:00 . 2008-05-25 09:00 <REP> d-------- C:\Program Files\Canal
2008-05-25 08:59 . 2008-05-25 08:59 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR
2008-05-24 23:18 . 2008-05-24 23:20 <REP> d-------- C:\Program Files\PacificPoker4
2008-05-24 13:49 . 2008-05-24 19:48 <REP> d-------- C:\Program Files\dBpowerAMP
2008-05-17 20:05 . 2008-05-17 20:05 <REP> d-------- C:\vcs5BGEffects
2008-05-17 18:57 . 2008-05-17 18:57 <REP> d-------- C:\Program Files\TeamSpeak3
2008-05-17 02:51 . 2008-05-17 02:51 <REP> d-------- C:\Documents and Settings\Rémy\Application Data\Skype
2008-05-16 21:55 . 2007-06-08 16:15 1,519,616 --a------ C:\WINDOWS\system32\mxpvct25.dat
2008-05-16 21:55 . 2004-03-09 15:45 132,880 --a------ C:\WINDOWS\system32\mxpvct22.dat
2008-05-10 14:40 . 2008-05-10 14:40 <REP> d-------- C:\Program Files\Audacity
2008-05-10 14:08 . 2008-05-10 14:08 <REP> d-------- C:\Documents and Settings\Rémy\Application Data\Apple Computer
2008-05-10 07:33 . 2008-05-10 07:33 <REP> d-------- C:\Documents and Settings\Rémy\Application Data\HP
2008-05-09 04:02 . 2008-05-09 04:02 <REP> d-------- C:\Documents and Settings\Rémy\Application Data\OpenOffice.org2
2008-05-08 22:03 . 2008-06-02 19:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-08 22:03 . 2008-05-08 22:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-08 12:39 . 2008-05-08 12:39 571 --a------ C:\WINDOWS\system32\FeMakro.ini
2008-05-08 12:39 . 2008-05-08 12:39 497 --a------ C:\WINDOWS\system32\FeAnim.ini
2008-05-08 12:38 . 2004-02-16 20:48 323,584 --a------ C:\WINDOWS\system32\AcShlExt.dll
2008-05-08 12:34 . 1996-12-02 18:44 582,144 --a------ C:\WINDOWS\system32\dao350.dll
2008-05-08 12:34 . 1998-06-24 00:00 525,352 --a------ C:\WINDOWS\system32\DBGRID32.OCX
2008-05-08 12:34 . 1998-06-24 00:00 200,496 --a------ C:\WINDOWS\system32\Dblist32.ocx
2008-05-08 12:34 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-05-08 12:34 . 1996-12-05 00:00 73,184 --a------ C:\WINDOWS\system32\dao2535.tlb
2008-05-08 12:33 . 2008-05-08 12:33 <REP> d-------- C:\Program Files\Micro Application
2008-05-08 12:32 . 2008-05-08 12:32 40 --a------ C:\WINDOWS\NAVIGMA.INI
2008-05-07 17:07 . 2008-05-07 17:07 268 --ah----- C:\sqmdata12.sqm
2008-05-07 17:07 . 2008-05-07 17:07 244 --ah----- C:\sqmnoopt12.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-02 16:55 452,600 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-02 16:55 33,402,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-02 16:55 142,628 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-02 16:55 1,474,848 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 15:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 07:56 --------- d-----w C:\Documents and Settings\Victor\Application Data\uTorrent
2008-05-31 19:52 --------- d-----w C:\Program Files\eMule
2008-05-30 19:20 --------- d-s---w C:\Program Files\HLSW
2008-05-30 19:15 --------- d-----w C:\Documents and Settings\Victor\Application Data\FileZilla
2008-05-30 18:43 --------- d-----w C:\Documents and Settings\Victor\Application Data\HLSW
2008-05-30 18:41 --------- d-----w C:\Program Files\SmartFTP Client
2008-05-29 17:31 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-29 16:18 --------- d-----w C:\Documents and Settings\Justine\Application Data\OpenOffice.org2
2008-05-28 16:13 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 13:50 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-27 20:58 --------- d-----w C:\Documents and Settings\Justine\Application Data\uTorrent
2008-05-25 19:01 --------- d-----w C:\Documents and Settings\Victor\Application Data\OpenOffice.org2
2008-05-25 15:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 14:09 --------- d-----w C:\Documents and Settings\Victor\Application Data\teamspeak2
2008-05-23 21:37 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-05-10 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-05-09 14:06 --------- d-----w C:\Documents and Settings\Justine\Application Data\dvdcss
2008-05-08 18:12 --------- d-----w C:\Documents and Settings\Victor\Application Data\Skype
2008-05-08 18:11 --------- d-----w C:\Documents and Settings\Victor\Application Data\skypePM
2008-05-07 23:27 --------- d-----w C:\Program Files\DivX
2008-05-06 08:36 --------- d-----w C:\Program Files\uTorrent
2008-05-02 18:34 --------- d-----w C:\Documents and Settings\Victor\Application Data\dvdcss
2008-05-01 18:34 --------- d-----w C:\Program Files\Skype
2008-05-01 18:34 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-05-01 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-30 20:27 --------- d-----w C:\Program Files\iTunes
2008-04-30 20:26 --------- d-----w C:\Program Files\iPod
2008-04-30 20:25 --------- d-----w C:\Program Files\QuickTime
2008-04-30 20:22 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-04-30 20:17 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 17:00 352,654 ----a-w C:\WINDOWS\Revolution Script CZ Uninstaller.exe
2008-04-20 12:53 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-20 12:53 --------- d--h--r C:\Documents and Settings\Victor\Application Data\SecuROM
2008-04-20 11:29 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-20 11:29 --------- d-----w C:\Documents and Settings\Victor\Application Data\DAEMON Tools
2008-04-13 19:57 --------- d-----w C:\Program Files\free-downloads.net
2008-04-12 23:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-12 18:58 --------- d-----w C:\Program Files\Macromedia
2008-04-12 18:44 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-04-12 00:12 --------- d-----w C:\Documents and Settings\Victor\Application Data\Microgaming
2008-04-12 00:09 --------- d-----w C:\Program Files\MGS FF Helper
2008-04-09 18:16 --------- d-----w C:\Documents and Settings\Victor\Application Data\mIRC
2008-04-08 11:26 --------- d-----w C:\Documents and Settings\Justine\Application Data\.purple
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-07 03:11 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-01-29 21:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2007-12-10 13:46 1510424]
"{D3291382-13CB-4D51-A855-0A6D2A28FB29}"= "C:\WINDOWS\atfxqogp.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{d3291382-13cb-4d51-a855-0a6d2a28fb29}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{07A63EDC-27DD-4FD1-A50F-CE953ECFD624}]
[HKEY_CLASSES_ROOT\atfxqogp]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 18:12 131072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WheelMouse"="C:\ADVANC~1\wh_exec.exe" [2007-03-11 16:56 86016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"PKR Pal"="C:\Jeux\PKR\pkrpal.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\Fabienne\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\Justine\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.PIM1"= pclepim1.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Jeux\\Warcraft III\\Warcraft III.exe"=
"C:\\Jeux\\Warcraft III\\War3.exe"=
"C:\\Jeux\\Steam\\steamapps\\c4sp3_r\\condition zero\\hl.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Jeux\\Steam\\steamapps\\c4sp3_r\\counter-strike\\hl.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Jeux\\Steam\\steamapps\\k4sp3rsky\\condition zero\\hl.exe"=
"C:\\Jeux\\Steam\\steamapps\\k4sp3rsky\\counter-strike\\hl.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Jeux\\Steam\\Steam.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-04-11 19:24]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2005-07-15 16:02]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 07:46]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 14:28]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-07-15 16:02]
S3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 17:51]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-25 17:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Launch.exe /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bbd164-c747-11dc-91f0-cfa9f5c2cef4}]
\Shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-26 19:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 19:24:56
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-02 19:28:58
ComboFix-quarantined-files.txt 2008-06-02 17:28:33

