SVP aidez moi fenetre intempestive ecran blan

slt,

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

___________________

refais hijakchtis en suivant le manuel: car tu as mis hijackhtis dans un fichier temporaire et il ne faut pas!

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
_________________

sur le nouveau rapport,

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: XTN Monitor - {0BB25A64-41B8-4051-A627-A8B9F2DA6FD2} - C:\WINDOWS\ddwlxtqowd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: The enqvwkp - {92162A1C-A9E3-4C0C-BCDC-2996E8406887} - C:\WINDOWS\enqvwkp.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\4\strpmon.exe" dm=http://www.321auto.com; ad=https://www.largus.fr/actualite-automobile/
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" dm=http://pasendommagement.com; ad=http://pasendommagement.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)..
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-9b7c605c5dfb0592.spaces.live.com/PhotoUpload/MsnPUpld.cab
O21 - SSODL: bmlvqkn - {2146E512-BD57-46FB-AECC-22907F9F1261} - C:\WINDOWS\bmlvqkn.dll (file missing)
O21 - SSODL: agrlmvp - {89F39CB5-6301-4ABA-A4B9-352B63FA4B9B} - C:\WINDOWS\agrlmvp.dll

____________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\Fichiers communs\4\strpmon.exe
C:\Program Files\Fichiers communs\PasenDommagement\mc.exe
C:\WINDOWS\agrlmvp.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________

colle un rapport avec antivir que tu as et recolle un rapport hiajckhtis et dis tes soucis

est ce bien ca que je devais coller

ComboFix 08-01-23.1C - stephseb 2008-01-25 21:33:02.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.171 [GMT 1:00]
Endroit: C:\Documents and Settings\stephseb\Local Settings\Temporary Internet Files\Content.IE5\H2IKDCX4\ComboFix[1].exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 21:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-20 23:08 . 2008-01-20 23:08 176 --a------ C:\WINDOWS\wininit.ini
2008-01-18 19:26 . 2008-01-18 19:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-18 19:14 . 2008-01-18 19:14 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-01-18 19:13 . 2008-01-18 19:13 <REP> d-------- C:\Program Files\Real
2008-01-18 19:13 . 2008-01-18 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-01-18 19:13 . 2008-01-18 19:13 3,948 --a------ C:\WINDOWS\mozver.dat
2008-01-17 21:13 . 2008-01-17 21:13 <REP> d-------- C:\Program Files\Lavalys
2008-01-16 20:37 . 2008-01-16 20:37 <REP> d-------- C:\Program Files\Avira
2008-01-15 19:17 . 2008-01-16 19:58 2,134 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-15 19:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-15 19:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-15 19:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-15 19:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-15 19:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-15 19:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-15 04:04 . 2008-01-14 18:23 229,376 --a------ C:\WINDOWS\agrlmvp.dll
2008-01-15 04:04 . 2008-01-14 18:23 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-15 04:03 . 2008-01-23 13:22 <REP> d-------- C:\Program Files\MediaStarCodec
2008-01-13 09:32 . 2008-01-14 00:12 <REP> d-------- C:\Program Files\BankPerfect
2008-01-13 09:28 . 2008-01-17 13:38 <REP> d-------- C:\Program Files\Comptes et Budget V5.0
2008-01-13 09:07 . 2008-01-13 09:08 105 --a------ C:\WINDOWS\MINITEL.INI
2008-01-13 08:58 . 2008-01-13 08:58 <REP> d-------- C:\Program Files\TLC-Edusoft
2008-01-13 08:58 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-25 20:27 . 2007-12-25 20:27 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.18

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:29 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-21 13:20 --------- d-----w C:\Program Files\eMule
2008-01-18 18:13 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-18 18:13 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-18 18:13 --------- d-----w C:\Program Files\Google
2008-01-16 21:05 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-16 21:04 --------- d-----w C:\Program Files\Fichiers communs\4
2008-01-10 19:47 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-12 23:17 --------- d-----w C:\Program Files\QuickTime
2007-12-09 20:10 --------- d-----w C:\Program Files\Pixiphot
2007-12-01 23:28 --------- d-----w C:\Program Files\EPSON
2007-11-30 11:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB25A64-41B8-4051-A627-A8B9F2DA6FD2}]
C:\WINDOWS\ddwlxtqowd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{92162A1C-A9E3-4C0C-BCDC-2996E8406887}

