J'ai un vundo@dll.trj

seb -  
 Utilisateur anonyme -
Bonjour,

j'ai un cheval de troie qui me lache plus...
vundofix ne trouve rien
j'ai lancer un scan avec hijackthis et je ne sais pas quoi faire du résultat le voila merci pour l'aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:41, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\dnetc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - C:\WINDOWS\system32\cbXPiFxv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qmoclya] c:\documents and settings\seb elmon\local settings\application data\qmoclya.exe qmoclya
O4 - HKCU\..\Run: [hhmgkkoc] c:\documents and settings\seb elmon\local settings\application data\hhmgkkoc.exe hhmgkkoc
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXPiFxv - C:\WINDOWS\SYSTEM32\cbXPiFxv.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 11010 bytes
Configuration: Windows XP
Internet Explorer 7.0

45 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un cheval de Troie persiste sur le système malgré les outils de sécurité et le rapport HijackThis ne permet pas d’éliminer complètement l’infection. Pour remédier à la contamination, il est recommandé de télécharger Trend Micro HijackThis et d’exécuter DSS (Comboscan) puis SystemScan, puis de poster les rapports complets. Le processus conseille d’enregistrer les rapports et de les copier dans la réponse, afin d’identifier les éléments malveillants restants et de guider une suppression plus ciblée. En cas de détection persistante, la prochaine étape peut inclure une réinitialisation des navigateurs et la vérification des services démarrants, avec un nettoyage du registre.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Salut ,
    On va arrêter là le massacre.

    Seb > Tu es encore infecté.

    ******************************************


    → Télécharge TrendMicro™ HijackThis™

    Place le dans ' C:\programmes\ '

    PUIS ,,

    → Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    (choisis enregistrer, puis Bureau comme emplacement)

    Ferme toutes les applications en cours.

    → Double-clic sur DSS.exe pour lancer l'outil.

    → Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    → A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


    ******************************************


    Télécharge http://www.suspectfile.com/systemscan/ ( Systemscan )

    → Double clic dessus (ferme ton antivirus le temps du téléchargement s'il te détecte quoi que ce soit et réactive le après)

    → Clique sur Unselect all

    Coche uniquement ces cases :

    _ Recent Files, 30 days

    _ Registry run keys

    _ Suspicious files

    Puis clique sur scan now, sois patient.
    Une fois le scan terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


    ******************************************


    Bonne chance
    A++
    1
    1. seb
       
      voila main txt
      Deckard's System Scanner v20071014.68
      Run by Seb Elmon on 2008-05-29 23:06:10
      Computer is in Normal Mode.
      --------------------------------------------------------------------------------

      -- System Restore --------------------------------------------------------------

      Successfully created a Deckard's System Scanner Restore Point.


      -- Last 5 Restore Point(s) --
      19: 2008-05-29 21:06:15 UTC - RP481 - Deckard's System Scanner Restore Point
      18: 2008-05-29 18:40:38 UTC - RP480 - Point de vérification système
      17: 2008-05-28 17:57:52 UTC - RP479 - AntiVir PersonalEdition Classic - 28/05/2008 19:57
      16: 2008-05-28 17:31:55 UTC - RP478 - Installé OpenOffice.org Installer 1.0
      15: 2008-05-28 17:20:48 UTC - RP477 - Installé Java(TM) 6 Update 6


      -- First Restore Point --
      1: 2008-05-10 13:03:06 UTC - RP463 - Point de vérification système


      Backed up registry hives.
      Performed disk cleanup.



      -- HijackThis (run as Seb Elmon.exe) -------------------------------------------

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:08:00, on 29/05/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\dnetc.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\dss.exe
      C:\PROGRA~1\TRENDM~1\HIJACK~1\Seb Elmon.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      0
    2. seb
       
      voici report.txt
      SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

      Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1)
      System directory: C:\WINDOWS
      SystemScan file: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\sys92499.exe
      Running in: User mode
      Date: 29/05/2008
      Time: 23:18:20

      Output limited to:
      -Recent files
      -Registry Run Keys
      -Suspicious Files

      ===================== RECENT FILES =====================

      Showing files newer than 30 days

      ----- recent files in C:\
      10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- System Volume Information
      15/05/2008 14:06:30 (DIR) 0 byte 14 days old -- i386
      22/05/2008 11:18:14 (DIR) 0 byte 7 days old -- kav
      23/05/2008 19:26:53 969 byte 6 days old -- VundoFix.txt
      28/05/2008 15:03:41 640432 byte 1 days old -- upload_moi_ELMON.tar.gz
      28/05/2008 15:30:47 198 byte 1 days old -- resultat_clean.txt
      28/05/2008 15:32:50 637 byte 1 days old -- rapport_clean.txt
      28/05/2008 18:39:20 13463 byte 1 days old -- ComboFix.txt
      28/05/2008 18:54:04 (DIR) 0 byte 1 days old -- RECYCLER
      28/05/2008 19:31:57 (DIR) 0 byte 1 days old -- Config.Msi
      28/05/2008 21:15:45 3103 byte 1 days old -- TCleaner.txt
      29/05/2008 22:04:22 209 byte 0 days old -- boot.ini
      29/05/2008 22:24:00 1610612736 byte 0 days old -- pagefile.sys
      29/05/2008 22:24:02 (DIR)1071796224 byte 0 days old -- hiberfil.sys
      29/05/2008 22:26:18 (DIR) 0 byte 0 days old -- WINDOWS
      29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Program Files
      29/05/2008 23:06:06 (DIR) 0 byte 0 days old -- Deckard

      ----- recent files in C:\WINDOWS\
      15/05/2008 11:49:17 1208 byte 14 days old -- wininit.ini
      19/05/2008 20:24:27 (DIR) 0 byte 10 days old -- $NtUninstallKB950749$
      22/05/2008 11:36:24 614 byte 7 days old -- BM97e7ca65.txt
      28/05/2008 10:31:38 (DIR) 0 byte 1 days old -- $hf_mig$
      28/05/2008 11:45:54 (DIR) 0 byte 1 days old -- $NtUninstallKB932823-v3$
      28/05/2008 11:46:01 (DIR) 0 byte 1 days old -- inf
      28/05/2008 15:15:20 (DIR) 0 byte 1 days old -- network diagnostic
      28/05/2008 19:34:14 (DIR) 0 byte 1 days old -- Installer
      28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Debug
      28/05/2008 20:19:50 (DIR) 0 byte 1 days old -- Minidump
      29/05/2008 08:29:06 (DIR) 0 byte 0 days old -- pss
      29/05/2008 15:56:21 (DIR) 0 byte 0 days old -- system32
      29/05/2008 22:00:35 4776 byte 0 days old -- ModemLog_SoftV90 Data Fax Modem.txt
      29/05/2008 22:04:22 227 byte 0 days old -- system.ini
      29/05/2008 22:04:22 699 byte 0 days old -- win.ini
      29/05/2008 22:23:07 32512 byte 0 days old -- SchedLgU.Txt
      29/05/2008 22:24:04 2048 byte 0 days old -- bootstat.dat
      29/05/2008 22:24:19 50 byte 0 days old -- wiaservc.log
      29/05/2008 22:24:20 159 byte 0 days old -- wiadebug.log
      29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- Registration
      29/05/2008 22:25:04 0 byte 0 days old -- 0.log
      29/05/2008 22:28:45 32 byte 0 days old -- buff-out.r72
      29/05/2008 23:05:03 1381167 byte 0 days old -- WindowsUpdate.log
      29/05/2008 23:05:03 1212 byte 0 days old -- wmsetup.log
      29/05/2008 23:06:15 (DIR) 0 byte 0 days old -- erdnt
      29/05/2008 23:17:16 (DIR) 0 byte 0 days old -- Temp
      29/05/2008 23:17:36 (DIR) 0 byte 0 days old -- Prefetch
      29/05/2008 23:17:55 384 byte 0 days old -- jantje
      29/05/2008 23:17:55 8304 byte 0 days old -- buff-in.ogf
      29/05/2008 23:17:55 208 byte 0 days old -- buff-out.ogf
      29/05/2008 23:17:55 32 byte 0 days old -- buff-in.r72

