au secours, j'ai un trojan et j'y connais rien !! Besoin de vos lumières.

Bonjour à tous,

J'ai choppé un trojan : trojan.win32.agent.uvi et mon antivirus le met en quarantaine mais ne peut pas le supprimer et mon ordi rame trop. Bref, en allant sur les forum, j'ai lu plusieurs posts où ils conseillaient de télécharger Hijack this, ce que j'ai fait, j'ai lancé un scan et maintenant je suis avec une liste et je ne sais pas quoi en faire, alors : AU SECOURS !!
Je n'y connais pas grand chose en informatique alors je me permet de vous solliciter car franchement là j'ai besoin d'aide.
Voici la liste de hijack :
* Trend Micro HijackThis v2.0.2 *


See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components

Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention

* Version history *

[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.


Et puis ils disent de renommer hijack quand on l'installe et je ne l'ai pas fait, c'est un problème?
Je ne sais pas si vous pouvez en tirer quelque chose et puis j'ai une question : est- il dangereux ???
Aidez moi s'il vous plaît !!!
Violaine.Configuration: Windows Vista

Certainement pas!

Mais le mieux serait que tu fasse un log.
Cherche bien dans le logiciel une option qui s'appelle faire un rapport

Je vais demander pour qu'on te transfert dans la section infections, tu verra si land3 est là (que je salue ) il va te désinfecter, c'est un docteur pour les PC.

Oui t'a posté un mauvais log

Télécharger sur le bureau Malwarebyte's Anti-Malware

=> double-clic sur mbam-setup pour lancer l'installation
=> Installer simplement sans rien modifier
=> Quand le programme lancé ==> onglet Mise à jour cliquer sur => Recherche de mise à jour
Onglet Recherche => cocher Exécuter un examen complet
=> Clic Rechercher
=> Eventuellement décocher les disque à ne pas analyser
=> Clic Lancer l'examen
=> En fin de scan , si infection trouvée
==> Clic Afficher résultat
=> Fermer vos applications en cours
=> Vérifier si tout est coché et clic Supprimer la sélection

=> un rapport s'ouvre le copier et le coller dans la réponse

+

Télécharger Hijackthis sur le bureau
Dézipper sur le bureau
= clic droit dessus ==> renommer ==> écrire : "test"( à la place de "hijackthis") <== Important
=Double-clic dessus
= Clic Do a system scan and save the log
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
copier coller le rapport
si tu as des soucis pour faire un rapport
demo hijack

+

Merci pour votre réponse et désolée pour l'attente de ma réaction c'est que du coup l'ordi gèle constament. Le problème c'est que le logiciel hijack est en anglais et la seul possibilité est : do a system scan and save a log file, et c'est ce qui est apparu après le scan que j'ai copié dans mon post.
Je viens de voir votre dernier post je vais de ce pas suivre vos consignes et je reviens juste après. MERCI MERCI MERCI MERCI, je désespérai vraiment de trouver une solution.

Ajout du 07-09-2008 à 18:07:

REbonjour, alors après tout l'après-midi avec maleware, il n'a rien trouvé au scan complet, et là où j'ai un soucis (un de plus) c'est lorsque j'essaye de télécharger hijack this, comme je l'avais dit plus haut je l'avais déjà installé, je l'ai donc désinstaller pour le réinstaller et le renommer de suite et lorsque je l'installe via le lien du post me donnant la marche à suivre, voilà ce qui apparaît une fois l'installation faite :
"hijack this appears to have been started from a temporary folder. Since temp folders tend to be emptied regulary, it's wise to copy hijack this.exe to a folder of its own, for instance C:\Program Files\Hijack This."

En gros, comme je suis à peu près aussi douée en anglais qu'en informatique, (vous voyez le niveau), j'ai compris qu'il n'est pas au bon endroit, et bien sûre çà serai trop simple qu'il soit visible dans le bureau ou les programmes du menu démarrer, non, moi je le vois juste dans le panneau de configuration pour la désinstallation du programme.

Alors je pense sérieusement à balancer mon pc par la fenêtre, je le ferai certainement si je n'avais pas peur qu'un petit malin soit en train de récupérer toute mes données....

