Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:35, on 2008-05-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/defaultf.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {061EFC1C-2F60-433A-8449-36F276629CF7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0706ED65-76E8-441A-847C-0091814CA0D4} - (no file)
O2 - BHO: (no name) - {0c717de8-ed3c-4fa4-8664-3164b639f419} - (no file)
O2 - BHO: (no name) - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - (no file)
O2 - BHO: (no name) - {156724EF-D35B-40DD-BBFC-E454A84BD5FA} - (no file)
O2 - BHO: (no name) - {172F6C49-1CD6-4533-AD5F-06C79245BFD2} - (no file)
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - (no file)
O2 - BHO: (no name) - {1E6C188D-E64C-4552-88CD-A1148C447FEC} - (no file)
O2 - BHO: (no name) - {254fe112-21c7-4d3c-abc0-6f52d5064896} - (no file)
O2 - BHO: (no name) - {29CCEAD7-F425-40D7-9DAA-E2F75AF2B2E9} - (no file)
O2 - BHO: (no name) - {2A517AAB-A73B-4B7B-A71D-6C7CED258805} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3216CBB8-6D34-4F55-ABE4-347CBA792493} - (no file)
O2 - BHO: (no name) - {3C3C38E1-7F78-453B-A7A1-CFFE3CD1177E} - (no file)
O2 - BHO: (no name) - {4299DCCE-C11B-401A-BB8C-7D11540944B3} - (no file)
O2 - BHO: (no name) - {4CB4A21D-85B3-48F9-8840-4D3B3E67E982} - (no file)
O2 - BHO: (no name) - {4F07A1CC-27CE-4E14-B53E-6B0958F01F46} - (no file)
O2 - BHO: (no name) - {5d47d47f-dfc1-4b66-b374-acd552b3164d} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {69875317-90b0-44a6-ab08-c4cff1a877bf} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {6ddde8be-bc9b-4a02-9b70-e7ae2d98f773} - (no file)
O2 - BHO: (no name) - {6FDF7B6D-EFBD-45E0-9E37-649BCD18B349} - (no file)
O2 - BHO: (no name) - {7518760D-518D-416C-B42C-A1E0C7E3375F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7765F171-F2A8-4F39-9B32-A1C181344D05} - (no file)
O2 - BHO: (no name) - {77E5A605-AAB7-4959-86F5-A0C76207FA94} - (no file)
O2 - BHO: (no name) - {77FF77DF-BA66-4FE9-9296-E79938C0FF8C} - (no file)
O2 - BHO: {c3b64431-0fb8-6869-b434-198de69619d7} - {7d91696e-d891-434b-9686-8bf013446b3c} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8401ba64-1b67-49dc-932f-828b06bbc7d7} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {916bc16d-70b2-4344-a5e2-794c911d8a6b} - (no file)
O2 - BHO: (no name) - {921f56d7-c0e7-409a-b423-b143b665d45f} - (no file)
O2 - BHO: (no name) - {93e16cd0-3a86-4850-87d6-0b1490d1bc7d} - (no file)
O2 - BHO: (no name) - {94C1C342-8CD1-4D7C-9479-A85B3AC0405F} - (no file)
O2 - BHO: (no name) - {955D153F-8841-4213-BD64-6EF8EC4BA305} - (no file)
O2 - BHO: (no name) - {9ce85f5f-17bb-4e16-a227-145efb920170} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B1D7C03E-3A52-4438-BA91-CFC440679CE3} - (no file)
O2 - BHO: (no name) - {BA7E295A-ADC7-4D67-81B6-93873EA0573D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {dc37d0a2-9cbe-46bc-add7-790f20a08382} - (no file)
O2 - BHO: (no name) - {E9A61866-D11D-40ED-A762-C6197B3A0AFA} - (no file)
O2 - BHO: (no name) - {F0BF0DC6-58B9-4A82-955B-24461F8F5FBA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: ljJCrQji - ljJCrQji.dll (file missing)
O20 - Winlogon Notify: opnnmkh - C:\WINDOWS\
O20 - Winlogon Notify: rwrhgymp - C:\WINDOWS\SYSTEM32\rwrhgymp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 1: (no name) - https://cegepat.omnivox.ca/estd/HRRE/VisualiseHoraire.ovx?_________________________________________________________________________________________________________________________________=comp&NoDa=0700759&AnSession=20081&Ref=175206525688&C=ABI&L=FRA
O24 - Desktop Component 2: (no name) - http://www.soundclick.com/bands/default.cfm?bandid=496771