[HKEY_CLASSES_ROOT\clsid\{92162a1c-a9e3-4c0c-bcdc-2996e8406887}]
[HKEY_CLASSES_ROOT\enqvwkp.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B9F32461-19C4-45CC-A64C-D79E35732DA5}]
[HKEY_CLASSES_ROOT\enqvwkp.ToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-28 23:43 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 11:40 68856]
"PasenDommagement"="C:\Program Files\PasenDommagement\GDC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-05-02 08:19 323584 C:\WINDOWS\system32\nwiz.exe]
"NWEReboot"="" []
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02 563984]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"Salestart(1)"="C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-16 20:46 249896]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-18 19:13 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bmlvqkn"= {2146E512-BD57-46FB-AECC-22907F9F1261} - C:\WINDOWS\bmlvqkn.dll [ ]
"agrlmvp"= {89F39CB5-6301-4ABA-A4B9-352B63FA4B9B} - C:\WINDOWS\agrlmvp.dll [2008-01-14 18:23 229376]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^stephseb^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\stephseb\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-20 00:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gfxtray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 15:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
--a------ 2003-07-03 13:19 433152 C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oouserv6.exe]
--a------ 2003-06-30 05:00 256000 C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 11:40 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys []

*Newly Created Service* - HTTPFILTER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-16 22:56:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 19:42:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:42, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: agrlmvp - {61892AE6-F475-4ED1-8C88-484CB67CD41B} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

est ce bien ca que je devais coller

ComboFix 08-01-23.1C - stephseb 2008-01-25 21:33:02.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.171 [GMT 1:00]
Endroit: C:\Documents and Settings\stephseb\Local Settings\Temporary Internet Files\Content.IE5\H2IKDCX4\ComboFix[1].exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 21:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-20 23:08 . 2008-01-20 23:08 176 --a------ C:\WINDOWS\wininit.ini
2008-01-18 19:26 . 2008-01-18 19:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-18 19:14 . 2008-01-18 19:14 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-01-18 19:13 . 2008-01-18 19:13 <REP> d-------- C:\Program Files\Real
2008-01-18 19:13 . 2008-01-18 19:14 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-01-18 19:13 . 2008-01-18 19:13 3,948 --a------ C:\WINDOWS\mozver.dat
2008-01-17 21:13 . 2008-01-17 21:13 <REP> d-------- C:\Program Files\Lavalys
2008-01-16 20:37 . 2008-01-16 20:37 <REP> d-------- C:\Program Files\Avira
2008-01-15 19:17 . 2008-01-16 19:58 2,134 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-15 19:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-15 19:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-15 19:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-15 19:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-15 19:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-15 19:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-15 04:04 . 2008-01-14 18:23 229,376 --a------ C:\WINDOWS\agrlmvp.dll
2008-01-15 04:04 . 2008-01-14 18:23 81,920 --a------ C:\WINDOWS\fxtqdrl.exe
2008-01-15 04:03 . 2008-01-23 13:22 <REP> d-------- C:\Program Files\MediaStarCodec
2008-01-13 09:32 . 2008-01-14 00:12 <REP> d-------- C:\Program Files\BankPerfect
2008-01-13 09:28 . 2008-01-17 13:38 <REP> d-------- C:\Program Files\Comptes et Budget V5.0
2008-01-13 09:07 . 2008-01-13 09:08 105 --a------ C:\WINDOWS\MINITEL.INI
2008-01-13 08:58 . 2008-01-13 08:58 <REP> d-------- C:\Program Files\TLC-Edusoft
2008-01-13 08:58 . 1998-10-07 13:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-25 20:27 . 2007-12-25 20:27 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.18

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 20:29 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-21 13:20 --------- d-----w C:\Program Files\eMule
2008-01-18 18:13 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-01-18 18:13 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-01-18 18:13 --------- d-----w C:\Program Files\Google
2008-01-16 21:05 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement
2008-01-16 21:04 --------- d-----w C:\Program Files\Fichiers communs\4
2008-01-10 19:47 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-12 23:17 --------- d-----w C:\Program Files\QuickTime
2007-12-09 20:10 --------- d-----w C:\Program Files\Pixiphot
2007-12-01 23:28 --------- d-----w C:\Program Files\EPSON
2007-11-30 11:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BB25A64-41B8-4051-A627-A8B9F2DA6FD2}]
C:\WINDOWS\ddwlxtqowd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{92162A1C-A9E3-4C0C-BCDC-2996E8406887}