Alors voilà ou j'en suis, c'est à dire nul part, si l'un d'entre vous me répond juste de prendre des cours d'informatique je ne lui en voudrai pas. En tout cas merci, si vous avez la solution, de la partager.

dans mon message j'ai pourtant précisé


Télécharger Hijackthis sur le bureau
Dézipper sur le bureau ..


Télécharger et enregistrer sur le bureau
Combofix

=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse
Réactiver l'antivirus
============
supprimer ensuite
combofix
QooBox qui est à C:\

++

le hijackthis cette fois simplement sur le bureau

Merci beaucoup, voilà le premier rapport ( combofix)
ComboFix 08-09-05.03 - presi 2008-09-07 19:25:24.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.239 [GMT 2:00]
Endroit: C:\Users\presi\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\presi\AppData\Roaming\Microsoft\Windows\Cookies\presi@CAD4KRYI.txt
C:\Users\presi\AppData\Roaming\Microsoft\Windows\Cookies\presi@edt02[2].txt
C:\Users\presi\AppData\Roaming\Microsoft\Windows\Cookies\presi@fr.ebayrtm[1].txt
C:\Users\presi\AppData\Roaming\Microsoft\Windows\Cookies\presi@metaffiliation[2].txt
C:\Users\presi\AppData\Roaming\Microsoft\Windows\Cookies\presi@news.fr.msn[2].txt
C:\Users\presi\AppData\Roaming\Microsoft\Windows\Cookies\presi@trafiz[1].txt
C:\Users\presi\AppData\Roaming\Microsoft\Windows\Cookies\presi@wysistat[1].txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iprip


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 17:45 --------- d-----w C:\ProgramData\Lx_cats
2008-09-07 17:19 --------- d-----w C:\ProgramData\NVIDIA
2008-09-07 17:13 174 --sha-w C:\Program Files\desktop.ini
2008-09-07 17:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-07 17:02 --------- d-----w C:\Program Files\Windows Calendar
2008-09-07 17:01 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-07 17:01 --------- d-----w C:\Program Files\Windows Mail
2008-09-07 17:01 --------- d-----w C:\Program Files\Windows Journal
2008-09-07 17:01 --------- d-----w C:\Program Files\Windows Defender
2008-09-07 17:01 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-07 16:35 --------- d-----w C:\Users\presi\AppData\Roaming\Azureus
2008-09-07 09:58 --------- d-----w C:\Users\presi\AppData\Roaming\Malwarebytes
2008-09-07 09:57 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 09:55 --------- d-----w C:\ProgramData\Malwarebytes
2008-09-07 09:09 --------- d-----w C:\Program Files\Bonjour
2008-09-07 08:42 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-07 08:41 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-07 06:57 --------- d-----w C:\Program Files\Trend Micro
2008-09-06 21:01 --------- d-----w C:\Users\presi\AppData\Roaming\LimeWire
2008-09-06 20:33 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-05 12:12 --------- d-----w C:\Users\presi\AppData\Roaming\OFFICEOne7
2008-09-04 18:04 --------- d-----w C:\Users\presi\AppData\Roaming\DivX
2008-09-03 19:08 --------- d-----w C:\Program Files\DivX
2008-09-03 19:07 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-31 19:05 --------- d--h--r C:\Users\presi\AppData\Roaming\SecuROM
2008-08-30 20:44 --------- d-----w C:\ProgramData\ashampoo
2008-08-30 20:44 --------- d-----w C:\Program Files\Ashampoo
2008-08-29 20:04 --------- d-----w C:\Program Files\iTunes
2008-08-29 20:03 --------- d-----w C:\Program Files\iPod
2008-08-29 20:02 --------- d-----w C:\ProgramData\Apple Computer
2008-08-29 20:01 --------- d-----w C:\Program Files\QuickTime
2008-08-29 12:49 --------- d-----w C:\Program Files\Xvid
2008-08-29 10:13 --------- d-----w C:\Program Files\Java
2008-08-29 10:11 --------- d-----w C:\Program Files\Common Files\Java
2008-08-29 10:09 --------- d-----w C:\Program Files\LimeWire
2008-08-29 08:50 --------- d-----w C:\Program Files\Vuze
2008-08-29 08:48 --------- d-----w C:\ProgramData\Azureus
2008-08-29 08:48 --------- d-----w C:\Program Files\AskSBar
2008-08-11 16:55 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-08-11 16:17 --------- d-----w C:\Program Files\Electronic Arts
2008-08-11 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 15:42 --------- d-----w C:\Program Files\THQ
2008-08-11 15:25 --------- d-----w C:\Program Files\Google
2008-08-04 15:55 --------- d-----w C:\Program Files\Steinberg
2008-08-04 10:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 15:24 --------- d-----w C:\Program Files\EA GAMES
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:50 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-07-23 16:50 120,056 ------w C:\Windows\System32\PxCpyI64.exe
2008-07-23 16:50 118,520 ------w C:\Windows\System32\PxInsI64.exe
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-22 19:17 --------- d-----w C:\Program Files\Virtools Web Player 3.5
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-17 11:39 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-27 15:55 30,544 ----a-w C:\Windows\dirdib.drv
2008-06-27 15:55 30,464 ----a-w C:\Windows\macromix.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-07 20:48 21,321,008 ----a-w C:\Users\presi\QuickTimeInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-29 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-08-29 10:48 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-29 68856]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920]
"F-Secure Manager"="C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-03-06 435120]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-03-06 312240]
"LXDICATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDItime.dll" [2007-02-26 102400]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]

