' VK_scan.exe ' [Résolu/Fermé]

Signaler
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008
-
 moi meme -
Bonjour,
voila j ai un petit soucis avec mn pc.
J ai ouvert un mail et biensur bang !!! virus !!
depuis j ai spy bot qui analyse sans cesse, des pages de jeux en pub, des pages de pub de casino...
bref, j ai essayé beaucoup de chose...
j ai installé Viruskeeper et lorsque je fais une analyse complete ou approfondie, il m note: violation d' acces à l adresse00402b43 dans le module ' vk_scan.exe' ....
merci de m aider..
Trizio ...

64 réponses

Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

Merci Léo j y cours !!!
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

Léo je l ai fais!!! ok .
Mais j ai encore plus peur...
j ai un rapport je le depose ?

merci a+
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

slt
bon ca a l air d aller
mais je n ai plus la meme configuration
cad
mon window n est plus pareil, je n ai plus la colone de gauche
Merci...

ouui
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

slt merci de me repondre !!!
Mais l analyse s est arretée...
voici ce qu il en est sorti

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 813

00:42:14 02/06/2008
mbam-log-6-2-2008 (00-42-14).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 154565
Temps écoulé: 33 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 25

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ykjkkysh.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\nnnllKBt.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\fccdcYrR.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{30bed1e9-6404-47c8-ba48-ccfb5684a366} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30bed1e9-6404-47c8-ba48-ccfb5684a366} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdcyrr (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iebrowsercmp.browsercmp.1 (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d8282e6-bc4f-469b-aaed-7e4ff077ad93} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e015787-b1e3-404a-95de-3e71e1fa0305} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\AdvRemoteDbg (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\laughnetwork (Hijacker.Searchnut) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\08e6c37d (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3095d50f-f1ba-4bbc-a54d-819eeb7e0898} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM0bd5f0e1 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnllkbt -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\contexttool (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\laughnetwork (Hijacker.Searchnut) -> Quarantined and deleted successfully.
C:\Program Files\laughnetwork\Temp (Hijacker.Searchnut) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ykjkkysh.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nnnllKBt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccdcYrR.dll (Trojan.Vundo) -> Delete on reboot.
C:\kl.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\KCTQ8Y9E\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\KCTQ8Y9E\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\KCTQ8Y9E\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP281\A0075770.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP284\A0076468.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP285\A0076555.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP285\A0076558.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP285\A0076744.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krclxaqs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnommmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\ContextHelper.dat (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\pcre3.dll (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\contexttool\uninstall.exe (Adware.PlayaZ) -> Quarantined and deleted successfully.
C:\Program Files\laughnetwork\Temp\license.txt (Hijacker.Searchnut) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejkvdluj.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUOHYpp.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patrizio\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008
>
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

je viens de refaire une analyse et ca donne :
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 813

08:40:33 02/06/2008
mbam-log-6-2-2008 (08-40-33).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 124324
Temps écoulé: 19 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079186.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079187.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdcYrR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnllKBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ykjkkysh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

voici l analyse de navilog
Search Navipromo version 3.5.7 commencé le 02/06/2008 à 9:25:27,40

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Patrizio"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Patrizio\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Patrizio\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Patrizio\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Patrizio\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Patrizio\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\adLRYcfe.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\adMTDJjl.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\cLUxyGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\EeMnmnmp.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\JikUCJlm.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\JTAadcdd.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\oVwFOXbc.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\tBKllnnn.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\uvwwyccf.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\vGNXayay.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\wyayaGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 02/06/2008 à 9:29:57,82 ***


Merci...

• Télécharger VundoFix.exe

http://www.atribune.org/public-beta/VundoFix.exe


Utilise VundoFix (de Atribune)
• Mettre le fichier VundoFix.exe sur le Bureau Windows.
• Fermer tous les programmes car il va y avoir arrêt du PC.
• double clic sur VundoFix.exe
(les droits administratifs sont nécessaires sinon les accès dont à besoin VundoFix.exe lui seront refusés)
• Click sur le bouton Scan for Vundo
• Click sur le bouton Remove Vundo lorsque le balayage (scan) est terminé,
• Click sur Yes sur l'invite de demande de suppression de fichiers s'il y a infection,
Le Bureau va disparaitre un moment lors de la suppression des fichiers
Une fenêtre annonce que le PC va redémarrer:
• Click sur OK
• Copier/coller le contenu du rapport situé dans C:\vundofix.txt + un rapport HitJackThis

Note:
Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer.
Si tel est le cas, l'outil se lancera au prochain redémarrage.
Il faut simplement suivre les instructions ci-dessus, à partir de :
Click sur le bouton Scan for Vundo.
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

slt
comme reponse j ai : done searching for files. No infected were found...
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

Logfile of HijackThis v1.99.1
Scan saved at 17:24:21, on 02/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {4ee2e39d-be14-c1e8-7934-9866b6cc6541} - {1456cc6b-6689-4397-8e1c-41ebd93e2ee4} - C:\WINDOWS\system32\lyxpxsdp.dll
O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

non pas un log hijackthis mais un log de Vundofix :D
Messages postés
10
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
3 juin 2008

? dsl je ne suis pas la !!!

Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici avec l'autre


------------------------


Passe en mode sans echec et refait un passage de MBAM :

https://www.malekal.com/demarrer-windows-mode-sans-echec/

poste moi les rapports
[06/03/2008, 16:52:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Patrizio\Mes documents\VirtumundoBeGone.exe" )
[06/03/2008, 16:52:04] - Detected System Information:
[06/03/2008, 16:52:04] - Windows Version: 5.1.2600, Service Pack 2
[06/03/2008, 16:52:04] - Current Username: Patrizio (Admin)
[06/03/2008, 16:52:04] - Windows is in NORMAL mode.
[06/03/2008, 16:52:04] - Searching for Browser Helper Objects:
[06/03/2008, 16:52:04] - BHO 1: {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - No filename found. Continuing.
[06/03/2008, 16:52:04] - BHO 2: {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - No filename found. Continuing.
[06/03/2008, 16:52:04] - BHO 3: {2F47D105-79FF-4659-B6DE-3C86998E5AA8} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - Checking for HKLM\...\Winlogon\Notify\mlJCUkiJ
[06/03/2008, 16:52:04] - Key not found: HKLM\...\Winlogon\Notify\mlJCUkiJ, continuing.
[06/03/2008, 16:52:04] - BHO 4: {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - Checking for HKLM\...\Winlogon\Notify\cbXOFwVo
[06/03/2008, 16:52:04] - Key not found: HKLM\...\Winlogon\Notify\cbXOFwVo, continuing.
[06/03/2008, 16:52:04] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/03/2008, 16:52:04] - BHO 6: {5B4B2D5C-F77E-4769-B24D-C198133C9034} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - No filename found. Continuing.
[06/03/2008, 16:52:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/03/2008, 16:52:04] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - No filename found. Continuing.
[06/03/2008, 16:52:04] - BHO 9: {A5F20A06-9BE5-467B-B19B-6E755A411459} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - No filename found. Continuing.
[06/03/2008, 16:52:04] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/03/2008, 16:52:04] - BHO 11: {D1E461F4-F5B7-4EF6-8B39-273A84704689} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - No filename found. Continuing.
[06/03/2008, 16:52:04] - BHO 12: {F97109E3-C041-4B16-9E5B-83F1905267D8} ()
[06/03/2008, 16:52:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/03/2008, 16:52:04] - No filename found. Continuing.
[06/03/2008, 16:52:04] - Finished Searching Browser Helper Objects
[06/03/2008, 16:52:04] - Finishing up...
[06/03/2008, 16:52:04] - Nothing found! Exiting...
slt en plus maintenant j ai :
roolkit-gen