      ----- recent files in C:\WINDOWS\Downloaded Program Files\

      ----- recent files in C:\WINDOWS\system\

      ----- recent files in C:\WINDOWS\system32\
      09/05/2008 23:35:04 16863864 byte 20 days old -- MRT.exe
      10/05/2008 14:59:38 (DIR) 0 byte 19 days old -- Restore
      10/05/2008 15:00:33 1 byte 19 days old -- kr_done1de
      22/05/2008 11:35:17 0 byte 7 days old -- clkcnt.txt
      28/05/2008 11:45:55 (DIR) 0 byte 1 days old -- dllcache
      28/05/2008 16:12:57 (DIR) 0 byte 1 days old -- config
      28/05/2008 19:14:36 (DIR) 0 byte 1 days old -- FlashAX
      28/05/2008 19:31:37 6508 byte 1 days old -- jupdate-1.6.0_06-b02.log
      28/05/2008 19:45:17 3072 byte 1 days old -- CONFIG.NT
      28/05/2008 19:58:03 (DIR) 0 byte 1 days old -- drivers
      29/05/2008 22:24:20 (DIR) 0 byte 0 days old -- CatRoot2
      29/05/2008 22:26:12 2206 byte 0 days old -- wpa.dbl

      ----- recent files in C:\WINDOWS\system32\drivers\
      05/05/2008 20:46:32 15864 byte 24 days old -- mbam.sys
      05/05/2008 20:46:36 27048 byte 24 days old -- mbamcatchme.sys
      28/05/2008 20:12:24 79424 byte 1 days old -- avipbb.sys
      28/05/2008 23:19:07 (DIR) 0 byte 1 days old -- etc

      ----- recent files in C:\WINDOWS\temp\

      ----- recent files in C:\Program Files\
      08/05/2008 14:41:33 (DIR) 0 byte 21 days old -- FileZilla FTP Client
      09/05/2008 12:51:18 (DIR) 0 byte 20 days old -- Luxor 3
      22/05/2008 10:18:57 (DIR) 0 byte 7 days old -- eMule
      28/05/2008 12:25:53 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
      28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Fichiers communs
      28/05/2008 19:31:37 (DIR) 0 byte 1 days old -- Java
      28/05/2008 19:31:56 (DIR) 0 byte 1 days old -- Sun
      28/05/2008 19:45:42 (DIR) 0 byte 1 days old -- Alwil Software
      28/05/2008 19:58:02 (DIR) 0 byte 1 days old -- Avira
      28/05/2008 20:18:39 (DIR) 0 byte 1 days old -- CCleaner
      28/05/2008 20:21:52 (DIR) 0 byte 1 days old -- Yahoo!
      29/05/2008 23:05:09 (DIR) 0 byte 0 days old -- Trend Micro

      ----- recent files in C:\Program Files\Fichiers communs\
      28/05/2008 19:30:08 (DIR) 0 byte 1 days old -- Java

      ----- recent files in C:\Documents and Settings\Seb Elmon\Application Data\
      02/05/2008 10:32:58 (DIR) 0 byte 27 days old -- Mozilla
      07/05/2008 11:36:09 (DIR) 0 byte 22 days old -- Microsoft
      08/05/2008 15:16:36 (DIR) 0 byte 21 days old -- FileZilla
      11/05/2008 19:12:52 196 byte 18 days old -- G-Force Prefs (WindowsMediaPlayer).txt
      22/05/2008 11:20:30 (DIR) 0 byte 7 days old -- uTorrent
      28/05/2008 12:26:03 (DIR) 0 byte 1 days old -- Malwarebytes

      ----- recent files in C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\
      29/05/2008 22:32:56 75460 byte 0 days old -- WCESLog.log
      29/05/2008 23:17:26 25850 byte 0 days old -- WCESMgr.log
      29/05/2008 23:17:26 16384 byte 0 days old -- ~DF3433.tmp
      29/05/2008 23:17:26 76 byte 0 days old -- systemscan.ini
      29/05/2008 23:17:26 (DIR) 0 byte 0 days old -- nsw29.tmp

      ===================== REGISTRY SCAN =====================


      -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run-----

      [run]
      "ISUSScheduler"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe\" -start"
      "ISUSPM Startup"="\"C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe\" -startup"
      "GrooveMonitor"="\"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe\""
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe"
      "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon"
      "avgnt"="\"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min"
      "ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
      "94d4f9f9"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"

      [run\OptionalComponents]
      @=""

      [run\OptionalComponents\IMAIL]
      @=""

      [run\OptionalComponents\MAPI]
      @=""

      [run\OptionalComponents\MSFS]
      @=""

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run-----

      [Run]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
      "H/PC Connection Agent"="\"C:\Program Files\Microsoft ActiveSync\wcescomm.exe\""

      -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run-----

      [Run]

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

      [Run]

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-----

      [Run]

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows-----

      [Windows]
      "AppInit_DLLs"=""

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad-----

      [ShellServiceObjectDelayLoad]
      "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
      #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
      "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
      #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll"
      "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
      #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll"
      "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
      #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll"
      "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
      #### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll"

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks-----

      [ShellExecuteHooks]
      "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
      #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll"
      "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
      #### HKCR\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\InprocServer32 @="C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL"

      -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

      [Winlogon]
      "Shell"="Explorer.exe"
      "System"=""
      "Userinit"="C:\WINDOWS\system32\userinit.exe,"
      "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
      "UIHost"=expand:"logonui.exe"
      "LogonType"=dword:00000001
      "WinStationsDisabled"="0"

      [Winlogon\GPExtensions]

      [Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
      "@="Sans fil"
      "DllName"=expand:"gptext.dll"

      [Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
      "@="Folder Redirection"
      "DllName"=expand:"fdeploy.dll"

      [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
      "@="Quota du disque Microsoft"
      "DllName"=expand:"dskquota.dll"

      [Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
      "@="Planificateur de paquets QoS"
      "DllName"=expand:"gptext.dll"

      [Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
      "@="Scripts"
      "DllName"=expand:"gptext.dll"

      [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
      "@="Internet Explorer Zonemapping"
      "DllName"=expand:"iedkcs32.dll"

      [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
      "DllName"=expand:"scecli.dll"
      "@="Security"

      [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
      "DllName"="iedkcs32.dll"
      "@="Internet Explorer Branding"

      [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
      "DllName"=expand:"scecli.dll"
      "@="EFS recovery"

      [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
      "@="Microsoft Offline Files"
      "DllName"=expand:"%SystemRoot%\System32\cscui.dll"

      [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
      "@="Installation de logiciel"
      "DllName"=expand:"appmgmts.dll"

      [Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
      "@="Sécurité IP"
      "DllName"=expand:"gptext.dll"

      [Winlogon\Notify]

      [Winlogon\Notify\crypt32chain]
      "DllName"=expand:"crypt32.dll"