C:\Users\presi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de d‚tection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-01-17 344064]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2007-08-12 323584]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
backup=C:\Windows\pss\OFFICE One Startup v7.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-11-14 15:55 50736 C:\Program Files\Common Files\aol\1136148254\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--a------ 2006-10-23 16:49 1092152 C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15DA30AD-8FBC-42A4-8553-B13CBE4CBCC2}"= Profile=Private|C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{9DBFDF74-DD6D-4AAA-B16F-BF042986C0B6}"= Disabled:UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{7FD2355E-68FF-4A4F-AEB1-9D042925BC40}"= Disabled:TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{10B6C2D4-A469-4509-AD25-4CB8FD522E56}"= Disabled:UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{506D562E-D479-4456-9292-4B0B4C44ECAE}"= Disabled:TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
"{655FB7C5-31C3-436F-87C6-F3670EB42B89}"= Disabled:UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B8393477-4A14-4306-9216-5DBB0CFFA428}"= Disabled:TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{02305D9D-85BA-449F-985D-50C0DDA60521}"= Disabled:UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{80BED819-853A-4C46-B1E4-C0A28417949A}"= Disabled:TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{9DD6CE0D-CF70-4342-8CA3-10A9382E8098}"= Disabled:UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C9F68B1E-64C5-46FC-8B73-F67E68A48BB4}"= Disabled:TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{E1ABEF43-E5D1-4D29-BB31-B59008E8463B}"= UDP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
"{A8C6FAC4-A6F5-42E2-847D-CCB129B6DEDE}"= TCP:C:\Windows\System32\lxdicoms.exe:Lexmark Communications System
"{1BFDF520-D3CF-455E-AC2B-F1CFA4E5CFFC}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{9F0870A6-DD5F-4287-949A-0B56C2005D3C}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{5A862E35-06C3-4BFF-89F6-3844148F8F9D}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{FA5B6A9B-7015-45D5-8DF4-BD4E39F78665}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{4B71BDE3-36EB-4FB8-83AA-F395F9682BA0}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{93A6DA4F-5402-4708-B2CB-D0E3319C48E5}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{9D76043D-DBBE-45DA-83AC-F8946A7CBA44}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D438CAFE-2F09-43C5-800D-BFD2E4DA5826}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
"{979912C5-DAC1-4664-AF25-D40FE7FB8F25}"= Disabled:UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:
"{34CB2143-A990-41D3-B112-3003FDBEEF5C}"= Disabled:TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdiwbgw.exe:
"{7E14192D-6A59-4E3B-8102-045670BCDCEA}"= Disabled:UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{23C2EF3F-0D98-415B-AB55-2832B41B0278}"= Disabled:TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{0AE7710A-3CFF-4962-9730-270B94A83923}"= Disabled:UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B1CC0F9C-7CC4-409F-B84F-B4B7EF5B3E61}"= Disabled:TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3402E81F-36F6-4FEE-B0F2-19DE68C825E3}"= Disabled:UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{10ED7B7E-3090-42B9-A8EA-9DC0FE366441}"= Disabled:TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
"{9F88F86D-DE14-476F-8B4E-6C656D74BB54}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{BD91FB95-AE15-4576-B270-0EDA08A3DF4B}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{B8B5BFC6-18D5-4287-8676-09069A315423}D:\\fscommand\\vividas.exe"= Disabled:UDP:D:\fscommand\vividas.exe:Vividas Player
"UDP Query User{149567A7-F63D-4709-8BB3-BD7199A50D77}D:\\fscommand\\vividas.exe"= Disabled:TCP:D:\fscommand\vividas.exe:Vividas Player
"{9B58135C-4B30-4801-866B-921CDC238A46}"= Disabled:C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4F7F11CF-A024-4758-A6C0-8B465C26697F}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:
"{20F9549A-3F5A-49E5-B726-0DA3C8091AD4}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdipswx.exe:
"{31335DBA-8BD6-4CD2-BB56-E686935CF7D6}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:
"{FF8A72F5-F355-4880-8BB2-E9DD3F207444}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdijswx.exe:
"{0317B856-D1F0-4892-842C-2DADB645DB97}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:
"{26A2C57F-D4FD-4FC5-A39B-347F4BD20D9B}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxditime.exe:
"{465437DD-A115-4170-A8B3-DB303FB5C5BD}"= UDP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:
"{3A476600-2219-4100-A2E9-B65545D76E4B}"= TCP:C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|