post moi un rapport hijackthis mais avant :

· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).


---------------------


télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html


Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif

Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


-------------------


redémarre en mode sans echec :

https://www.malekal.com/demarrer-windows-mode-sans-echec/


refait un scan avec MBAM


---------------------------


Va sur ce site , /!\ Internet Explorer obligatoire /!\ (https://www.bitdefender.com/toolbox/ Clique sur ' J'accepte ' , Installe les ActiveX si necessaire ,et vérifie si ils sont bien configurés(http://www.inoculer.com/activex.php3 Clique sur ' installer ' puis ' click here to scan '( ou : cliquez ici pour scanner ).
Et poste moi le rapport. ( qui se trouve ici -> C:\windows\bdoscan8\scanres.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tutorial : http://pageperso.aol.fr/loraline60/bitdefender_scan.htm


---------------------------------


As tu toujours des pages de pubs intempestives ?
c vrai que je n ai plus de pub ;)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:04, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Patrizio\Local Settings\Temporary Internet Files\Content.IE5\G7311UG1\ToolsCleaner2[1].exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

ok je regarderai le log ce soir, post les autres log en attendant
j ai fais ce que tu m as dis en mode sans echec mais cela n a pas du fonctionner!
car je n arrivais plus a demarer en mode normal
donc j ai fais le chemin inverse !!!
Logfile of HijackThis v1.99.1
Scan saved at 14:18:50, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

________________________________________________________________________________________
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 820

14:40:04 04/06/2008
mbam-log-6-4-2008 (14-40-04).txt

Type de recherche: Examen rapide
Eléments examinés: 43854
Temps écoulé: 3 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Bonjour,
Ma premiere question :
As tu executer Toolcleaner ? car ton dernier post de hijack me montre la version 1.99.1 de Hijack ?

post moi le rapport de toolscleaner


puis execute bien toute les instructions que j'ai mis dans le post 17

/!\ il est important d'avoir les toutes dernières versions /!\
slt voila c tout ce qu il me donne...
-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Patrizio\Bureau\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

ok clik sur suppression puis fait la suite du poste pour réinstaller une version a jour de hijack ;)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:30, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe

ok on avance ;)

relance hijackthis, coches les cases devant ces lignes puis clique sur fix checked et post un nouveau log :

O2 - BHO: (no name) - {24E3C8CB-4AC3-4749-8379-A93DDAEB118E} - (no file)
O2 - BHO: (no name) - {2E245A49-2EA9-4EF6-BC37-D47C7138DC1F} - (no file)
O2 - BHO: (no name) - {2F47D105-79FF-4659-B6DE-3C86998E5AA8} - C:\WINDOWS\system32\mlJCUkiJ.dll (file missing)
O2 - BHO: (no name) - {46F5C749-9FB0-4FEB-8F90-E3BE84D1B8E0} - C:\WINDOWS\system32\cbXOFwVo.dll (file missing)

O2 - BHO: (no name) - {5B4B2D5C-F77E-4769-B24D-C198133C9034} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5F20A06-9BE5-467B-B19B-6E755A411459} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D1E461F4-F5B7-4EF6-8B39-273A84704689} - (no file)
O2 - BHO: (no name) - {F97109E3-C041-4B16-9E5B-83F1905267D8} - (no file)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)


------------------------


Ensuite passe en mode sans echec et effectue un scan complet avec MBAM.

mode sans echec :

https://www.malekal.com/demarrer-windows-mode-sans-echec/


---------------------------


peux tu téléchargé GenProc :

http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau

Ensuite dézippe le dossier puis double-clique sur le fichier GenProc.bat

Une fois qu'il a finit son analyse post le log qui vient de s'ouvrir dans Bloc note et reviens poster le log ici.
(Suit les instructions une fois que tu m'auras posté le log)


Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
Logfile of HijackThis v1.99.1
Scan saved at 18:04:45, on 04/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_scanprocess.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 820

20:40:33 04/06/2008
mbam-log-6-4-2008 (20-40-33).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 155690
Temps écoulé: 2 hour(s), 29 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079211.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079212.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7D21A8E9-E3FC-4DAF-AC5F-F99A642D0E9E}\RP290\A0079213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Rapport GenProc 1.968 [1] effectué le 04/06/2008 à 20:55:30,92 - Windows XP

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- Lop S&D.exe (Eric 71 & Angeldark) https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 sur ton bureau.

- VundoFix.exe (Atribune) http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau

- combofix.exe (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau

- SmitfrauFix (S!Ri) http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* double-clique sur le fichier "smitfraudfix.exe" et choisis l'option 1, il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

- MSNFix.zip (!aur3n7) http://sosvirus.changelog.fr/MSNFix.zip et décompresse-le sur le Bureau.


***** Copie la suite de la procédure dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ (choisis ta session courante "Patrizio") *****


# Etape 2/

* Double-clique VundoFix.exe afin de le lancer, puis clique sur le bouton "Scan for Vundo". Lorsque le scan est complété, clique sur le bouton "Fix Vundo", une invite te demandera si tu veux supprimer les fichiers, clique YES : le Bureau disparaîtra un moment lors de la suppression des fichiers. Tu verras une invite qui t'annonce que ton PC va redémarrer : clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

* Double clique combofix.exe. Tape sur la touche Y (Yes) pour démarrer le scan ; lorsque le scan sera complété, un rapport apparaîtra.