--
End of file - 11853 bytesLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:35, on 2008-05-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/defaultf.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/defaultf.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {061EFC1C-2F60-433A-8449-36F276629CF7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0706ED65-76E8-441A-847C-0091814CA0D4} - (no file)
O2 - BHO: (no name) - {0c717de8-ed3c-4fa4-8664-3164b639f419} - (no file)
O2 - BHO: (no name) - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - (no file)
O2 - BHO: (no name) - {156724EF-D35B-40DD-BBFC-E454A84BD5FA} - (no file)
O2 - BHO: (no name) - {172F6C49-1CD6-4533-AD5F-06C79245BFD2} - (no file)
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - (no file)
O2 - BHO: (no name) - {1E6C188D-E64C-4552-88CD-A1148C447FEC} - (no file)
O2 - BHO: (no name) - {254fe112-21c7-4d3c-abc0-6f52d5064896} - (no file)
O2 - BHO: (no name) - {29CCEAD7-F425-40D7-9DAA-E2F75AF2B2E9} - (no file)
O2 - BHO: (no name) - {2A517AAB-A73B-4B7B-A71D-6C7CED258805} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3216CBB8-6D34-4F55-ABE4-347CBA792493} - (no file)
O2 - BHO: (no name) - {3C3C38E1-7F78-453B-A7A1-CFFE3CD1177E} - (no file)
O2 - BHO: (no name) - {4299DCCE-C11B-401A-BB8C-7D11540944B3} - (no file)
O2 - BHO: (no name) - {4CB4A21D-85B3-48F9-8840-4D3B3E67E982} - (no file)
O2 - BHO: (no name) - {4F07A1CC-27CE-4E14-B53E-6B0958F01F46} - (no file)
O2 - BHO: (no name) - {5d47d47f-dfc1-4b66-b374-acd552b3164d} - (no file)
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {69875317-90b0-44a6-ab08-c4cff1a877bf} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {6ddde8be-bc9b-4a02-9b70-e7ae2d98f773} - (no file)
O2 - BHO: (no name) - {6FDF7B6D-EFBD-45E0-9E37-649BCD18B349} - (no file)
O2 - BHO: (no name) - {7518760D-518D-416C-B42C-A1E0C7E3375F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7765F171-F2A8-4F39-9B32-A1C181344D05} - (no file)
O2 - BHO: (no name) - {77E5A605-AAB7-4959-86F5-A0C76207FA94} - (no file)
O2 - BHO: (no name) - {77FF77DF-BA66-4FE9-9296-E79938C0FF8C} - (no file)
O2 - BHO: {c3b64431-0fb8-6869-b434-198de69619d7} - {7d91696e-d891-434b-9686-8bf013446b3c} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8401ba64-1b67-49dc-932f-828b06bbc7d7} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {916bc16d-70b2-4344-a5e2-794c911d8a6b} - (no file)
O2 - BHO: (no name) - {921f56d7-c0e7-409a-b423-b143b665d45f} - (no file)
O2 - BHO: (no name) - {93e16cd0-3a86-4850-87d6-0b1490d1bc7d} - (no file)
O2 - BHO: (no name) - {94C1C342-8CD1-4D7C-9479-A85B3AC0405F} - (no file)
O2 - BHO: (no name) - {955D153F-8841-4213-BD64-6EF8EC4BA305} - (no file)
O2 - BHO: (no name) - {9ce85f5f-17bb-4e16-a227-145efb920170} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B1D7C03E-3A52-4438-BA91-CFC440679CE3} - (no file)
O2 - BHO: (no name) - {BA7E295A-ADC7-4D67-81B6-93873EA0573D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {dc37d0a2-9cbe-46bc-add7-790f20a08382} - (no file)
O2 - BHO: (no name) - {E9A61866-D11D-40ED-A762-C6197B3A0AFA} - (no file)
O2 - BHO: (no name) - {F0BF0DC6-58B9-4A82-955B-24461F8F5FBA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: ljJCrQji - ljJCrQji.dll (file missing)
O20 - Winlogon Notify: opnnmkh - C:\WINDOWS\
O20 - Winlogon Notify: rwrhgymp - C:\WINDOWS\SYSTEM32\rwrhgymp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Fichiers communs\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 1: (no name) - https://cegepat.omnivox.ca/estd/HRRE/VisualiseHoraire.ovx?_________________________________________________________________________________________________________________________________=comp&NoDa=0700759&AnSession=20081&Ref=175206525688&C=ABI&L=FRA
O24 - Desktop Component 2: (no name) - http://www.soundclick.com/bands/default.cfm?bandid=496771