Pre-Run: 7,538,831,360 octets libres
Post-Run: 11,064,528,896 octets libres

253 --- E O F --- 2008-05-29 01:01:00

Copie/colle un nouveau rapport HijackThis stp.

bonsoir et merci

voila un hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:33, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: atfxqogp - {D3291382-13CB-4D51-A855-0A6D2A28FB29} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PKR Pal] "C:\Jeux\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it(R) Digital Notes.lnk = C:\Program Files\3M\PDNotes\PDNotes.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Program Files\Betway\Casino\casinogame.exe (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\Betway\Poker\MPPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
End of file - 9171 bytes

Comment se comporte le PC ?

Relance HijackThis > Do a system scan only
Coche ces lignes :
O3 - Toolbar: atfxqogp - {D3291382-13CB-4D51-A855-0A6D2A28FB29} - C:\WINDOWS\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Program Files\Betway\Casino\casinogame.exe (file missing)
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\Betway\Poker\MPPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PKR Pal] "C:\Jeux\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
Clique sur Fix Checked

re bonsoir et encore merci du temps passé a essayer de resoudre mon probleme

j'ai procédé comme indiqué
puis j'ai relancé hijackthis dont le compte rendu est ci-dessous
sinon pour ce qui est du comportement je ne peux toujours pas atteindre correctement l'execution du lancement sans echec...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:34, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Post-it(R) Digital Notes.lnk = C:\Program Files\3M\PDNotes\PDNotes.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
End of file - 7104 bytes