# Etape 3/

Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

# Etape 4/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.

# Etape 5/

Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

# Etape 6/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 7/

Redémarre normalement et poste, dans la même réponse :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;
- Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
- Le contenu du rapport MSNfix situé sur le Bureau ;
- Le contenu du rapport C:\lopR.txt ;


Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
SmitFraudFix v2.323

Rapport fait à 21:16:53,31, 04/06/2008
Executé à partir de C:\Documents and Settings\Patrizio\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrizio


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrizio\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Patrizio\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
le mode sans echec n a pas fontioné avec vundo
apres combo le pc s est etint
et je suis revenu en mode normal !!!!
:(
j ai le log de combo

ton mode sans echec fonctionne t il ou tu rencontre des problèmes ?

peux tu me poster le log de combo ?

As tu réussi a faire la suite ?
bonjour, je n ai pas pu faire la suite non...
je v essayer de continuer aujourd hui ?
c le log de combo:
ComboFix 08-06-03.4 - Patrizio 2008-06-04 21:43:47.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1706 [GMT 2:00]
Endroit: C:\Documents and Settings\Patrizio\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Patrizio\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 21:25 . 2008-06-04 21:25 <REP> d-------- C:\VundoFix Backups
2008-06-04 21:01 . 2008-06-04 21:01 <REP> d-------- C:\Lop SD
2008-06-04 13:33 . 2008-06-04 13:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-04 13:20 . 2007-08-31 16:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-04 13:20 . 2007-08-31 17:32 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-04 13:20 . 2008-06-04 13:20 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-04 11:24 . 2008-06-04 17:15 <REP> d-------- C:\Program Files\Trend Micro
2008-06-04 11:13 . 2008-06-04 18:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-04 11:13 . 2008-06-04 11:13 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Tools
2008-06-04 11:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-04 11:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-04 11:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-04 11:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-03 18:16 . 2008-06-04 21:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 17:24 . 2008-06-04 18:04 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-06-01 23:49 . 2008-06-04 11:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Malwarebytes
2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 23:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 23:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Program Files\Shareaza
2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Shareaza
2008-05-29 19:35 . 2008-06-04 17:05 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\skypePM
2008-05-29 19:35 . 2008-05-29 19:35 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-29 19:33 . 2008-06-04 21:10 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-29 18:53 . 2008-06-02 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 18:53 . 2008-05-29 18:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-29 09:50 . 2008-05-29 09:50 <REP> d-------- C:\Program Files\AxBx
2008-05-29 09:45 . 2008-05-29 16:59 <REP> d-------- C:\Program Files\Panda Security
2008-05-28 16:59 . 2008-05-28 16:59 <REP> d-------- C:\Program Files\Lavasoft
2008-05-28 16:59 . 2008-05-28 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 16:58 . 2008-05-28 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-28 12:20 . 2008-05-28 12:20 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-05-28 12:17 . 2005-06-15 02:17 427,520 --a------ C:\WINDOWS\WRServices.dll
2008-05-28 11:52 . 2008-05-28 11:52 <REP> d--hs---- C:\ProtectionConue
2008-05-28 11:52 . 2008-05-28 11:52 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\ProtectionConue
2008-05-28 11:52 . 2008-05-28 11:52 <REP> dr-h----- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-26 13:38 . 2008-05-26 15:47 <REP> d-------- C:\Documents and Settings\Patrizio\.housecall6.6
2008-05-25 22:34 . 2008-05-25 22:43 <REP> d-------- C:\WINDOWS\system32\vntiho18
2008-05-25 21:18 . 2008-05-25 22:21 <REP> d-------- C:\WINDOWS\system32\xnA
2008-05-25 21:18 . 2008-05-29 09:34 <REP> d-------- C:\WINDOWS\system32\vntiho05
2008-05-25 21:18 . 2008-05-26 08:27 <REP> d-------- C:\WINDOWS\system32\brW
2008-05-25 21:18 . 2008-05-25 22:14 <REP> d-------- C:\WINDOWS\system32\3056v
2008-05-25 21:18 . 2008-06-04 21:04 <REP> d-------- C:\Temp
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-11 19:36 . 2008-05-12 09:37 <REP> d-------- C:\Program Files\Azureus
2008-05-11 19:36 . 2008-05-12 01:30 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Azureus
2008-05-11 19:36 . 2008-05-11 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-09 17:45 . 2008-05-09 17:45 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Nokia Multimedia Player
2008-05-09 17:39 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Nokia
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\DIFX
2008-05-09 17:36 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Suite
2008-05-09 17:36 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-09 17:36 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-09 17:36 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-09 17:36 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-09 17:33 . 2008-05-09 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 19:16 4,224 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-04 12:01 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-06-04 08:49 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-02 19:33 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-06-02 19:33 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\CamfrogWEB
2008-06-02 17:01 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-29 21:18 --------- d-----w C:\Program Files\Google
2008-05-29 18:14 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\MSN6
2008-05-29 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 15:17 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\LimeWire
2008-05-28 08:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-27 20:12 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Vso
2008-05-26 15:51 --------- d-----w C:\Program Files\Toox
2008-05-25 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-25 19:15 --------- d-----w C:\Program Files\LimeWire
2008-05-22 14:25 --------- d-----w C:\Program Files\adslTV
2008-05-11 14:15 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Nokia
2008-04-30 10:47 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\ACD Systems
2008-04-30 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-30 10:40 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-04-30 10:40 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-04-30 10:40 --------- d-----w C:\Program Files\ACD Systems
2008-04-30 10:18 --------- d-----w C:\Program Files\eMule
2008-04-30 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-30 06:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 17:04 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\globallist
2008-04-21 17:48 --------- d-----w C:\Program Files\CFWebAdvancedU
2008-04-21 09:57 --------- d-----w C:\Program Files\YesMessenger
2008-04-19 17:24 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-15 12:01 --------- d-----w C:\Program Files\Neuf
2008-04-07 16:54 --------- d-----w C:\Program Files\Alwil Software
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 09:04 14,869,504 ----a-w C:\WINDOWS\aolback.exe
2008-02-25 09:23 47,360 ----a-w C:\Documents and Settings\Patrizio\Application Data\pcouffin.sys
2007-12-29 15:05 56 --sh--r C:\WINDOWS\system32\5597841D0A.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_21.12.16.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 19:08:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 19:23:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"WebCamRT.exe"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 23:18 171448]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 04:50 8425472]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-15 18:44 185896]
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2004-09-08 12:22 225280]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-05-21 12:55 2999680]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9117696]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 17:17:08 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-22 09:30:55 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 15:27]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
S3 ATWPKT;ATWPKT;C:\WINDOWS\system32\Drivers\ATWPKT.SYS [2002-05-10 12:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 19:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 19:00:00 C:\WINDOWS\Tasks\BF32F4BA96156786.job"
- c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:45:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-04 21:46:15
ComboFix-quarantined-files.txt 2008-06-04 19:46:10
ComboFix2.txt 2008-06-04 19:13:47

Pre-Run: 21,086,629,888 octets libres
Post-Run: 21,079,740,416 octets libres

227 --- E O F --- 2008-06-04 16:03:16
> trizio
Logfile of HijackThis v1.99.1
Scan saved at 09:12:45, on 05/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe


VundoFix V7.0.5

Scan started at 10:50:14 28/05/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.5

Scan started at 10:56:11 28/05/2008

Listing files found while scanning....