[HKEY_CLASSES_ROOT\clsid\{92162a1c-a9e3-4c0c-bcdc-2996e8406887}]
[HKEY_CLASSES_ROOT\enqvwkp.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{B9F32461-19C4-45CC-A64C-D79E35732DA5}]
[HKEY_CLASSES_ROOT\enqvwkp.ToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2007-06-28 23:43 81920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 14:18 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 11:40 68856]
"PasenDommagement"="C:\Program Files\PasenDommagement\GDC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-05-02 08:19 323584 C:\WINDOWS\system32\nwiz.exe]
"NWEReboot"="" []
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02 563984]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 23:43 8466432]
"Salestart(1)"="C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-16 20:46 249896]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-18 19:13 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bmlvqkn"= {2146E512-BD57-46FB-AECC-22907F9F1261} - C:\WINDOWS\bmlvqkn.dll [ ]
"agrlmvp"= {89F39CB5-6301-4ABA-A4B9-352B63FA4B9B} - C:\WINDOWS\agrlmvp.dll [2008-01-14 18:23 229376]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^stephseb^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\stephseb\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-20 00:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gfxtray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 15: 06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-28 23:43 8466432 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
--a------ 2003-07-03 13:19 433152 C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oouserv6.exe]
--a------ 2003-06-30 05:00 256000 C:\Program Files\OFFICE ONE6.5\program\oouserv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 12:31 22880040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 11:40 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys []

*Newly Created Service* - HTTPFILTER
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-16 22:56:35 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 19:42:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"7 message(s) posté(s) depuis le mercredi 16 janvier 2008

File/Folder C:\Program Files\Fichiers communs\4\strpmon.exe not found.
File/Folder C:\Program Files\Fichiers communs\PasenDommagement\mc.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\agrlmvp.dll
C:\WINDOWS\agrlmvp.dll NOT unregistered.
C:\WINDOWS\agrlmvp.dll moved successfully.

Created on 01-25-2008 22:48:56

ok

colle un rapport avec antivir que tu as et recolle un rapport hiajckhtis et dis tes soucis

AntiVir PersonalEdition Classic
Report file date: 2008-01-25 23:04

Scanning for 1070348 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BILL

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 19:46:22
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 22:03:43
ANTIVIR3.VDF : 7.0.2.50 2048 Bytes 2008-01-25 22:03:43
AVEWIN32.DLL : 7.6.0.56 3215872 Bytes 2008-01-25 22:03:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-16 19:46:24
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-01-25 23:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT106.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5dfe.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT12C.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e00.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT13F.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e02.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT142.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e04.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT167.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e06.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT17E.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e0a.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT195.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e0c.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT1AC.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e0e.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT1C2.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e0f.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT1D1.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e15.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT1D4.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e17.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT1DB.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e19.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT1EF.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e1b.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT206.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e1f.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT21E.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e20.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT235.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d201.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT24D.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e22.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT26A.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e21.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT270.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d202.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT278.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e23.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT28.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d204.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT28E.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d203.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT290.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e24.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT297.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d205.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT2A.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e25.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT2B7.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d206.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT2D5.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e27.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT2E5.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e26.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT2FC.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d207.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT303.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e28.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT31C.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d208.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT32.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e29.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT333.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d20a.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT34D.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d209.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT35.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e2a.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT35B.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d20b.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT371.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e2b.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT38C.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d20c.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT3A3.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e2d.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT3B5.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e2c.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT3C5.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d20d.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT3DD.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e2e.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT3E2.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d20e.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT3E4.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e2f.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT3FE.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d210.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT415.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e31.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT438.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d20f.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT44F.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e30.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT46.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d211.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT465.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d212.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT47D.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e33.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT65.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e32.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT6F.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d213.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT7C.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e34.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BIT90.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d214.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BITA.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e35.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BITA9.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d216.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BITBE.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d215.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BITD8.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '47ee5e36.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\BITED.tmp
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '4670d217.qua'!
C:\Documents and Settings\stephseb\Local Settings\Temp\desktop_background.zip
[0] Archive type: ZIP
--> install-privacy-danger.bat
[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger
[INFO] The file was moved to '480d5e4b.qua'!