      [Winlogon\Notify\cryptnet]
      "DllName"=expand:"cryptnet.dll"

      [Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"

      [Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"

      [Winlogon\Notify\Schedule]
      "DllName"=expand:"wlnotify.dll"

      [Winlogon\Notify\sclgntfy]
      "DllName"=expand:"sclgntfy.dll"

      [Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"

      [Winlogon\Notify\termsrv]
      "DllName"=expand:"wlnotify.dll"

      [Winlogon\Notify\WgaLogon]
      "DllName"=expand:"WgaLogon.dll"

      [Winlogon\Notify\WgaLogon\Settings]

      [Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"

      [Winlogon\SCLogon]

      [Winlogon\SpecialAccounts]

      [Winlogon\SpecialAccounts\UserList]
      "HelpAssistant"=dword:00000000
      "TsInternetUser"=dword:00000000
      "SQLAgentCmdExec"=dword:00000000
      "NetShowServices"=dword:00000000
      "IWAM_"=dword:00010000
      "IUSR_"=dword:00010000
      "VUSR_"=dword:00010000
      "ASPNET"=dword:00000000

      -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon-----

      [Winlogon]
      "ParseAutoexec"="1"
      "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;Historique;Temp"
      "BuildNumber"=dword:00000a28

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options-----

      [Image File Execution Options\Your Image File Name Here without a path]
      "Debugger"="ntsd -d"

      -----HKLM\System\CurrentControlSet\Control\Session Manager\-----

      [Session Manager]
      "BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00"

      [Session Manager\SubSystems]
      "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

      -----HKLM\SYSTEM\CurrentControlSet\Control\WOW-----

      [WOW]
      "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe"
      "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386"

      -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run-----

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

      [RunOnce]

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices-----

      [RunServices]

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

      [RunServicesOnce]

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce-----

      [RunOnce]

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx-----

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices-----

      [RunServices]

      -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run-----

      -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce-----

      [RunServicesOnce]

      -----HKLM\Software\Microsoft\Command Processor\Autorun-----

      -----HKCU\Software\Microsoft\Command Processor\Autorun-----

      -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load-----

      -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup-----

      -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

      -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon-----

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run-----

      -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms-----

      -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler-----

      [SharedTaskScheduler]
      "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
      #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"
      "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
      #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll"

      -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects-----

      [Browser Helper Objects]

      [Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

      [Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
      #### HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\InprocServer32 @="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"

      [Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
      #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll"

      [Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
      #### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll"

      [Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
      #### HKCR\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\InprocServer32 @="C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll"

      -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks-----

      [URLSearchHooks]
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
      #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll"
      "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=""

      -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig-----

      [MSConfig]

      [MSConfig\services]

      [MSConfig\startupfolder]

      [MSConfig\startupreg]

      [MSConfig\startupreg\94d4f9f9]
      "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
      "item"="asxpmbdj"
      "hkey"="HKLM"
      "command"="rundll32.exe \"C:\WINDOWS\system32\asxpmbdj.dll\",b"
      "inimapping"="0"

      [MSConfig\startupreg\Adobe Reader Speed Launcher]
      "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
      "item"="Reader_sl"
      "hkey"="HKLM"
      "command"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
      "inimapping"="0"

      [MSConfig\startupreg\SigmatelSysTrayApp]
      "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
      "item"="stsystra"
      "hkey"="HKLM"
      "command"="stsystra.exe"
      "inimapping"="0"

      [MSConfig\startupreg\SunJavaUpdateSched]
      "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
      "item"="jusched"
      "hkey"="HKLM"
      "command"="\"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe\""
      "inimapping"="0"

      [MSConfig\state]
      "system.ini"=dword:00000000
      "win.ini"=dword:00000000
      "bootini"=dword:00000000
      "services"=dword:00000000
      "startup"=dword:00000002

      -----HKCU\Control Panel\Desktop\-----

      [Desktop]

      [Desktop\WindowMetrics]

      -----HKEY_CLASSES_ROOT\exefile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\comfile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\batfile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\piffile\shell\open\command-----

      [command]
      @="\"%1\" %*"

      -----HKEY_CLASSES_ROOT\scrFile\shell\open\command-----

      [command]
      @="\"%1\" /S"

      -----HKEY_CLASSES_ROOT\htafile\shell\open\command-----

      [Command]
      @="C:\WINDOWS\system32\mshta.exe \"%1\" %*"

      -----HKEY_CLASSES_ROOT\logfile\shell\open\command-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL-----

      [URL]

      [URL\DefaultPrefix]
      @="http://"

      [URL\Prefixes]
      "ftp"="ftp://"
      "gopher"="gopher://"
      "home"="http://"
      "mosaic"="http://"
      "www"="http://"

      -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa-----

      [Lsa]

      [Lsa\AccessProviders]

      [Lsa\AccessProviders\Windows NT Access Provider]
      "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll"

      [Lsa\Audit]

      [Lsa\Audit\PerUserAuditing]

      [Lsa\Audit\PerUserAuditing\System]

      [Lsa\Data]

      [Lsa\SSO]

      [Lsa\SSO\Passport1.4]
      "SSOURL"="http://www.passport.com"

      [Lsa\SspiCache]

      [Lsa\SspiCache\digest.dll]
      "Name"="Digest"
      "Comment"="Digest SSPI Authentication Package"

      [Lsa\SspiCache\msapsspc.dll]
      "Name"="DPA"
      "Comment"="DPA Security Package"

      [Lsa\SspiCache\msnsspc.dll]
      "Name"="MSN"
      "Comment"="MSN Security Package"

      -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess-----

      [SharedAccess]
      "DependOnGroup"=multi:"\00"
      "DependOnService"=multi:"Netman\00WinMgmt\00\00"
      "Description"="Assure la traduction d'adresses de réseau, l'adressage, les services de résolution de noms et/ou les services de prévention d'intrusion pour un réseau de petite entreprise ou un réseau domestique."
      "DisplayName"="Pare-feu Windows / Partage de connexion Internet"
      "ErrorControl"=dword:00000001
      "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs"
      "ObjectName"="LocalSystem"
      "Start"=dword:00000002
      "Type"=dword:00000020

      [SharedAccess\Epoch]
      "Epoch"=dword:00002d27

      [SharedAccess\Parameters]
      "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll"

      [SharedAccess\Parameters\FirewallPolicy]

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile]

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
      "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
      "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
      "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

      [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
      "26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"

      [SharedAccess\Parameters\FirewallPolicy\RestrictedServices]

      [SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall"=dword:00000001
      "DoNotAllowExceptions"=dword:00000000
      "DisableNotifications"=dword:00000000

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019"
      "C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
      "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000"
      "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
      "C:\Program Files\WYSIWYG\Bin\Wyg.exe"="C:\Program Files\WYSIWYG\Bin\Wyg.exe:*:Enabled:WYG Application"
      "C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe"="C:\Program Files\MA Lighting Technologies\grandMA 3D\GrandMA 3D.exe:*:Enabled:grandMA 3D"
      "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
      "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
      "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
      "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
      "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
      "C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\launcher-win32-golden.exe:*:Enabled:Hog 3PC"
      "C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\server-win32-golden.exe:*:Enabled:Hog 3PC"
      "C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\ob2000-win32-golden.exe:*:Enabled:Hog 3PC"
      "C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\desktop-win32-golden.exe:*:Enabled:Hog 3PC"
      "C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\critical-win32-golden.exe:*:Enabled:Hog 3PC"
      "C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe"="C:\Program Files\Flying Pig Systems\Hog3PC\livecache-win32-golden.exe:*:Enabled:Hog 3PC"
      "C:\kav\kav7.0\english\setup.exe"="C:\kav\kav7.0\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