VundoFix V7.0.5

Scan started at 09:38:23 03/06/2008

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.5

Scan started at 09:41:29 03/06/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.5

Scan started at 21:25:09 04/06/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Beginning removal...

VundoFix V7.0.5

Scan started at 21:41:18 04/06/2008

Listing files found while scanning....

No infected files were found.

ComboFix 08-06-03.4 - Patrizio 2008-06-04 21:43:47.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1706 [GMT 2:00]
Endroit: C:\Documents and Settings\Patrizio\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Patrizio\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
.

2008-06-04 21:25 . 2008-06-04 21:25 <REP> d-------- C:\VundoFix Backups
2008-06-04 21:01 . 2008-06-04 21:01 <REP> d-------- C:\Lop SD
2008-06-04 13:33 . 2008-06-04 13:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-06-04 13:20 . 2007-08-31 16:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-06-04 13:20 . 2007-08-31 17:32 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-06-04 13:20 . 2007-08-31 17:32 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-06-04 13:20 . 2008-06-04 13:20 <REP> d-------- C:\Documents and Settings\Administrateur
2008-06-04 11:24 . 2008-06-04 17:15 <REP> d-------- C:\Program Files\Trend Micro
2008-06-04 11:13 . 2008-06-04 18:41 <REP> d-------- C:\Program Files\Spyware Doctor
2008-06-04 11:13 . 2008-06-04 11:13 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Tools
2008-06-04 11:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-04 11:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-04 11:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-04 11:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-03 18:16 . 2008-06-04 21:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 17:24 . 2008-06-04 18:04 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-06-01 23:49 . 2008-06-04 11:36 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Malwarebytes
2008-06-01 23:49 . 2008-06-01 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 23:49 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 23:49 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Program Files\Shareaza
2008-05-31 19:32 . 2008-05-31 19:32 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Shareaza
2008-05-29 19:35 . 2008-06-04 17:05 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\skypePM
2008-05-29 19:35 . 2008-05-29 19:35 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-29 19:33 . 2008-06-04 21:10 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-05-29 19:32 . 2008-05-29 19:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-29 18:53 . 2008-06-02 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-29 18:53 . 2008-05-29 18:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-29 09:50 . 2008-05-29 09:50 <REP> d-------- C:\Program Files\AxBx
2008-05-29 09:45 . 2008-05-29 16:59 <REP> d-------- C:\Program Files\Panda Security
2008-05-28 16:59 . 2008-05-28 16:59 <REP> d-------- C:\Program Files\Lavasoft
2008-05-28 16:59 . 2008-05-28 17:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 16:58 . 2008-05-28 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-28 12:20 . 2008-05-28 12:20 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-05-28 12:17 . 2005-06-15 02:17 427,520 --a------ C:\WINDOWS\WRServices.dll
2008-05-28 11:52 . 2008-05-28 11:52 <REP> d--hs---- C:\ProtectionConue
2008-05-28 11:52 . 2008-05-28 11:52 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\ProtectionConue
2008-05-28 11:52 . 2008-05-28 11:52 <REP> dr-h----- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-05-26 13:38 . 2008-05-26 15:47 <REP> d-------- C:\Documents and Settings\Patrizio\.housecall6.6
2008-05-25 22:34 . 2008-05-25 22:43 <REP> d-------- C:\WINDOWS\system32\vntiho18
2008-05-25 21:18 . 2008-05-25 22:21 <REP> d-------- C:\WINDOWS\system32\xnA
2008-05-25 21:18 . 2008-05-29 09:34 <REP> d-------- C:\WINDOWS\system32\vntiho05
2008-05-25 21:18 . 2008-05-26 08:27 <REP> d-------- C:\WINDOWS\system32\brW
2008-05-25 21:18 . 2008-05-25 22:14 <REP> d-------- C:\WINDOWS\system32\3056v
2008-05-25 21:18 . 2008-06-04 21:04 <REP> d-------- C:\Temp
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-11 19:36 . 2008-05-12 09:37 <REP> d-------- C:\Program Files\Azureus
2008-05-11 19:36 . 2008-05-12 01:30 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Azureus
2008-05-11 19:36 . 2008-05-11 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-09 17:45 . 2008-05-09 17:45 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\Nokia Multimedia Player
2008-05-09 17:39 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Nokia
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-05-09 17:36 . 2008-05-09 17:36 <REP> d-------- C:\Program Files\DIFX
2008-05-09 17:36 . 2008-05-09 17:40 <REP> d-------- C:\Documents and Settings\Patrizio\Application Data\PC Suite
2008-05-09 17:36 . 2007-02-22 11:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-09 17:36 . 2007-02-22 11:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-09 17:36 . 2007-02-22 11:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-09 17:36 . 2007-02-22 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-09 17:36 . 2007-02-22 11:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-09 17:33 . 2008-05-09 17:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 19:16 4,224 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-04 12:01 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-06-04 08:49 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-06-02 19:33 --------- d-----w C:\Program Files\CFWebAdvancedU_BOBTV.FR
2008-06-02 19:33 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\CamfrogWEB
2008-06-02 17:01 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-29 21:18 --------- d-----w C:\Program Files\Google
2008-05-29 18:14 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\MSN6
2008-05-29 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 15:17 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\LimeWire
2008-05-28 08:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-05-27 20:12 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Vso
2008-05-26 15:51 --------- d-----w C:\Program Files\Toox
2008-05-25 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-25 20:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-25 19:15 --------- d-----w C:\Program Files\LimeWire
2008-05-22 14:25 --------- d-----w C:\Program Files\adslTV
2008-05-11 14:15 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\Nokia
2008-04-30 10:47 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\ACD Systems
2008-04-30 10:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-04-30 10:40 9,856 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-04-30 10:40 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2008-04-30 10:40 --------- d-----w C:\Program Files\ACD Systems
2008-04-30 10:18 --------- d-----w C:\Program Files\eMule
2008-04-30 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-30 06:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 17:04 --------- d-----w C:\Documents and Settings\Patrizio\Application Data\globallist
2008-04-21 17:48 --------- d-----w C:\Program Files\CFWebAdvancedU
2008-04-21 09:57 --------- d-----w C:\Program Files\YesMessenger
2008-04-19 17:24 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-04-15 16:45 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-15 12:01 --------- d-----w C:\Program Files\Neuf
2008-04-07 16:54 --------- d-----w C:\Program Files\Alwil Software
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-04 09:04 14,869,504 ----a-w C:\WINDOWS\aolback.exe
2008-02-25 09:23 47,360 ----a-w C:\Documents and Settings\Patrizio\Application Data\pcouffin.sys
2007-12-29 15:05 56 --sh--r C:\WINDOWS\system32\5597841D0A.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_21.12.16.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 19:08:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 19:23:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"WebCamRT.exe"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-29 23:18 171448]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 17:49 4739072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 04:50 8425472]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 19:12 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-15 18:44 185896]
"Device Detector"="C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" [2004-09-08 12:22 225280]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2008-05-21 12:55 2999680]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 16:10 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9117696]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-08-31 17:17:08 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-22 09:30:55 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.mxmc"= MimicICM.DLL
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
S2 vkservice;VirusKeeper antivirus/antispyware;C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\vk_service.exe [2008-05-22 15:27]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
S3 ATWPKT;ATWPKT;C:\WINDOWS\system32\Drivers\ATWPKT.SYS [2002-05-10 12:50]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 09:30]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 19:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 19:00:00 C:\WINDOWS\Tasks\BF32F4BA96156786.job"
- c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:45:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-06-04 21:46:15
ComboFix-quarantined-files.txt 2008-06-04 19:46:10
ComboFix2.txt 2008-06-04 19:13:47