--
End of file - 11853 bytes

bonsoir,

Mon problème , si s'en est un, est qu'il y a toujours dans la barre des taches du bas un message qui se dit de windows security center. C'a m'achale énormément parce qu'il revient plusieurs fois. Et en plus il y a un message qui vient de temps en temps qui dit que l'ordinateur va fermer dans 60 secondes.

plus facile quand on a des explications non ?

concernant le message que tu as : revient il souvent ou non ? as tu le temps de faire des manips sur ton pc ou pas ?

si oui, fait ceci :

Télécharge VundoFix (par Atribune) sur ton Bureau :

• Double-clique VundoFix.exe afin de le lancer
• Clique sur le bouton Scan for Vundo
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Bonjour ou bonsoir Philae. J'ai fait le scan vundo tel que tu m'a demandé. Je t'envoie le rapport.
VundoFix V7.0.3

Scan started at 22:48:27 2008-05-16

Listing files found while scanning....

No infected files were found.

bonjour,

* Télécharge combofix.exe (par sUBs) sur ton Bureau

IMPORTANT :*désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.

* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Salut Philae. J'ai essayé ComboFix et il ne fonctionne plus. Merci à toi pour t'occuper de moi.

Salut Philae. Je l'ai jamais utilisé et il ne réponds pas. Merci à toi.

Salut. Combofix à finalement répondu. Je l'envoie.ComboFix 08-05-15.3 - Alexandre 2008-05-18 0:15:15.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.171 [GMT -4:00]
Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.