      [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
      "1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007"
      "2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008"
      "139:TCP"="139:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22004"
      "445:TCP"="445:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22005"
      "137:UDP"="137:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22001"
      "138:UDP"="138:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22002"
      "26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"

      [SharedAccess\Setup]
      "ServiceUpgrade"=dword:00000001

      [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
      "All"=dword:00000001

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2-----

      -----HKLM\Software\Microsoft\Ole-----

      [Ole]
      "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
      "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
      "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
      "EnableDCOM"="Y"

      [Ole\AppCompat]

      [Ole\AppCompat\ActivationSecurityCheckExemptionList]
      "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
      "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
      "{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
      "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

      [Ole\NONREDIST]
      "System.EnterpriseServices.Thunk.dll"=""

      -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\-----

      [AU]

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\-----

      [Security Center]
      "FirstRunDisabled"=dword:00000001
      "AntiVirusDisableNotify"=dword:00000000
      "FirewallDisableNotify"=dword:00000000
      "UpdatesDisableNotify"=dword:00000000
      "AntiVirusOverride"=dword:00000000
      "FirewallOverride"=dword:00000000

      [Security Center\Monitoring]

      [Security Center\Monitoring\AhnlabAntiVirus]

      [Security Center\Monitoring\ComputerAssociatesAntiVirus]

      [Security Center\Monitoring\KasperskyAntiVirus]

      [Security Center\Monitoring\McAfeeAntiVirus]

      [Security Center\Monitoring\McAfeeFirewall]

      [Security Center\Monitoring\PandaAntiVirus]

      [Security Center\Monitoring\PandaFirewall]

      [Security Center\Monitoring\SophosAntiVirus]

      [Security Center\Monitoring\SymantecAntiVirus]

      [Security Center\Monitoring\SymantecFirewall]

      [Security Center\Monitoring\TinyFirewall]

      [Security Center\Monitoring\TrendAntiVirus]

      [Security Center\Monitoring\TrendFirewall]

      [Security Center\Monitoring\ZoneLabsFirewall]

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\-----

      [SystemRestore]
      "DisableSR"=dword:00000000
      "CreateFirstRunRp"=dword:00000001
      "DSMin"=dword:000000c8
      "DSMax"=dword:00000190
      "RPSessionInterval"=dword:00000000
      "RPGlobalInterval"=dword:00015180
      "RPLifeInterval"=dword:0076a700
      "CompressionBurst"=dword:0000003c
      "TimerInterval"=dword:00000078
      "DiskPercent"=dword:0000000c
      "ThawInterval"=dword:00000384
      "RestoreDiskSpaceError"=dword:00000000
      "RestoreStatus"=dword:00000001
      "RestoreSafeModeStatus"=dword:00000000

      [SystemRestore\Cfg]
      "DiskPercent"=dword:0000000c
      "MachineGuid"="{C75D780B-5CD4-494E-AB96-5DA2A6677439}"

      [SystemRestore\SnapshotCallbacks]
      @=""

      -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings-----

      -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\-----

      -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

      [AdvancedOptions]

      -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions-----

      -----HKLM\Software\Microsoft\Active Setup\Installed Components-----

      [Installed Components]

      [Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
      "@="IE7 Uninstall Stub"
      "ComponentID"="IEUDINIT"
      "StubPath"="C:\WINDOWS\system32\ieudinit.exe"

      [Installed Components\>{161C1725-D892-484A-9F8E-41B7C73BAA5F}]
      "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"
      "@="Personnalisation du navigateur"
      "ComponentID"="BRANDING.CAB"

      [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
      "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP"
      "@="Microsoft Windows Media Player"
      "ComponentID"="WMPACCESS"

      [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
      "@="Internet Explorer"
      "ComponentID"="IEACCESS"
      "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig"

      [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
      "@="Browser Customizations"
      "ComponentiD"="BRANDING.CAB"
      "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP"

      [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
      "@="Outlook Express"
      "ComponentID"="OEACCESS"
      "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE"

      [Installed Components\KB910393]
      "@="KB910393"
      "ComponentID"="KB910393"
      "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall"

      [Installed Components\Microsoft Base Smart Card Crypto Provider Package]

      [Installed Components\WriteRegStr]

      [Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
      #### HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"

      [Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
      "@="Viewpoint Media Player"
      "ComponentID"="Viewpoint"

      [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
      "@="Java (Sun)"
      "ComponentID"="JAVAVM"
      "KeyFileName"="C:\Program Files\Java\jre1.6.0_06\bin\regutils.dll"

      [Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0e}]
      "@="Fichier Lisez-moi d'Internet Explorer"
      "ComponentID"="IEREADME"

      [Installed Components\{0fde1f56-0d59-4fd7-9624-e3df6b419d0f}]
      "@="IEEX"
      "ComponentID"="IEEX"

      [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
      "@="Rendu VML (Vector Graphics Rendering)"
      "ComponentID"="MSVML"

      [Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
      "@="Viewpoint Media Player"
      "ComponentID"="Viewpoint"

      [Installed Components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}]
      "@="Microsoft .NET Framework 1.0 Hotfix (KB887998)"
      "ComponentID"="NDPKB887998"

      [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
      #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
      "ComponentID"="NetShow"
      "StubPath"=""

      [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
      #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll"
      "ComponentID"="Windows Media Player"
      "StubPath"=""
      "@="Microsoft Windows Media Player 6.4"

      [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
      "@="DirectAnimation"
      "ComponentID"="DirectAnimation"

      [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
      "@="Themes Setup"
      "ComponentID"="Theme Component"
      "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"

      [Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
      #### HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"

      [Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
      #### HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}\InprocServer32 @="C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll"

      [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
      "@="Liaison de données Dynamic HTML pour Java"
      "ComponentID"="TridataJava"

      [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
      "@="Offline Browsing Pack"
      "ComponentID"="MobilePk"

      [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
      "@="Uniscribe"
      "ComponentID"="USP10"

      [Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
      "@="Media Center"
      "ComponentID"="Media Center Shortcut"
      "StubPath"=expand:"%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf"

      [Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
      "ComponentID"="S867460"
      "@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)"

      [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}]
      "@="Création avancée"
      "ComponentID"="AdvAuth"

      [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
      "@="Microsoft Outlook Express 6"
      "ComponentID"="MailNews"
      "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install"

      [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
      "@="NetMeeting 3.01"
      "ComponentID"="NetMeeting"
      "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT"

      [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
      "@="DirectShow"
      "ComponentID"="activemovie"

      [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
      "@="DirectDrawEx"
      "ComponentID"="DirectDrawEx"

      [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
      "@="Internet Explorer Help"
      "ComponentID"="HelpCont"

      [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
      "@="Classes Java DirectAnimation"
      "ComponentID"="DAJava"

      [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
      "@="Microsoft Windows Script 5.7"
      "ComponentID"="MSVBScript"

      [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
      "KeyFileName"="C:\Program Files\Messenger\msmsgs.exe"
      "@="Windows Messenger 4.7"
      "ComponentID"="Messenger"
      "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser"

      [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
      "(Default)"="Internet Connection Wizard"
      "ComponentID"="ICW"

      [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
      "@="Internet Explorer Setup Tools"
      "ComponentID"="GenSetup"

      [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
      "@="Browsing Enhancements"
      "ComponentID"="ExtraPack"
      "KeyFileName"="C:\WINDOWS\system32\msieftp.dll"