Pre-Run: 21,086,629,888 octets libres
Post-Run: 21,079,740,416 octets libres

227 --- E O F --- 2008-06-04 16:03:16
MSNFix 1.720

C:\Documents and Settings\Patrizio\Bureau\MSNFix
Fix exécuté le 05/06/2008 - 9:02:31,14 By Patrizio
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\tmp.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\tmp.txt



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05062008_ 9065846.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

SmitFraudFix v2.323

Rapport fait à 8:59:54,40, 05/06/2008
Executé à partir de C:\Documents and Settings\Patrizio\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F0BC812-F1DD-439F-A2FB-6DB9A8378A6B}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


-----------------------[ Lop S&D 4.2.1-2 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Patrizio ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 04/06/2008 | 22:57:13,12 ] [ PC : DOMICILE-P2E90G ]
[ MAJ : 01-06-2008 | 15:51 ]

-------------[ Listing des dossiers dans Application Data ]------------

[31/08/2007|17:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[04/06/2008|13:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[31/08/2007|16:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[30/04/2008|12:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
[30/04/2008|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/01/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[26/01/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[26/01/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
[05/01/2008|23:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[07/01/2008|20:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/05/2008|19:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[17/02/2008|08:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free
[31/08/2007|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[31/08/2007|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[31/08/2007|17:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[17/09/2007|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[18/09/2007|15:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
[29/02/2008|15:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[26/11/2007|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[09/05/2008|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[28/05/2008|17:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[31/08/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[01/06/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/12/2007|00:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/11/2007|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/04/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[19/01/2008|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
[09/05/2008|17:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[28/05/2008|11:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[27/12/2007|18:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[29/05/2008|19:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/05/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[04/06/2008|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/01/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[09/12/2007|23:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[28/05/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[31/08/2007|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[31/08/2007|16:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[28/05/2008|12:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[02/06/2008|08:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[31/08/2007|16:42] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[26/01/2008|12:43] C:\DOCUME~1\Patrizio\APPLIC~1\acccore
[30/04/2008|12:47] C:\DOCUME~1\Patrizio\APPLIC~1\ACD Systems
[30/04/2008|15:01] C:\DOCUME~1\Patrizio\APPLIC~1\Adobe
[25/01/2008|09:11] C:\DOCUME~1\Patrizio\APPLIC~1\Apple Computer
[12/05/2008|01:30] C:\DOCUME~1\Patrizio\APPLIC~1\Azureus
[02/06/2008|21:33] C:\DOCUME~1\Patrizio\APPLIC~1\CamfrogWEB
[31/08/2007|17:08] C:\DOCUME~1\Patrizio\APPLIC~1\CyberLink
[01/09/2007|23:02] C:\DOCUME~1\Patrizio\APPLIC~1\Datalayer
[17/11/2007|19:33] C:\DOCUME~1\Patrizio\APPLIC~1\Dcads Advanced Toolbar
[31/08/2007|17:32] C:\DOCUME~1\Patrizio\APPLIC~1\desktop.ini
[22/09/2007|09:31] C:\DOCUME~1\Patrizio\APPLIC~1\FotoWire
[18/09/2007|16:13] C:\DOCUME~1\Patrizio\APPLIC~1\F-Secure
[26/04/2008|19:04] C:\DOCUME~1\Patrizio\APPLIC~1\globallist
[29/09/2007|08:38] C:\DOCUME~1\Patrizio\APPLIC~1\Google
[31/08/2007|18:57] C:\DOCUME~1\Patrizio\APPLIC~1\Help
[31/08/2007|16:42] C:\DOCUME~1\Patrizio\APPLIC~1\Identities
[08/02/2008|11:33] C:\DOCUME~1\Patrizio\APPLIC~1\Leadertech
[28/05/2008|17:17] C:\DOCUME~1\Patrizio\APPLIC~1\LimeWire
[17/09/2007|19:04] C:\DOCUME~1\Patrizio\APPLIC~1\Macromedia
[01/06/2008|23:49] C:\DOCUME~1\Patrizio\APPLIC~1\Malwarebytes
[29/05/2008|10:21] C:\DOCUME~1\Patrizio\APPLIC~1\Microsoft
[26/01/2008|12:42] C:\DOCUME~1\Patrizio\APPLIC~1\Mozilla
[29/05/2008|20:14] C:\DOCUME~1\Patrizio\APPLIC~1\MSN6
[17/03/2008|11:00] C:\DOCUME~1\Patrizio\APPLIC~1\MySpace
[02/06/2008|12:42] C:\DOCUME~1\Patrizio\APPLIC~1\NMM-MetaData.db
[11/05/2008|16:15] C:\DOCUME~1\Patrizio\APPLIC~1\Nokia
[09/05/2008|17:45] C:\DOCUME~1\Patrizio\APPLIC~1\Nokia Multimedia Player
[09/05/2008|17:40] C:\DOCUME~1\Patrizio\APPLIC~1\PC Suite
[04/06/2008|11:13] C:\DOCUME~1\Patrizio\APPLIC~1\PC Tools
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.cat
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.inf
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.log
[25/02/2008|11:23] C:\DOCUME~1\Patrizio\APPLIC~1\pcouffin.sys
[28/05/2008|11:52] C:\DOCUME~1\Patrizio\APPLIC~1\ProtectionConue
[25/09/2007|08:13] C:\DOCUME~1\Patrizio\APPLIC~1\Real
[18/09/2007|17:23] C:\DOCUME~1\Patrizio\APPLIC~1\SecondLife
[31/05/2008|19:32] C:\DOCUME~1\Patrizio\APPLIC~1\Shareaza
[06/01/2008|15:22] C:\DOCUME~1\Patrizio\APPLIC~1\Skyline
[04/06/2008|22:53] C:\DOCUME~1\Patrizio\APPLIC~1\Skype
[04/06/2008|17:05] C:\DOCUME~1\Patrizio\APPLIC~1\skypePM
[22/12/2007|13:06] C:\DOCUME~1\Patrizio\APPLIC~1\Sun
[17/12/2007|22:35] C:\DOCUME~1\Patrizio\APPLIC~1\Viewpoint
[25/02/2008|11:38] C:\DOCUME~1\Patrizio\APPLIC~1\vlc
[27/05/2008|22:12] C:\DOCUME~1\Patrizio\APPLIC~1\Vso