2008-05-16 13:22 . 2008-05-16 13:24 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 11:00 . 2008-05-17 11:29 <REP> d-------- C:\Program Files\a-squared Free
2008-05-16 10:13 . 2008-05-16 10:13 <REP> d-------- C:\Program Files\CCleaner
2008-05-14 16:36 . 2008-05-14 16:36 <REP> d-------- C:\Program Files\Lavasoft
2008-05-13 19:37 . 2008-05-13 19:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-13 12:37 . 2008-05-13 12:37 <REP> d-------- C:\Documents and Settings\Alexandre\DoctorWeb
2008-05-12 15:52 . 2008-05-13 19:57 <REP> d-------- C:\Program Files\Uniblue
2008-05-12 09:24 . 2008-05-12 09:24 <REP> d-------- C:\Program Files\Trend Micro
2008-05-12 09:19 . 2008-05-12 09:36 <REP> d-------- C:\Program Files\RamBoost XP
2008-05-10 10:29 . 2008-05-16 16:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 10:29 . 2008-05-10 10:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-09 18:19 . 2008-05-09 18:23 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-09 18:19 . 2008-05-09 18:19 <REP> d-------- C:\Program Files\Reference Assemblies
2008-05-09 18:19 . 2008-05-09 18:19 <REP> d-------- C:\Program Files\MSBuild
2008-05-09 18:17 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-09 17:57 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-05-09 13:08 . 2008-05-09 13:08 <REP> d-------- C:\Program Files\Windows Sidebar
2008-05-09 13:08 . 2008-05-09 15:26 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-09 13:08 . 2008-05-09 15:26 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-09 13:08 . 2008-05-09 15:26 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-09 13:08 . 2008-05-09 15:26 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-09 12:47 . 2008-05-14 13:45 <REP> d-------- C:\Documents and Settings\Alexandre\SecurityScans
2008-05-09 12:46 . 2008-05-09 12:46 <REP> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-08 16:10 . 2008-05-08 16:25 <REP> d-------- C:\09924d572d43589b6be3
2008-05-08 13:40 . 2008-05-08 13:40 <REP> d-------- C:\Documents and Settings\Alexandre\IASViewer
2008-05-07 15:12 . 2008-04-13 19:33 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-05-07 15:12 . 2008-04-13 19:33 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-05-07 15:12 . 2008-04-13 11:36 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-07 15:12 . 2008-04-13 19:33 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-05-06 16:48 . 2008-05-06 16:48 657,408 --a------ C:\WINDOWS\is-DNPPR.exe
2008-05-06 16:48 . 2008-05-06 16:48 13,715 --a------ C:\WINDOWS\is-DNPPR.msg
2008-05-06 16:48 . 2008-05-06 16:48 166 --a------ C:\WINDOWS\is-DNPPR.lst
2008-05-06 16:43 . 2008-05-08 16:27 <REP> d-------- C:\Program Files\Unlocker
2008-05-06 16:43 . 2008-05-06 16:44 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Desktopicon
2008-05-06 13:15 . 2008-05-06 13:14 85,520 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-05 17:23 . 2008-05-06 10:09 121 --a------ C:\WINDOWS\bdagent.INI
2008-05-05 10:39 . 2008-05-05 10:39 657,408 --a------ C:\WINDOWS\is-IDA3O.exe
2008-05-05 10:39 . 2008-05-05 10:39 13,715 --a------ C:\WINDOWS\is-IDA3O.msg
2008-05-05 10:39 . 2008-05-05 10:39 166 --a------ C:\WINDOWS\is-IDA3O.lst
2008-05-04 17:54 . 2008-05-04 17:54 657,408 --a------ C:\WINDOWS\is-G39N2.exe
2008-05-04 17:54 . 2008-05-04 17:54 13,715 --a------ C:\WINDOWS\is-G39N2.msg
2008-05-04 17:54 . 2008-05-04 17:54 166 --a------ C:\WINDOWS\is-G39N2.lst
2008-05-01 13:51 . 2008-04-13 18:57 32,128 --a--c--- C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-01 13:50 . 2008-04-13 11:40 5,376 --a--c--- C:\WINDOWS\system32\dllcache\viaide.sys
2008-05-01 13:49 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-01 13:49 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-01 13:49 . 2008-04-13 11:45 17,152 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-05-01 13:47 . 2008-04-13 19:34 82,944 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-05-01 13:46 . 2008-04-13 11:40 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2008-05-01 13:45 . 2008-05-01 13:45 9,896 --a------ C:\WINDOWS\system32\drivers\fiddrv.sys
2008-05-01 13:44 . 2008-04-13 11:40 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2008-05-01 13:42 . 2008-04-13 11:36 16,000 --a--c--- C:\WINDOWS\system32\dllcache\smbbatt.sys
2008-05-01 13:42 . 2008-04-13 11:36 6,912 --a--c--- C:\WINDOWS\system32\dllcache\smbclass.sys
2008-05-01 13:41 . 2008-04-13 11:45 11,520 --a--c--- C:\WINDOWS\system32\dllcache\scsiscan.sys
2008-05-01 13:40 . 2008-04-13 11:40 43,904 --a--c--- C:\WINDOWS\system32\dllcache\sbp2port.sys
2008-05-01 13:39 . 2008-04-13 19:33 29,696 --a--c--- C:\WINDOWS\system32\dllcache\rw450ext.dll
2008-05-01 13:39 . 2008-04-13 19:33 28,160 --a--c--- C:\WINDOWS\system32\dllcache\rw430ext.dll