      [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
      #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll"
      "@="Microsoft Windows Media Player"
      "ComponentID"="Microsoft Windows Media Player"
      "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub"

      [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
      "@="MSN Site Access"
      "ComponentID"="MSN_Auth"

      [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
      "ComponentID"=".NETFramework"
      "@=".NET Framework"

      [Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
      "@="Web Folders"
      "ComponentID"="WebFolders"

      [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
      "@="Carnet d'adresses 6"
      "ComponentID"="WAB"
      "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install"

      [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
      "@="Mise à jour du Bureau Windows"
      "ComponentID"="IE4Shell_NT"
      "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"

      [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
      "@="Internet Explorer"
      "ComponentID"="BASEIE40_W2K"
      "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings"

      [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]

      [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
      "ComponentID"="DOTNETFRAMEWORKS"
      "StubPath"="c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install"

      [Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
      "@="Fax"
      "ComponentID"="Fax"
      "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser"

      [Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}]
      "ComponentID"="M928366"
      "@="Microsoft .NET Framework 1.1 Hotfix (KB928366)"

      [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
      "@="Dynamic HTML Data Binding"
      "ComponentID"="Tridata"

      [Installed Components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
      "@="Fax Provider"
      "ComponentID"="Fax Provider"
      "StubPath"="rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider"

      [Installed Components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
      "@=".NET Framework"
      "ComponentID"=".NETFramework"

      [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]

      [Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
      "ComponentID"=".NETFramework"
      "@=".NET Framework"

      [Installed Components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}]
      "@="Microsoft .NET Framework 1.0 Hotfix (KB930494)"
      "ComponentID"="NDPKB930494"

      [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
      "@="Internet Explorer Core Fonts"
      "ComponentID"="Fontcore"

      [Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
      "ComponentID"=".NETFramework"
      "@=".NET Framework"

      [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
      "@="Planificateur de tâches"
      "ComponentID"="MSTASK"

      [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
      "ComponentID"="Windows Movie Maker v2.1"

      [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      "@="Adobe Flash Player"
      "ComponentID"="Flash"

      [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
      "@="HTML Help"
      "ComponentID"="HTMLHelp"

      [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
      "@="Active Directory Service Interface"
      "ComponentID"="ADSI"

      [Installed Components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}]
      "ComponentID"=".NETFramework"
      "@=".NET Framework"

      [Installed Components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}]
      "@="Mise à jours cumulée de sécurité OE Avril 2003"
      "ComponentID"="CUSTOM2"

      [Installed Components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}]
      "@=".NET Framework"
      "ComponentID"=".NETFramework"

      -----Comparing registry keys CCS1 vs CCS2 -----
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services

      Result compared: Identical


      -----Comparing registry keys CCS1 vs CCS3 -----
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY 36000000000000000400000000000000D6A66648A9FE020133000000000000000400000000000000D6A6664800278D003B000000000000000400000000000000D6A6664800229B603A000000000000000400000000000000D6A666480013C68001000000000000000400000000000000D6A66648FFFFFF0035000000000000000100000000000000D6A6664805000000
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {44A97F48-C35D-4E71-8945-283E62E16E51} REG_BINARY FC00000000000000000000000000000024113F4836000000000000000400000000000000E59D6648A9FE020133000000000000000400000000000000E59D664800278D003B000000000000000400000000000000E59D664800229B603A000000000000000400000000000000E59D66480013C68001000000000000000400000000000000E59D6648FFFFFF0035000000000000000100000000000000E59D664805000000
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\HTTP\Parameters\Synchronize
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11559 (0x2D27)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11553 (0x2D21)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters DhcpNameServer REG_SZ 212.27.54.252 212.27.53.252
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213390934 (0x4852E056)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T1 REG_DWORD 1213388645 (0x4852D765)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214362934 (0x4861B536)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} T2 REG_DWORD 1214360645 (0x4861AC45)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295997 (0x13C67D)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{44A97F48-C35D-4E71-8945-283E62E16E51} DhcpRetryTime REG_DWORD 1295998 (0x13C67E)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212094934 (0x483F19D6)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseObtainedTime REG_DWORD 1212092645 (0x483F10E5)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213390934 (0x4852E056)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T1 REG_DWORD 1213388645 (0x4852D765)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214362934 (0x4861B536)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip T2 REG_DWORD 1214360645 (0x4861AC45)
      < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214686934 (0x4866A6D6)
      > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\{44A97F48-C35D-4E71-8945-283E62E16E51}\Parameters\Tcpip LeaseTerminatesTime REG_DWORD 1214684645 (0x48669DE5)

      Result compared: Different


      ===================== SUSPICIOUS FILES =====================
      EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\

      C:\WINDOWS\Nircmd.exe --> is compressed with UPX
      C:\WINDOWS\swreg.exe --> is compressed with UPX
      C:\WINDOWS\swsc.exe --> is compressed with UPX

      ==========================================
      Scan completed in 1,1 minutes
      End of report


      ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
      SystemScan uses some freeware tools that remain property of their authors:

      * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
      * dumphive (Markus Stephany)--> "Registry scan"
      * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
      * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
      ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

      Thanks to all of them for their hard work
      0
  2. Utilisateur anonyme
     
    salut seb :

    Telecharge malwarebytes

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    0
    1. seb
       
      le logiciel malwarebytes analyses il trouve des fichiers infecte je cotinnue et je t'envoie le rapport
      0
  3. Utilisateur anonyme
     
    ok
    0
    1. seb
       
      voici le rapport
      il ya des fichier infecte qu'il n'a pas pu supprime apparament

      Malwarebytes' Anti-Malware 1.12
      Version de la base de données: 793

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 142357
      Temps écoulé: 25 minute(s), 1 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 11
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 11

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\cbXPiFxv.dll (Trojan.Vundo) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxpifxv (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b9ab28fa-ed73-4e5e-ba11-0925d85120d1} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94d4f9f9 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Documents and Settings\Lucie Mothes\Local Settings\Temporary Internet Files\Content.IE5\87134UKN\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP468\A0131286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ctfmona.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\iifeeBSL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nnnnOGVm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\cbXPiFxv.dll (Trojan.Vundo) -> Delete on reboot.
      C:\WINDOWS\system32\geBuVMDT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wvUnOGAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      0
  4. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    Bonjour,pour suivre,,,,,,
    Pour ce qui concerne vundo telecharge et installe Vundofix : http://ftpclubic47.clubic.com/...
    Ensuite installe le logiciel.
    Clique ensuite sur "scan for vundo" et si il trouve des choses tu poura passer a "remove vundo"
    0
    1. sasukedu91 Messages postés 437 Statut Membre 2
       
      sensei vondo ne trouve pas tout donc apres fait un scan bitdefender sur le guide http://www.malekal.com/tutorial_BitDefender_AntiSpyware.html
      0
      1. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68 > sasukedu91 Messages postés 437 Statut Membre
         
        Vundo est un outil spécial pour éradiquer les infection de type vundo.
        Et rien d'autre!
        0
      2. sasukedu91 Messages postés 437 Statut Membre 2 > VIRUS_KILLER Messages postés 2075 Statut Contributeur
         
        ok
        mais en se moment il est pas tres en forme on dirai
        :-)
        0
      3. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68 > sasukedu91 Messages postés 437 Statut Membre
         
        de quoi,qu'est ce qui n'est pas en forme?
        0
      4. sasukedu91 Messages postés 437 Statut Membre 2 > VIRUS_KILLER Messages postés 2075 Statut Contributeur
         
        vundo
        j'ai vue dans un forum que cette version est moin efficace que l'ancienne
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Redémarre le pc si ça n a pas été fais

    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge clean.zip, de Malekal
    http://www.malekal.com/download/clean.zip

    comment l'utiliser
    Tuto
    http://mickael.barroux.free.fr/securite/clean.php

    (1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.