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[04/06/2008 22:00][--ah-----] C:\WINDOWS\tasks\BF32F4BA96156786.job
[29/05/2008 21:33][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/06/2008 21:50][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-----] C:\WINDOWS\tasks\desktop.ini

BF32F4BA96156786.job <--> c:\docume~1\patrizio\applic~1\global~1\hideeggstrans.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[30/04/2008|12:40] C:\Program Files\ACD Systems
[30/04/2008|13:36] C:\Program Files\Adobe
[22/05/2008|16:25] C:\Program Files\adslTV
[30/12/2007|12:52] C:\Program Files\Adverts
[31/08/2007|17:11] C:\Program Files\Ahead
[26/01/2008|12:43] C:\Program Files\AIM6
[07/04/2008|18:54] C:\Program Files\Alwil Software
[05/01/2008|23:53] C:\Program Files\Apple Software Update
[04/06/2008|14:01] C:\Program Files\a-squared Anti-Malware
[31/08/2007|19:43] C:\Program Files\ASUS
[29/05/2008|09:50] C:\Program Files\AxBx
[12/05/2008|09:37] C:\Program Files\Azureus
[23/11/2007|21:41] C:\Program Files\CCleaner
[21/04/2008|19:48] C:\Program Files\CFWebAdvancedU
[02/06/2008|21:33] C:\Program Files\CFWebAdvancedU_BOBTV.FR
[04/01/2008|21:49] C:\Program Files\Circle Developement
[31/08/2007|17:30] C:\Program Files\Codec Audio & Video
[31/08/2007|16:37] C:\Program Files\ComPlus Applications
[31/08/2007|17:07] C:\Program Files\CyberLink
[16/11/2007|00:58] C:\Program Files\Dcads Games Collection
[09/05/2008|17:36] C:\Program Files\DIFX
[22/09/2007|09:39] C:\Program Files\directx
[31/08/2007|17:09] C:\Program Files\DVD Shrink
[30/04/2008|12:18] C:\Program Files\eMule
[19/04/2008|19:24] C:\Program Files\EsetOnlineScanner
[29/05/2008|19:32] C:\Program Files\Fichiers communs
[01/04/2008|17:23] C:\Program Files\Future Pinball
[17/02/2008|08:30] C:\Program Files\globallist
[29/05/2008|23:18] C:\Program Files\Google
[04/03/2008|10:59] C:\Program Files\Hewlett-Packard
[04/06/2008|18:04] C:\Program Files\Hijackthis Version Fran‡aise
[04/03/2008|11:01] C:\Program Files\hp deskjet 656c series
[15/10/2007|08:55] C:\Program Files\IncrediMail
[29/05/2008|17:00] C:\Program Files\InstallShield Installation Information
[31/08/2007|16:55] C:\Program Files\Intel
[26/05/2008|13:40] C:\Program Files\Internet Explorer
[07/01/2008|20:05] C:\Program Files\iPod
[07/01/2008|20:05] C:\Program Files\iTunes
[03/04/2008|22:32] C:\Program Files\Java
[31/08/2007|18:45] C:\Program Files\Kaspersky Lab
[28/05/2008|16:59] C:\Program Files\Lavasoft
[25/05/2008|21:15] C:\Program Files\LimeWire
[22/09/2007|09:31] C:\Program Files\Logitech
[06/01/2008|13:52] C:\Program Files\Magentic
[04/06/2008|11:36] C:\Program Files\Malwarebytes' Anti-Malware
[31/08/2007|16:58] C:\Program Files\Marvell
[07/01/2008|18:37] C:\Program Files\Messenger
[30/04/2008|08:46] C:\Program Files\Messenger Plus! Live
[05/01/2008|23:04] C:\Program Files\Micro Application
[31/08/2007|16:39] C:\Program Files\microsoft frontpage
[31/08/2007|17:22] C:\Program Files\Microsoft Office
[31/08/2007|17:23] C:\Program Files\Microsoft.NET
[07/01/2008|18:37] C:\Program Files\Movie Maker
[30/04/2008|10:41] C:\Program Files\MSN
[31/08/2007|16:37] C:\Program Files\MSN Gaming Zone
[02/01/2008|15:42] C:\Program Files\MSN Messenger
[17/09/2007|20:25] C:\Program Files\MSXML 4.0
[31/08/2007|19:44] C:\Program Files\My Company Name
[17/03/2008|11:00] C:\Program Files\MySpace
[31/08/2007|16:48] C:\Program Files\NetMeeting
[15/04/2008|14:01] C:\Program Files\Neuf
[09/05/2008|17:36] C:\Program Files\Nokia
[31/08/2007|18:02] C:\Program Files\Nullsoft
[17/09/2007|20:28] C:\Program Files\Outlook Express
[31/03/2008|14:14] C:\Program Files\Pack Securite
[29/05/2008|16:59] C:\Program Files\Panda Security
[09/05/2008|17:36] C:\Program Files\PC Connectivity Solution
[29/02/2008|17:04] C:\Program Files\Pinball
[05/01/2008|23:54] C:\Program Files\QuickTime
[31/08/2007|17:43] C:\Program Files\Real
[31/08/2007|16:56] C:\Program Files\Realtek
[26/11/2007|20:01] C:\Program Files\RegCleaner
[21/12/2007|11:36] C:\Program Files\SecondLife
[31/08/2007|16:37] C:\Program Files\Services en ligne
[31/05/2008|19:32] C:\Program Files\Shareaza
[27/12/2007|18:35] C:\Program Files\Skyline
[29/05/2008|19:32] C:\Program Files\Skype
[09/02/2008|19:16] C:\Program Files\SLD Codec Pack
[25/05/2008|22:49] C:\Program Files\Spybot - Search & Destroy
[04/06/2008|18:41] C:\Program Files\Spyware Doctor
[26/05/2008|17:51] C:\Program Files\Toox
[04/06/2008|17:15] C:\Program Files\Trend Micro
[31/08/2007|16:42] C:\Program Files\Uninstall Information
[31/08/2007|17:58] C:\Program Files\Viewpoint
[25/02/2008|11:23] C:\Program Files\VSO
[05/12/2007|00:54] C:\Program Files\Windows Live
[22/09/2007|09:42] C:\Program Files\Windows Media Components
[07/01/2008|18:37] C:\Program Files\Windows Media Player
[31/08/2007|16:48] C:\Program Files\Windows NT
[31/08/2007|16:37] C:\Program Files\WindowsUpdate
[31/08/2007|17:10] C:\Program Files\WinRAR
[31/08/2007|16:39] C:\Program Files\xerox
[21/04/2008|11:57] C:\Program Files\YesMessenger