R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-02-27 41184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2007-06-13 52736]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2007-06-13 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2007-06-13 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LPDService REG_MULTI_SZ LPDSVC
ipripsvc REG_MULTI_SZ iprip
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O16 -: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
C:\Windows\Downloaded Program Files\CERTDGI1.dll

O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
C:\Windows\Downloaded Program Files\DownloadManagerV2.inf
C:\Windows\Downloaded Program Files\Manager.exe
C:\Windows\Downloaded Program Files\DownloadManagerV2.ocx

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
C:\Windows\Downloaded Program Files\AdSignerADP.inf
C:\Windows\System32\msvcp60.dll
C:\Windows\System32\atl.dll
C:\Windows\Downloaded Program Files\AdVerifierADP.dll
C:\Windows\Downloaded Program Files\AdSignerADP.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 19:46:15
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\Users\presi\AppData\Local\Temp\~DF1BE1.tmp 16384 bytes
C:\Users\presi\AppData\Local\Temp\~DF1CB8.tmp 512 bytes

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Windows\System32\lxdicoms.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Windows\System32\conime.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\program\fsdfwd.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\msiexec.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
C:\Windows\System32\sdclt.exe
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
C:\Windows\System32\RacAgent.exe
C:\Windows\System32\mcbuilder.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 19:57:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 17:56:38

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 174,067,937,280 octets libres

299 --- E O F --- 2008-09-07 09:47:00




Je vais maintenant faire le scan hijack this et je le post aussitôt fait.

Ajout du 07-09-2008 à 20:29:

Ca y ai ! voici le rapport de hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:26, on 07/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriverT.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriverT.exe
C:\Windows\system32\sdclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\presi\Desktop\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDICATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220004692326&h=2b0fa4f0e35264d03c5ff44d6f2a9f49/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Users\presi\AppData\Local\Temp\{BEDD87B7-B0A9-491E-A3A4-04AE7CFDAA7A}\NMSAccessU.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9289 bytes

Tu a deux antivirus.

Orange ( qui est totalement inutile, lourd, et mauvais . ) Désinstalle le et arrête de le payer et garde F-Secure

Dis moi si tu a toujours des problèmes.

Alors, heu, j'étais pas au courant qu'il y en avait deux, je pensais juste avoir le truc d'orange je sais déjà pas où est l'autre...
Par contre, pour le pc c'est + que mieux, il marche super bien, merci beaucoup vous venez de me sortir d'un sacré pétrin. Du coup, le trojan est toujours en quarantaine, j'ai retrouvé le fichier qui était cité dans l'emplacement du trojan et je l'ai supprimé (le fichier). Et la bêbête elle est toujours en quarantaine, j'en fait quoi? Et le F-secure, il est où???

L'antivirus Orange C'EST F-Secure, y en a pas deux, en fait.

Alors jpige pas, si mon antivirus orange c'est aussi fsecure pourquoi j'l'enlève pour le remettre ??