    (2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd

    une fenêtre noire va apparaître pendant un instant, laisse la ouverte.

    (3) Choisis l'option 1 puis patiente
    Poste le rapport obtenu

    pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt.
    et copie/colle le sur ta prochaine réponse .

    Ne passe pas à l'option 2 sans notre avis !
    0
    1. seb
       
      voila le rapport de la fenetre noir


      Merci de lire ce qui suit
      --------------------------

      Veuillez svp envoyer le fichier C:\upload_moi_ELMON.tar.gz a l'adresse
      http://upload.malekal.com
      Ce fichier peut contenir des fichiers infectieux collectes sur votre ordinateur
      Les fichiers mal detectes seront envoyes aux editeurs d'antivirus

      Lorsque vous allez appuyer sur une touche, le site d'envoi de fichiers s'ouvira
      Cliquez alors sur le bouton parcourir, selectionner le fichier C:\upload_moi_ELM
      ON.tar.gz (Poste de travail / Disque C / upload_moi.Zip
      Cliquez sur le bouton "Envoyer le fichier"

      Merci!
      Appuyez sur une touche pour continuer...

      je continue
      0
  7. Utilisateur anonyme
     
    oui continue
    0
    1. seb
       
      voici le rapport clean
      28/05/2008 a 15:03:29,60

      *** Recherche des fichiers dans C:

      *** Recherche des fichiers dans C:\WINDOWS\

      *** Recherche des fichiers dans C:\WINDOWS\system32
      C:\WINDOWS\system32\mcrh.tmp FOUND
      C:\WINDOWS\system32\SpoonUninstall.exe FOUND

      *** Recherche des fichiers dans C:\Program Files
      "C:\Program Files\Viewpoint\" FOUND
      *** Fin du rapport !
      0
  8. Utilisateur anonyme
     
    réouvre clean

    passe l option 2 et envoi le rapport + un rapport hijackthis fais apres passage de clean option 2
    0
    1. seb
       
      voici le nouveau rapport clean

      malwarebytes recherche je t'envoie le rapport apres

      Rapport clean par Malekal_morte - http://www.malekal.com
      Script execute en mode sans echec 28/05/2008 a 15:28:34,67

      Microsoft Windows XP [version 5.1.2600]

      *** Suppression des fichiers dans C:

      *** Suppression des fichiers dans C:\WINDOWS\

      *** Suppression des fichiers dans C:\WINDOWS\system32
      tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
      tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe

      *** Suppression des fichiers dans C:\Program Files
      tentative de suppression de "C:\Program Files\Viewpoint\"

      *** Suppression des clefs du registre effectuee..
      *** Fin du rapport !
      0
  9. Utilisateur anonyme
     
    un rapport hiajckthis stp
    0
  10. seb
     
    voila le rapport je n'avait pas compris pardon

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:57:14, on 28/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\dnetc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
    O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
    O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
    O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
    O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
    O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
    O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [qmoclya] c:\documents and settings\seb elmon\local settings\application data\qmoclya.exe qmoclya
    O4 - HKCU\..\Run: [hhmgkkoc] c:\documents and settings\seb elmon\local settings\application data\hhmgkkoc.exe hhmgkkoc
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    0
  11. Utilisateur anonyme
     
    y a encore des petites bebetes

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. seb
       
      desole j'ai du m'absenter
      voici le rapport combofix

      ComboFix 08-05-27.4 - Seb Elmon 2008-05-28 16:24:04.2 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.625 [GMT 2:00]
      Endroit: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\QTWMCI32.DLL
      .
      ---- Previous Run -------
      .
      c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
      c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
      c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
      C:\WINDOWS\BM97e7ca65.xml
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\AdMWaccf.ini
      C:\WINDOWS\system32\AdMWaccf.ini2
      C:\WINDOWS\system32\cKTELkkj.ini
      C:\WINDOWS\system32\cKTELkkj.ini2
      C:\WINDOWS\system32\ddMWFfhk.ini
      C:\WINDOWS\system32\ddMWFfhk.ini2
      C:\WINDOWS\system32\giqtavhy.ini
      C:\WINDOWS\system32\gkvfmbsl.ini
      C:\WINDOWS\system32\gPXaaGgh.ini
      C:\WINDOWS\system32\gPXaaGgh.ini2
      C:\WINDOWS\system32\hmxgdjvf.ini
      C:\WINDOWS\system32\jdbmpxsa.ini
      C:\WINDOWS\system32\jelajdan.ini
      C:\WINDOWS\system32\jincxnjm.ini
      C:\WINDOWS\system32\kgdwbmfi.ini
      C:\WINDOWS\system32\NWGOonmp.ini
      C:\WINDOWS\system32\NWGOonmp.ini2
      C:\WINDOWS\system32\RuwDKnpo.ini
      C:\WINDOWS\system32\RuwDKnpo.ini2
      C:\WINDOWS\system32\syujytyu.ini
      C:\WINDOWS\system32\tar.exe
      C:\WINDOWS\system32\vsaqehrd.ini
      C:\WINDOWS\system32\vuttDJlm.ini
      C:\WINDOWS\system32\vuttDJlm.ini2
      C:\WINDOWS\system32\wvFhgMoq.ini
      C:\WINDOWS\system32\wvFhgMoq.ini2