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[30/04/2008|12:40] C:\Program Files\Fichiers communs\ACD Systems
[08/02/2008|12:04] C:\Program Files\Fichiers communs\Adobe
[31/08/2007|17:17] C:\Program Files\Fichiers communs\Adobe Systems Shared
[31/08/2007|17:11] C:\Program Files\Fichiers communs\Ahead
[26/01/2008|12:42] C:\Program Files\Fichiers communs\AOL
[31/08/2007|18:02] C:\Program Files\Fichiers communs\aolback
[07/01/2008|20:04] C:\Program Files\Fichiers communs\Apple
[31/08/2007|17:22] C:\Program Files\Fichiers communs\DESIGNER
[22/09/2007|09:31] C:\Program Files\Fichiers communs\FotoWire
[31/08/2007|17:07] C:\Program Files\Fichiers communs\InstallShield
[15/11/2007|23:50] C:\Program Files\Fichiers communs\Java
[22/09/2007|09:38] C:\Program Files\Fichiers communs\Logitech
[31/08/2007|17:23] C:\Program Files\Fichiers communs\Microsoft Shared
[31/08/2007|16:38] C:\Program Files\Fichiers communs\MSSoap
[09/05/2008|17:36] C:\Program Files\Fichiers communs\Nokia
[31/08/2007|17:33] C:\Program Files\Fichiers communs\ODBC
[09/05/2008|17:36] C:\Program Files\Fichiers communs\PCSuite
[15/04/2008|18:45] C:\Program Files\Fichiers communs\Real
[31/08/2007|16:38] C:\Program Files\Fichiers communs\Services
[29/05/2008|19:32] C:\Program Files\Fichiers communs\Skype
[31/08/2007|17:33] C:\Program Files\Fichiers communs\SpeechEngines
[17/09/2007|20:28] C:\Program Files\Fichiers communs\System
[28/05/2008|16:58] C:\Program Files\Fichiers communs\Wise Installation Wizard
[15/04/2008|18:45] C:\Program Files\Fichiers communs\xing shared

---------------------------[ Process ]--------------------------

... 56

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free
C:\DOCUME~1\ALLUSE~1\APPLIC~1\beep axis mode free\Warn Rdr.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\DOCUME~1\Patrizio\APPLIC~1\global~1
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\cirzbpxz.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\dchdyodc.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\hideeggstrans.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\popskip3264.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\xtsitqze.exe
C:\DOCUME~1\Patrizio\APPLIC~1\global~1\ygptnvzw.exe
C:\Program Files\global~1
C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\WINDOWS\Prefetch\HIDEEGGSTRANS.EXE-2254E466.pf
C:\WINDOWS\Tasks\BF32F4BA96156786.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 22:58:13
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------


Aucune autre infection trouvée !

[F:26][D:0]-> C:\DOCUME~1\Patrizio\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\Patrizio\Cookies
[F:2][D:0]-> C:\DOCUME~1\Patrizio\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 22:58:48,09 ]----------------------
bon voila !! je n ai pas pu le faire en mode sans echec .....
mon antivirus me demandais de continuer a chaque fois...
je n est plus d image d ecran sur le bureau...
et je n ai toujours pas de colonne dans genre " panneau de config.."
Merci beaucoup

ok d'après le rapport combofix y'a pas mal de truc. laisse moi le temps de l'analyser :)


*******
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci : (fais les un par un)

C:\WINDOWS\system32\drivers\kcom.sys
C:\WINDOWS\system32\lsass.exe


Clik send et colle le rapport stp
****************


---------------------------


va dans : Démarrer > Exécuter

puis fais un copier/coller de :

"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris

puis valide,

Au menu, choisis l'option 1.

Réponds oui si on te demande de confirmer la suppression d'un fichier, d'un dossier ou d'une clé.