2008-05-01 13:38 . 2008-04-13 18:58 79,360 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-01 13:37 . 2008-04-13 19:33 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-05-01 13:37 . 2008-04-13 19:33 159,232 --a--c--- C:\WINDOWS\system32\dllcache\ptpusd.dll
2008-05-01 13:37 . 2008-04-13 19:34 33,280 --a--c--- C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-05-01 13:37 . 2008-04-13 11:41 17,664 --a--c--- C:\WINDOWS\system32\dllcache\ppa3.sys
2008-05-01 13:37 . 2008-04-13 11:40 8,832 --a--c--- C:\WINDOWS\system32\dllcache\powerfil.sys
2008-05-01 13:37 . 2008-04-13 11:40 6,016 --a--c--- C:\WINDOWS\system32\dllcache\qic157.sys
2008-05-01 13:36 . 2008-04-13 19:32 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-01 13:36 . 2008-04-13 19:32 211,584 --a--c--- C:\WINDOWS\system32\dllcache\perm2dll.dll
2008-05-01 13:36 . 2008-04-13 11:44 28,032 --a--c--- C:\WINDOWS\system32\dllcache\perm3.sys
2008-05-01 13:36 . 2008-04-13 11:44 27,904 --a--c--- C:\WINDOWS\system32\dllcache\perm2.sys
2008-05-01 13:33 . 2008-04-13 19:07 2,067,968 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-05-01 13:33 . 2008-04-13 11:46 61,696 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-05-01 13:32 . 2008-04-13 11:54 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys
2008-05-01 13:31 . 2008-04-13 11:46 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-05-01 13:31 . 2008-04-13 11:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-01 13:30 . 2008-04-13 19:34 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-05-01 13:30 . 2008-04-13 11:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-05-01 13:30 . 2008-04-13 11:41 26,112 --a--c--- C:\WINDOWS\system32\dllcache\memstpci.sys
2008-05-01 13:30 . 2008-04-13 11:46 15,232 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-05-01 13:29 . 2008-04-13 11:40 7,040 --a--c--- C:\WINDOWS\system32\dllcache\ltotape.sys
2008-05-01 13:28 . 2008-04-13 19:33 254,464 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-01 13:28 . 2008-04-13 19:33 49,152 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2008-05-01 13:28 . 2008-04-13 11:40 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-05-01 13:28 . 2008-04-13 19:05 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-01 13:27 . 2008-04-13 19:34 153,088 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-05-01 13:27 . 2008-04-13 11:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-05-01 13:27 . 2008-04-13 19:33 29,184 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-05-01 13:26 . 2008-04-13 19:33 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-01 13:26 . 2008-04-13 11:41 18,560 --a--c--- C:\WINDOWS\system32\dllcache\i2omp.sys
2008-05-01 13:26 . 2008-04-13 11:41 8,576 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-05-01 13:24 . 2008-04-13 18:59 28,544 --a--c--- C:\WINDOWS\system32\dllcache\grserial.sys
2008-05-01 13:24 . 2008-04-13 19:33 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-01 13:24 . 2008-04-13 11:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-05-01 13:23 . 2008-04-13 11:45 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys
2008-05-01 13:20 . 2008-04-13 11:39 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys
2008-05-01 13:20 . 2008-04-13 19:34 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-05-01 13:20 . 2008-04-13 11:40 8,320 --a--c--- C:\WINDOWS\system32\dllcache\dlttape.sys
2008-05-01 13:19 . 2008-04-13 19:33 252,416 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-05-01 13:19 . 2008-04-13 11:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys
2008-05-01 13:18 . 2008-04-13 19:33 121,856 --a--c--- C:\WINDOWS\system32\dllcache\camext30.dll
2008-05-01 13:18 . 2008-04-13 11:36 13,952 --a--c--- C:\WINDOWS\system32\dllcache\cmbatt.sys
2008-05-01 13:18 . 2008-04-13 11:41 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-05-01 13:17 . 2008-04-13 11:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-05-01 13:17 . 2008-04-13 19:34 18,432 --a--c--- C:\WINDOWS\system32\dllcache\bdaplgin.ax
2008-05-01 13:17 . 2008-04-13 11:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys
2008-05-01 13:17 . 2008-04-13 11:46 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-05-01 13:17 . 2008-04-13 11:46 11,776 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys
2008-05-01 13:15 . 2008-04-13 19:08 2,191,104 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-01 13:15 . 2008-04-13 11:46 53,376 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-05-01 13:15 . 2008-04-13 11:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-05-01 13:15 . 2008-04-13 11:40 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-04-30 12:37 . 2008-05-07 13:50 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\WinPatrol
2008-04-30 10:37 . 2008-04-30 10:37 <REP> d-------- C:\WINDOWS\system32\fr
2008-04-30 10:36 . 2008-04-13 19:33 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll
2008-04-30 10:36 . 2008-04-13 19:33 285,184 --a--c--- C:\WINDOWS\system32\dllcache\fxscomex.dll
2008-04-30 10:36 . 2008-04-13 19:34 26,112 --a--c--- C:\WINDOWS\system32\dllcache\evntcmd.exe
2008-04-30 10:36 . 2008-04-13 19:33 24,064 --a------ C:\WINDOWS\system32\fxsmon.dll
2008-04-30 10:36 . 2008-04-13 19:33 24,064 --a--c--- C:\WINDOWS\system32\dllcache\fxsmon.dll
2008-04-30 10:36 . 2007-04-02 11:26 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0411.dll
2008-04-30 10:36 . 2007-04-02 11:26 19,456 --a--c--- C:\WINDOWS\system32\dllcache\agt0404.dll
2008-04-30 10:34 . 2008-04-13 19:33 563,712 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-04-30 10:33 . 2008-04-30 10:38 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-04-30 10:30 . 2008-04-13 11:23 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-04-30 10:20 . 2008-05-09 17:54 <REP> d-------- C:\WINDOWS\EHome
2008-04-30 09:39 . 2001-08-23 17:47 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-30 09:39 . 2001-08-23 17:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-30 09:39 . 2001-08-23 17:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 23:10 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\LimeWire
2008-05-16 18:21 --------- d-----w C:\Program Files\BearShare MediaBar
2008-05-16 17:30 --------- d-----w C:\Program Files\3B Software
2008-05-16 17:26 --------- d-----w C:\Program Files\Yahoo!
2008-05-14 21:58 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-14 20:36 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-13 23:57 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Uniblue
2008-05-13 20:14 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-13 13:25 --------- d-----w C:\Program Files\coolpro2
2008-05-12 20:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-12 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-11 14:06 --------- d-----w C:\Program Files\LimeWire
2008-05-09 21:23 103,776 ----a-w C:\Documents and Settings\Alexandre\System_Restore.exe
2008-05-09 19:34 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-09 19:26 --------- d-----w C:\Program Files\Symantec
2008-05-09 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-05 14:01 --------- d-----w C:\Program Files\Tibia Auto
2008-05-01 20:49 --------- d-----w C:\Program Files\RogueRemover FREE
2008-04-30 17:06 --------- d-----w C:\Program Files\PKR
2008-04-30 17:06 --------- d-----w C:\Program Files\MoodLogic
2008-04-30 17:06 --------- d-----w C:\Program Files\ExplorerXP
2008-04-30 17:05 --------- d--h--w C:\Documents and Settings\Alexandre\Application Data\VideoGift2
2008-04-30 17:05 --------- d-----w C:\Program Files\TchecMeet
2008-04-30 17:05 --------- d-----w C:\Program Files\Revenu Québec 2007
2008-04-30 17:05 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\uTorrent
2008-04-30 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-29 17:34 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Onlineteam
2008-04-25 19:59 --------- d-----w C:\Program Files\Google
2008-04-25 16:54 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-24 13:28 357,768 -c--a-w C:\Documents and Settings\Alexandre\SymXPep2.dll
2008-04-21 19:55 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-18 18:37 --------- d-----w C:\Program Files\Trellix2
2008-04-14 14:40 204,800 ----a-w C:\WINDOWS\system32\rwrhgymp.dll
2008-04-13 23:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 23:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 23:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-13 23:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-13 23:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-13 23:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-13 23:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-13 23:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-13 23:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-13 23:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-13 23:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-13 23:07 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 23:07 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 23:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 23:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 23:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-13 23:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 23:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 23:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-13 23:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 23:03 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-13 23:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-13 23:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 23:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-13 23:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 23:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 23:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 22:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 22:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-13 22:58 273,664 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 22:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 22:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 22:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 22:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-13 22:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-13 22:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 22:55 701,440 ------w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-13 22:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-13 22:55 327,168 ------w C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-04-13 22:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-13 22:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-13 22:54 103,936 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 22:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 22:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-13 22:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 16:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 16:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 16:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 16:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 16:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 16:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 16:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 16:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 16:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 16:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 16:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 16:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 16:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 16:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 16:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 16:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 16:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 16:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 16:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 16:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 16:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 16:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-09 13:40 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [ ]
"Uniblue SpeedUpMyPC"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-12 20:02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 08:30 7110656]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-12 20:02 68856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJCrQji]
ljJCrQji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnmkh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rwrhgymp]
rwrhgymp.dll 2008-04-14 10:40 204800 C:\WINDOWS\system32\rwrhgymp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DVSD"= pdvcodec.dll
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]
S2 MKEMUSB;Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkemusb.sys [2001-08-08 19:52]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 DCamUSBMke;USB Video Camera for Panasonic Digital Palmcorder;C:\WINDOWS\system32\Drivers\Mkeusbi.sys [2001-12-18 12:38]
S3 EzInstall;EzInstall;D:\ezinstall\EzInstall.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-16 13:10:00 C:\WINDOWS\Tasks\alexandre.job"
- C:\Program Files\BitDefender\BitDefender Backup\backup.exe
"2008-05-13 00:03:40 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Alexandre.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-05-13 23:33:38 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-13 23:33:37 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-17 04:42:35 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C17F134B-3553-486F-BACE-25024C360C2F}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-05-18 03:23:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 00:17:41
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\rwrhgymp.dll
.
Temps d'accomplissement: 2008-05-18 0:18:43
ComboFix-quarantined-files.txt 2008-05-18 04:18:32

Pre-Run: 116,198,772,736 octets libres
Post-Run: 116,181,082,112 octets libres

315 --- E O F --- 2008-04-12 14:33:18

Bonjour Philae. J'ai tout fait ce que me demande pour sauvegarder mes registres. Il y a peut-être quelque chose que je n'ai pas bien fait car il n'y a pas d'icone de Erunt sur le bureau. Merci à toi.

Bonjour Philea.Je t'envoie les rapports de virus total.

	Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...

Bonjour Philea. Je t'envoie le deuxième rapport :

	Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...