Se connecter / S'enregistrer
Votre question

Option des dossiers disparue et l'accés de la BDR est bloqué [résolu]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Janvier 2009 12:03:21

Bonjour tout le monde,comme le sujet l'indique l'option des dossiers a disparue et l'accés de la BDR est bloqué soi disant par l'admin.j'ai été injecté par quelques saloperies, bloqué par fsecuse (pack securite neuf)mais il doit y avoir des "reste"aparrament aidez moi svp please.

Autres pages sur : option dossiers disparue acces bdr bloque resolu

25 Janvier 2009 00:55:53

bonsoir

1

  • Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
  • Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)

    2

    Télécharge DDS et sauvegarde-le sur ton bureau.
  • Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
  • Double-clique sur dds.scr pour lancer l'outil.
  • Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
  • Clique Oui à la prochaine invite Optional Scan.
  • Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
    m
    0
    l
    25 Janvier 2009 10:19:51

    bonjour Sham_rock,
    Bon je viens de scanner tout ça, mais par contre "catchme" cesse de fonctionner immédiatement après avoir cliqué dessus,en mode mormal et en mode sans échec.
    Je te mets le rapport dds et merci pour ton aide.


    DDS (Ver_09-01-19.01) - NTFSx86
    Run by util at 9:55:58,45 on 25/01/2009
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1358 [GMT 1:00]

    AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
    FW: Pack Securite Plus 7.00 *disabled*

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Windows\system32\lxbtcoms.exe
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
    C:\Program Files\Lexmark 5200 Series\ezprint.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Windows\system32\conime.exe
    C:\Users\util\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.msn.fr/
    BHO: {0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - c:\windows\system32\duduhahi.dll
    BHO: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [Jnskdfmf9eldfd] c:\users\util\appdata\local\temp\csrssc.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [lxbtmon.exe] "c:\program files\lexmark 5200 series\lxbtmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 5200 series\ezprint.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [F-Secure Manager] "c:\program files\pack securite\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\pack securite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [vebohilori] Rundll32.exe "c:\windows\system32\jejuvusu.dll",s
    mRun: [CPM7363a3b0] Rundll32.exe "c:\windows\system32\vohejido.dll",a
    dRun: [Jnskdfmf9eldfd] c:\windows\temp\csrssc.exe
    uPolicies-explorer: NoFolderOptions = 1 (0x1)
    uPolicies-system: DisableRegistryTools = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\windows\system32\norozuse.dll c:\windows\system32\vohejido.dll
    SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vohejido.dll
    STS: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
    STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\vohejido.dll
    LSA: Notification Packages = scecli c:\windows\system32\norozuse.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnkjHxx

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\util\appdata\roaming\mozilla\firefox\profiles\ty2p2323.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R1 F-Secure HIPS;F-Secure HIPS;c:\program files\pack securite\hips\fshs.sys [2008-12-20 41184]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-12-20 35024]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-20 60064]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\pack securite\anti-virus\minifilter\fsvista.sys [2008-12-20 13168]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\pack securite\anti-virus\minifilter\fsgk.sys [2008-12-20 59760]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\pack securite\anti-virus\win2k\fsfilter.sys [2008-12-20 40048]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\pack securite\anti-virus\win2k\fsrec.sys [2008-12-20 25456]
    S4 FCI;FCI;c:\windows\system32\fci.exe.exe:ext.exe --> c:\windows\system32\fci.exe.exe:ext.exe [?]
    S4 ICF;ICF;c:\windows\system32\icf.exe.exe:ext.exe --> c:\windows\system32\icf.exe.exe:ext.exe [?]
    S4 SrvCDEject;SrvCDEject;c:\program files\packard bell\srvCDEject.exe [2008-9-8 600064]