      .
      ((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-28 15:03 . 2008-05-28 15:03 640,432 --a------ C:\upload_moi_ELMON.tar.gz
      2008-05-28 12:26 . 2008-05-28 12:26 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\Malwarebytes
      2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-05-28 12:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-05-28 12:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-05-22 11:18 . 2008-05-22 11:18 <REP> d-------- C:\kav
      2008-05-21 19:56 . 2008-05-21 19:56 <REP> d-------- C:\VundoFix Backups
      2008-05-10 15:00 . 2008-05-10 15:00 1 --a------ C:\WINDOWS\system32\kr_done1de
      2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\Program Files\FileZilla FTP Client
      2008-05-08 14:41 . 2008-05-08 15:16 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\FileZilla
      2008-04-28 18:42 . 2008-04-28 18:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-04-28 18:42 . 2008-04-28 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Lavasoft
      2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-04-28 16:41 . 2008-04-28 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-22 09:20 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\uTorrent
      2008-05-22 08:18 --------- d-----w C:\Program Files\eMule
      2008-05-15 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-05-09 10:51 --------- d-----w C:\Program Files\Luxor 3
      2008-05-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-04-24 13:10 --------- d-----w C:\Program Files\Services en ligne
      2008-04-24 11:35 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Flying Pig Systems
      2008-04-24 11:31 --------- d-----w C:\Program Files\Flying Pig Systems
      2008-04-24 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flying Pig Systems
      2008-04-19 09:26 --------- d-----w C:\Documents and Settings\Lucie Mothes\Application Data\Samsung
      2008-04-18 16:06 --------- d-----w C:\Program Files\MSBuild
      2008-04-18 16:03 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
      2008-04-17 23:43 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Samsung
      2008-04-17 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-04-17 23:36 --------- d-----w C:\Program Files\Samsung
      2008-04-17 23:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
      2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft.NET
      2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft Works
      2008-04-14 22:48 --------- d-----w C:\Program Files\uTorrent
      2008-04-14 22:35 --------- d-----w C:\Program Files\Dell
      2008-04-14 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar
      2008-04-14 22:25 --------- d-----w C:\Program Files\Windows Desktop Search
      2008-04-14 22:17 --------- d-----w C:\Program Files\Java
      2008-04-14 22:16 --------- d-----w C:\Program Files\Google
      2008-04-13 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-09 18:19 --------- d-----w C:\Program Files\Resco
      2008-04-09 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
      2008-04-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
      2008-04-09 17:32 --------- d-----w C:\Program Files\Jewel Quest
      2008-04-09 13:59 --------- d-----w C:\Program Files\MSN Messenger
      2008-04-09 13:26 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-04-09 13:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-04-04 18:11 --------- d-----w C:\Program Files\Yacht
      2008-03-31 11:00 --------- d-----w C:\Program Files\WYSIWYG
      2008-03-31 09:04 --------- d-----w C:\Program Files\PDFCreator
      2008-03-31 09:03 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1890.exe
      2008-03-31 09:03 15,397 ----a-w C:\Program Files\settings.dat
      2008-03-31 09:03 --------- d-----w C:\Program Files\PDFCreator Toolbar
      2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
      2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
      2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
      2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2006-06-06 14:50 88 --sh--r C:\WINDOWS\system32\AD353251F9.sys
      2006-06-06 14:50 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
      C:\WINDOWS\system32\mlJDttuv.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
      C:\WINDOWS\system32\qoMghFvw.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
      C:\WINDOWS\system32\pmnoOGWN.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
      C:\WINDOWS\system32\opnKDwuR.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
      C:\WINDOWS\system32\jkkLETKc.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
      "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
      "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
      "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
      "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
      "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
      "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
      "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
      "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
      "94d4f9f9"="C:\WINDOWS\system32\asxpmbdj.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\uTorrent\\utorrent.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
      "C:\\Program Files\\MA Lighting Technologies\\grandMA 3D\\GrandMA 3D.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
      "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\launcher-win32-golden.exe"=
      "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\server-win32-golden.exe"=
      "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\ob2000-win32-golden.exe"=
      "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\desktop-win32-golden.exe"=
      "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\critical-win32-golden.exe"=
      "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\livecache-win32-golden.exe"=
      "C:\\kav\\kav7.0\\english\\setup.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
      R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
      R3 msloop;FPS Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
      S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2006-06-07 14:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
      - C:\WINDOWS\system32\OOBE\oobebaln.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-28 16:25:01
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-28 16:25:47
      ComboFix-quarantined-files.txt 2008-05-28 14:25:33

      Pre-Run: 113,792,741,376 octets libres
      Post-Run: 113,785,692,160 octets libres

      202 --- E O F --- 2008-05-28 09:46:02
      0
  12. Utilisateur anonyme
     
    ok

    refais un scan hijackthis et poste le rapport stp

    ensuite je regarde tout ça et je te dis la suite
    0
  13. seb
     
    voila
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:12:25, on 28/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\dnetc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
    O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
    O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
    O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
    O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
    O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
    O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    0
  14. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
    c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
    c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
    C:\WINDOWS\system32\AdMWaccf.ini2
    C:\WINDOWS\system32\cKTELkkj.ini2
    C:\WINDOWS\system32\gPXaaGgh.ini2
    C:\WINDOWS\system32\NWGOonmp.ini2
    C:\WINDOWS\system32\RuwDKnpo.ini2
    C:\WINDOWS\system32\vuttDJlm.ini2
    C:\WINDOWS\system32\wvFhgMoq.ini2
    C:\WINDOWS\system32\ddMWFfhk.ini2
    C:\WINDOWS\system32\AD353251F9.sys
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\WINDOWS\system32\asxpmbdj.dll
    C:\WINDOWS\system32\mlJDttuv.dll
    C:\WINDOWS\system32\qoMghFvw.dll
    C:\WINDOWS\system32\pmnoOGWN.dll
    C:\WINDOWS\system32\opnKDwuR.dll
    C:\WINDOWS\system32\jkkLETKc.dll

    Folder::
    C:\WINDOWS\system32\kr_done1de

    Registry::
    HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
    [HEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  15. seb
     
    pas de redemarage

    ComboFix 08-05-27.4 - Seb Elmon 2008-05-28 18:37:42.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00]
    Endroit: C:\Documents and Settings\Seb Elmon\Mes documents\logiciel ordi\ComboFix.exe
    Command switches used :: C:\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc.dat
    c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_nav.dat
    c:\Documents and Settings\Seb Elmon\Local Settings\Application Data\hhmgkkoc_navps.dat
    C:\WINDOWS\system32\AD353251F9.sys
    C:\WINDOWS\system32\AdMWaccf.ini2
    C:\WINDOWS\system32\asxpmbdj.dll
    C:\WINDOWS\system32\cKTELkkj.ini2
    C:\WINDOWS\system32\ddMWFfhk.ini2
    C:\WINDOWS\system32\gPXaaGgh.ini2
    C:\WINDOWS\system32\jkkLETKc.dll
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\WINDOWS\system32\mlJDttuv.dll
    C:\WINDOWS\system32\NWGOonmp.ini2
    C:\WINDOWS\system32\opnKDwuR.dll
    C:\WINDOWS\system32\pmnoOGWN.dll
    C:\WINDOWS\system32\qoMghFvw.dll
    C:\WINDOWS\system32\RuwDKnpo.ini2
    C:\WINDOWS\system32\vuttDJlm.ini2
    C:\WINDOWS\system32\wvFhgMoq.ini2
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\AD353251F9.sys
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\WINDOWS\system32\kr_done1de\