End of the scan: 2008-01-25 23:38
Used time: 33:26 min

The scan has been done completely.

5914 Scanning directories
128014 Files were scanned
61 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
61 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
127953 Files not concerned
1330 Archives were scanned
1 Warnings
3 Notes

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:59, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\stephseb\LOCALS~1\Temp\Rar$EX00.031\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: agrlmvp - {61892AE6-F475-4ED1-8C88-484CB67CD41B} - C:\WINDOWS\agrlmvp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

tout d'abord merci
sinon je pense qu'au debut je n'ai pas bien repondu
de plus je suis tres surprise du nombre de virus que antivir a trouvé
j'espre que ca va aller mieux je verai demain matin
mais la pour l'instant j'ai toujours mon ecran blanc
a suivre
merci encore deja

bon le peu que j'y suis aller sur l'ordi pas de fenetreintempestive (pourvu que ca dur )
mais toujours fond d'ecran blanc donc j'ai fait smitfraudfix et plus rien
dois garder les logiciel tellecharger comme otmovelt ect
antivir est il bien
est que dois je faire pour ne plus avoir ce probleme car deja eu et et reformater ordi
voila sinon merci pour tout

vire ce qui est en quarantaine dans antivir et recolle un rapport

______________

tu as fais smitfraud fix? encore des problemes de fond d'ecran ou autre?

________________

antivir est res bien en gratuit c'est actuellement le mieux!

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

naviguer avec firefox ou opera ou safari moins touchés par les virus que internet explorer

a plus

salut merci pout tout
sinon hier j'ai voulu desinstaller spybot pour mettre le dernier et la apres que l'ordi se soit rallumer impossible de me connecté a internet il ne disait l'assitant n'a pas pu detecté le periferique de connection reseau donc 3/4 heure avec le neuf pour eux ca ne venait pas d'eux donc j'ai fait une restauration systheme a dimanche et la je peu me connecter
je sais que les restauration c'est pas le top mais a tu une idée de se qui a pu se passer du coup je n'ose plus rien desinstaller par peur que cela recommence merci

si tu as fait une restauration systeme, tu as peut etre remis les virus...

recolle un rapport azntivir et hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31, on 2008-01-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\stephseb\LOCALS~1\Temp\Rar$EX00.859\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: agrlmvp - {61892AE6-F475-4ED1-8C88-484CB67CD41B} - C:\WINDOWS\agrlmvp.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

AntiVir PersonalEdition Classic
Report file date: 2008-01-29 17:33

Scanning for 1083693 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BILL

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 19:46:22
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 22:03:43
ANTIVIR3.VDF : 7.0.2.64 181760 Bytes 2008-01-29 11:37:42
AVEWIN32.DLL : 7.6.0.57 3215872 Bytes 2008-01-29 11:37:42
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-16 19:46:24
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-01-29 17:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: 2008-01-29 18:01
Used time: 27:24 min

The scan has been done completely.

5884 Scanning directories
124007 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
124007 Files not concerned
1245 Archives were scanned
1 Warnings
3 Notes

non ca va:
tu peux fixer cette ligne

O21 - SSODL: agrlmvp - {61892AE6-F475-4ED1-8C88-484CB67CD41B} - C:\WINDOWS\agrlmvp.dll (file missing)

______________

oui le nouveau spybot pose parfois soucis a l'installation

bonne continuation!

qu'entend tu par fixer cette ligne
de plus (tu vas jamais t'en soritr de moi et je te remercie encore de ton aide )
je veux desinstaller spybot pour mettre le dernier et il y a ecris impossible SDHelper.dll accés refuser j'ai fais des recherche meme avec unlocker ca ne parche pas que faire

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O21 - SSODL: agrlmvp - {61892AE6-F475-4ED1-8C88-484CB67CD41B} - C:\WINDOWS\agrlmvp.dll (file missing)

_________________

esayye de desinstaller spybot en mode sans echec:

http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924