Poste le rapport stp
slr ok merci mais il n y a aucun des deux adresse !! là !!
re re re slt ;)
en ce qui concerne " executer" window me dis qu il n est pas possible d y aller...
.......... :(
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.26 2008.06.05 -
Authentium 5.1.0.4 2008.06.05 -
Avast 4.8.1195.0 2008.06.06 -
AVG 7.5.0.516 2008.06.05 -
BitDefender 7.2 2008.06.06 -
CAT-QuickHeal 9.50 2008.06.05 -
ClamAV 0.92.1 2008.06.06 -
DrWeb 4.44.0.09170 2008.06.05 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5850 2008.06.05 -
Ewido 4.0 2008.06.05 -
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.06 -
Fortinet 3.14.0.0 2008.06.06 -
GData 2.0.7306.1023 2008.06.06 -
Ikarus T3.1.1.26.0 2008.06.06 -
Kaspersky 7.0.0.125 2008.06.06 -
McAfee 5311 2008.06.05 -
Microsoft 1.3604 2008.06.06 -
NOD32v2 3162 2008.06.05 -
Norman 5.80.02 2008.06.05 -
Panda 9.0.0.4 2008.06.05 -
Prevx1 V2 2008.06.06 -
Rising 20.47.40.00 2008.06.06 -
Sophos 4.30.0 2008.06.06 -
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.06 -
TheHacker 6.2.92.337 2008.06.06 -
VBA32 3.12.6.7 2008.06.05 -
VirusBuster 4.3.26:9 2008.06.05 -
Webwasher-Gateway 6.6.2 2008.06.06 -
Information additionnelle
File size: 29576 bytes
MD5...: a1df98a9055b8d5685d011d89ffe6ab9
SHA1..: ff3b703233dcf57997dcd54283c19478594da4f6
SHA256: c48d39992cc7d6136f973d53df611c3d26750995aa1203e20dfc1148ee474b09
SHA512: 9c0af0a259d312f5a7eef4677a9dbc8e7bae11efa93fac8ff9e30354610c88a8
fde9b906fb42dd51126e5d2641b3a3236d7a725619d1c5649cd967b259bed5ae
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1b005
timedatestamp.....: 0x46031da8 (Fri Mar 23 00:22:00 2007)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3d34 0x3e00 6.10 e4087864d703fb37146296bb83ebb2ca
.rdata 0x5000 0x274 0x400 3.24 d485e80f5ffc2bccf80b10d7afe01483
.data 0x6000 0x138 0x200 0.54 45cf5e3db7f4b555248f4dda01d5a7fc
.CRT 0x7000 0x10 0x200 0.11 4b59134c6b3f390c40dae8b5c3702621
.STL 0x8000 0x18 0x200 0.11 415c4c93dfd1b4237cb3af4bae5c2f1a
PAGE 0x9000 0x2f 0x200 0.72 216a42725a18867bebabb3d68ac8daaf
.edata 0xa000 0x10c 0x200 3.04 8e6db174192850698c5fa288942ce600
INIT 0xb000 0x32e 0x400 4.58 4042762ba8fea4982adb6d6d667c3dbb
.rsrc 0xc000 0x270 0x400 2.14 83648bcf8ea482fafdcef8a7367deef4
.reloc 0xd000 0x3ac 0x400 4.44 8f84cc214ea56a39c5d8f06c1bf2b220

( 2 imports )
> ntoskrnl.exe: KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeWaitForSingleObject, KeReleaseMutex, ExRaiseStatus, KeWaitForMultipleObjects, memmove, RtlStringFromGUID, KeReleaseSemaphore, _except_handler3, KeInitializeSpinLock, KeDelayExecutionThread, KeSetEvent, wcscpy, KeTickCount, KeBugCheckEx, KeInitializeEvent, ObfDereferenceObject, ExFreePoolWithTag, KeInitializeSemaphore, ExAllocatePoolWithTag, KeInitializeMutex
> HAL.dll: ExAcquireFastMutex, KfReleaseSpinLock, KfAcquireSpinLock, ExReleaseFastMutex

( 8 exports )
DllInitialize, DllUnload, _CoCreateInstance@20, _CoDebug@0, _CoInitialize@4, _CoRegisterClassObject@20, _CoRevokeClassObject@4, _CoUnInitialize@4
AhnLab-V3 2008.5.22.1 2008.05.26 -
AntiVir 7.8.0.19 2008.05.26 -
Authentium 5.1.0.4 2008.05.26 -
Avast 4.8.1195.0 2008.05.26 -
AVG 7.5.0.516 2008.05.26 -
BitDefender 7.2 2008.05.27 -
CAT-QuickHeal 9.50 2008.05.26 -
ClamAV 0.92.1 2008.05.27 -
DrWeb 4.44.0.09170 2008.05.26 -
eSafe 7.0.15.0 2008.05.26 -
eTrust-Vet 31.4.5823 2008.05.26 -
Ewido 4.0 2008.05.26 -
F-Prot 4.4.4.56 2008.05.26 -
F-Secure 6.70.13260.0 2008.05.26 -
Fortinet 3.14.0.0 2008.05.26 -
GData 2.0.7306.1023 2008.05.23 -
Ikarus T3.1.1.26.0 2008.05.26 -
Kaspersky 7.0.0.125 2008.05.27 -
McAfee 5303 2008.05.26 -
Microsoft None 2008.05.27 -
NOD32v2 3133 2008.05.26 -
Norman 5.80.02 2008.05.26 -
Panda 9.0.0.4 2008.05.27 -
Prevx1 V2 2008.05.27 -
Rising 20.46.02.00 2008.05.26 -
Sophos 4.29.0 2008.05.27 -
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.26 -
TheHacker 6.2.92.320 2008.05.26 -
VBA32 3.12.6.6 2008.05.26 -
VirusBuster 4.3.26:9 2008.05.26 -
Webwasher-Gateway 6.6.2 2008.05.27 -
Information additionnelle
File size: 13312 bytes
MD5...: 259af82a0932eea4f316f92db94707b6
SHA1..: 9e71e74a9d43d66229271a1517b5de769160bb7b
SHA256: 8a096232c4ff41eb0a0fd1811c62269a4396d7b5c96ccb1a57261506fa2caaca
SHA512: da4b346bccf744e85201bf77a2a1a415f161645c5f8b9e8a28a74ae13b4e9b1a
9c5dcd1b883a97a45b05f34b8a3dd8525143f6c54b8fab499c2071b4f0f24c61
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10014bd
timedatestamp.....: 0x41107b4d (Wed Aug 04 05:59:41 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10d0 0x1200 6.01 b5778e66eafc9b978cd5c954228eee22
.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250
.rsrc 0x4000 0x1b40 0x1c00 7.16 e4a0d77578ef1aa0158f6be8dfc6d37a

( 5 imports )
> ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf
> KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery
> ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter
> LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo
> SAMSRV.dll: SamIInitialize, SampUsingDsData
pas guerrit
re a tous !! je n i meme plus de diaporama !! :(

Bonsoir,
dsl pour la réponse tardive mais j'ai aussi une vie à coter ^^
Sinon j'attends le log de Lopxp après la commande.


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\5597841D0A.sys

Folder::
C:\WINDOWS\system32\vntiho18
C:\WINDOWS\system32\xnA
C:\WINDOWS\system32\vntiho05
C:\WINDOWS\system32\brW
C:\WINDOWS\system32\3056v



Enregistre ce fichier sous le nom CFScript.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
[*]Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


-----------------------


Ensuite fais moi un résumé des problèmes que tu rencontres après avoir fais les instructions ( ci dessus )

/!\ N'utilise en aucun cas Emule ou Azureus ou Sharezea pendant que l'on désinfecte ton ordi ! /!\
Slt pas de probleme pour la reponse...
bon petit soucis encore lorsque j envoie le document texte dans combo l ecran bleu s ouvre ok, mais une petite fenetre me dis qu il y a une "erreur de nom cfscript...."
... je ne peux donc pas l executer...