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-28 15:03 . 2008-05-28 15:03 640,432 --a------ C:\upload_moi_ELMON.tar.gz
    2008-05-28 12:26 . 2008-05-28 12:26 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\Malwarebytes
    2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-28 12:25 . 2008-05-28 12:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-28 12:25 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-28 12:25 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-22 11:18 . 2008-05-22 11:18 <REP> d-------- C:\kav
    2008-05-21 19:56 . 2008-05-21 19:56 <REP> d-------- C:\VundoFix Backups
    2008-05-10 15:00 . 2008-05-10 15:00 1 --a------ C:\WINDOWS\system32\kr_done1de
    2008-05-08 14:41 . 2008-05-08 14:41 <REP> d-------- C:\Program Files\FileZilla FTP Client
    2008-05-08 14:41 . 2008-05-08 15:16 <REP> d-------- C:\Documents and Settings\Seb Elmon\Application Data\FileZilla
    2008-04-28 18:42 . 2008-04-28 18:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-28 18:42 . 2008-04-28 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-28 16:41 . 2008-04-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-28 16:41 . 2008-04-28 16:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-22 09:20 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\uTorrent
    2008-05-22 08:18 --------- d-----w C:\Program Files\eMule
    2008-05-15 08:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-09 10:51 --------- d-----w C:\Program Files\Luxor 3
    2008-05-02 10:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-24 13:10 --------- d-----w C:\Program Files\Services en ligne
    2008-04-24 11:35 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Flying Pig Systems
    2008-04-24 11:31 --------- d-----w C:\Program Files\Flying Pig Systems
    2008-04-24 11:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flying Pig Systems
    2008-04-19 09:26 --------- d-----w C:\Documents and Settings\Lucie Mothes\Application Data\Samsung
    2008-04-18 16:06 --------- d-----w C:\Program Files\MSBuild
    2008-04-18 16:03 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-04-17 23:43 --------- d-----w C:\Documents and Settings\Seb Elmon\Application Data\Samsung
    2008-04-17 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-17 23:36 --------- d-----w C:\Program Files\Samsung
    2008-04-17 23:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-04-17 23:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
    2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft.NET
    2008-04-14 23:01 --------- d-----w C:\Program Files\Microsoft Works
    2008-04-14 22:48 --------- d-----w C:\Program Files\uTorrent
    2008-04-14 22:35 --------- d-----w C:\Program Files\Dell
    2008-04-14 22:28 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-04-14 22:25 --------- d-----w C:\Program Files\Windows Desktop Search
    2008-04-14 22:17 --------- d-----w C:\Program Files\Java
    2008-04-14 22:16 --------- d-----w C:\Program Files\Google
    2008-04-13 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-04-09 18:19 --------- d-----w C:\Program Files\Resco
    2008-04-09 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
    2008-04-09 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
    2008-04-09 17:32 --------- d-----w C:\Program Files\Jewel Quest
    2008-04-09 13:59 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-09 13:26 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-04-09 13:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-04-04 18:11 --------- d-----w C:\Program Files\Yacht
    2008-03-31 11:00 --------- d-----w C:\Program Files\WYSIWYG
    2008-03-31 09:04 --------- d-----w C:\Program Files\PDFCreator
    2008-03-31 09:03 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_1890.exe
    2008-03-31 09:03 15,397 ----a-w C:\Program Files\settings.dat
    2008-03-31 09:03 --------- d-----w C:\Program Files\PDFCreator Toolbar
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29AB2B5B-392D-45C9-B323-CF4F65B07E7F}]
    C:\WINDOWS\system32\mlJDttuv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43FFFA70-B75A-4EDE-9B27-380F4B61B200}]
    C:\WINDOWS\system32\qoMghFvw.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AA5DEF4-A3F5-406E-B4B6-BA981B331C26}]
    C:\WINDOWS\system32\pmnoOGWN.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{522E0112-EDD9-413D-A99E-C311A54B6676}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86959FE0-462B-4162-9ED9-402A78B7C9F9}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87EAA548-F021-4B07-872E-309CF96E204A}]
    C:\WINDOWS\system32\opnKDwuR.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2750932-B7C1-4B2C-A2C9-32CA193D702E}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E335D7C5-C8B8-41EC-AAAF-A75DEA707C93}]
    C:\WINDOWS\system32\jkkLETKc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F43C3FF0-479C-495C-AA43-5275FA825372}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
    "MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [ ]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-21 01:20 1211176]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
    "ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
    "94d4f9f9"="C:\WINDOWS\system32\asxpmbdj.dll" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\WYSIWYG\\Bin\\Wyg.exe"=
    "C:\\Program Files\\MA Lighting Technologies\\grandMA 3D\\GrandMA 3D.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\launcher-win32-golden.exe"=
    "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\server-win32-golden.exe"=
    "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\ob2000-win32-golden.exe"=
    "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\desktop-win32-golden.exe"=
    "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\critical-win32-golden.exe"=
    "C:\\Program Files\\Flying Pig Systems\\Hog3PC\\livecache-win32-golden.exe"=
    "C:\\kav\\kav7.0\\english\\setup.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
    R3 msloop;FPS Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2006-06-07 14:45:11 C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job"
    - C:\WINDOWS\system32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-28 18:38:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-28 18:39:19
    ComboFix-quarantined-files.txt 2008-05-28 16:39:07
    ComboFix2.txt 2008-05-28 14:25:48

    Pre-Run: 113,749,393,408 octets libres
    Post-Run: 113,741,541,376 octets libres

    195 --- E O F --- 2008-05-28 09:46:02

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:50:06, on 28/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\dnetc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
    O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
    O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
    O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
    O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
    O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
    O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    0
  16. Utilisateur anonyme
     
    ok il reste un truc a verifé .....

    mais avant un peux de ménage s impose :

    réouvre hijackthis
    fais scan only
    coche toutes ces lignes :

    O2 - BHO: (no name) - {29AB2B5B-392D-45C9-B323-CF4F65B07E7F} - C:\WINDOWS\system32\mlJDttuv.dll (file missing)
    O2 - BHO: (no name) - {43FFFA70-B75A-4EDE-9B27-380F4B61B200} - C:\WINDOWS\system32\qoMghFvw.dll (file missing)
    O2 - BHO: (no name) - {4AA5DEF4-A3F5-406E-B4B6-BA981B331C26} - C:\WINDOWS\system32\pmnoOGWN.dll (file missing)
    O2 - BHO: (no name) - {522E0112-EDD9-413D-A99E-C311A54B6676} - (no file)

    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)

    O2 - BHO: (no name) - {86959FE0-462B-4162-9ED9-402A78B7C9F9} - (no file)
    O2 - BHO: (no name) - {87EAA548-F021-4B07-872E-309CF96E204A} - C:\WINDOWS\system32\opnKDwuR.dll (file missing)

    O2 - BHO: (no name) - {D2750932-B7C1-4B2C-A2C9-32CA193D702E} - (no file)
    O2 - BHO: (no name) - {E335D7C5-C8B8-41EC-AAAF-A75DEA707C93} - C:\WINDOWS\system32\jkkLETKc.dll (file missing)
    O2 - BHO: (no name) - {F43C3FF0-479C-495C-AA43-5275FA825372} - (no file)

    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab

    tu les coches et tu clic sur fix checked

    ensuite désinstal java car pas a jours et telecharge et instal cette version :

    https://www.java.com/fr/download/manual.jsp

    ensuite :

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    https://www.avira.com/en/prime

    http://mickael.barroux.free.fr/securite/antivir.php
    http://speedweb1.free.fr/frames2.php?page=tuto5

    Pour désinstaller Avast telecharge cet outil

    https://www.avast.com/fr-fr/uninstall-utility

    telecharge Ccleaner :

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    instal le sans la barre yahoo

    fais lancer le nettoyage

    repete l opération jusqu a ce qu il trouve rien

    ensuite fais registre

    fais chercher les erreures

    ensuite fais corriger les erreures

    repete l opération jusqu a ce qu il trouve rien

    et pour finir :

    Rend toi sur ce site :
    http://www.virustotal.com/xhtml/virustotal_en.html
    Clik sur parcourir
    Recherche ceci :

    C:\WINDOWS\system32\asxpmbdj.dll

    Clik send et colle le rapport sur le forum stp
    0
  17. seb
     
    j'ai tout fait sauf la fin car je ne trouve pas C:\WINDOWS\system32\asxpmbdj.dll dans parcourir du logiciel fourni par ton lien
    0
  18. Utilisateur anonyme
     
    parfais

    j ai fais ma recherche de mon coté a son sujet

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la ligne qui se trouve ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\WINDOWS\system32\asxpmbdj.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
  19. seb
     
    File/Folder C:\WINDOWS\system32\asxpmbdj.dll not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_204237
    0
  20. Utilisateur anonyme
     
    ok refais un scan hijackthis et poste le rapport stp
    0
  21. seb
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:51:36, on 28/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\dnetc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\DOCUME~1\SEBELM~1\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fmsger%2ftabs%2f_pictos%2fcoca%2fPictoCoke02.png%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [94d4f9f9] rundll32.exe "C:\WINDOWS\system32\asxpmbdj.dll",b
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: distributed.net client (dnetc) - Distributed Computing Technologies, Inc. - C:\WINDOWS\dnetc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    0
  • 1
  • 2
  • 3