    =============== Created Last 30 ================

    2009-01-24 21:34 120 ---sh--- c:\windows\system32\irivopas.ini
    2009-01-24 19:06 <DIR> --d----- c:\programdata\NVIDIA
    2009-01-24 18:57 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-24 18:57 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-24 18:57 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-24 18:57 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-24 14:07 3,636 a------- c:\windows\system32\drivers\nvphy.bin
    2009-01-24 09:34 120 ---sh--- c:\windows\system32\ubabarob.ini
    2009-01-23 00:49 120 ---sh--- c:\windows\system32\edojoyis.ini
    2009-01-23 00:26 120 ---sh--- c:\windows\system32\esunekih.ini
    2009-01-22 12:07 120 ---sh--- c:\windows\system32\ivisozez.ini
    2009-01-22 12:01 <DIR> --d----- c:\program files\CCleaner
    2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG2
    2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG1
    2009-01-22 01:25 0 a------- C:\ntuser.dat
    2009-01-22 01:12 33,832 a------- c:\windows\system32\jkcecsyi.exe
    2009-01-22 01:02 33,832 a------- c:\windows\system32\xfgcfras.exe
    2009-01-22 00:56 33,832 a------- c:\windows\system32\mesrtvdb.exe
    2009-01-22 00:51 33,832 a------- c:\windows\system32\jakpnbzv.exe
    2009-01-22 00:48 33,832 a------- c:\windows\system32\zmztyikl.exe
    2009-01-22 00:40 33,832 a------- c:\windows\system32\soscivpb.exe
    2009-01-22 00:37 33,832 a------- c:\windows\system32\ehhzendb.exe
    2009-01-22 00:04 33,832 a------- c:\windows\system32\ixxapvwh.exe
    2009-01-21 23:28 120 ---sh--- c:\windows\system32\yrbefagi.ini
    2009-01-21 23:25 1,047,617 a--sh--- c:\windows\system32\xxHjknnn.ini2
    2009-01-21 23:25 1,047,617 a--sh--- c:\windows\system32\xxHjknnn.ini
    2009-01-21 23:21 15,000 a------- c:\windows\system32\hgfdge4unjdfdg.dll
    2009-01-21 23:20 47,616 a------- c:\windows\system32\jkKbxxWo.dll
    2009-01-21 23:12 507,400 a------- c:\windows\system32\XAudio2_1.dll
    2009-01-21 23:12 238,088 a------- c:\windows\system32\xactengine3_1.dll
    2009-01-21 23:12 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
    2009-01-21 23:12 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
    2009-01-21 23:12 467,984 a------- c:\windows\system32\d3dx10_38.dll
    2009-01-21 23:12 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
    2009-01-21 23:12 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
    2009-01-21 23:10 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
    2009-01-21 23:10 462,864 a------- c:\windows\system32\d3dx10_37.dll
    2009-01-21 23:10 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
    2009-01-21 23:10 81,768 a------- c:\windows\system32\xinput1_3.dll
    2009-01-20 21:42 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
    2009-01-20 21:42 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
    2009-01-15 08:48 90,112 a------- c:\windows\unvise32.exe
    2009-01-15 08:48 <DIR> --d----- c:\program files\Pixie
    2009-01-15 08:47 <DIR> a-d----- c:\program files\Furnish Pro
    2009-01-14 19:22 288,768 a------- c:\windows\system32\drivers\srv.sys
    2009-01-09 17:17 <DIR> --d----- c:\programdata\Installations

    ==================== Find3M ====================

    2009-01-25 09:38 99,532 a--sh--- c:\windows\system32\vohejido.dll
    2009-01-25 09:38 87,169 a--sh--- c:\windows\system32\zevitedu.dll
    2009-01-24 21:34 101,533 a--sh--- c:\windows\system32\nusuzefa.dll
    2009-01-24 21:34 87,137 a--sh--- c:\windows\system32\sapoviri.dll
    2009-01-24 19:13 688,024 a------- c:\windows\system32\perfh00C.dat
    2009-01-24 19:13 131,996 a------- c:\windows\system32\perfc00C.dat
    2009-01-24 14:07 143,360 a------- c:\windows\inf\infstrng.dat
    2009-01-24 14:07 51,200 a------- c:\windows\inf\infpub.dat
    2009-01-24 14:07 86,016 a------- c:\windows\inf\infstor.dat
    2009-01-24 09:34 99,555 a--sh--- c:\windows\system32\tepusiga.dll
    2009-01-23 00:48 101,700 a--sh--- c:\windows\system32\zuzigiju.dll
    2009-01-23 00:26 100,504 a--sh--- c:\windows\system32\fitomupo.dll
    2009-01-23 00:26 85,742 -------- c:\windows\system32\hikenuse.dll
    2009-01-22 12:07 100,508 a--sh--- c:\windows\system32\bukipuke.dll
    2009-01-22 12:07 86,317 a--sh--- c:\windows\system32\zezosivi.dll
    2008-12-20 17:37 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
    2008-12-20 11:06 410,984 a------- c:\windows\system32\deploytk.dll
    2008-12-20 10:17 60,064 a------- c:\windows\system32\drivers\fsdfw.sys
    2008-11-27 20:34 87,608 a------- c:\users\util\appdata\roaming\inst.exe
    2008-11-27 20:34 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
    2008-11-27 20:34 47,360 a------- c:\users\util\appdata\roaming\pcouffin.sys
    2008-11-26 15:04 86,016 a------- c:\windows\system32\XmotsSHExt.dll
    2008-11-23 13:24 66,872 a------- c:\windows\system32\PnkBstrA.exe
    2008-11-17 14:52 111,928 a------- c:\windows\system32\PnkBstrB.exe
    2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
    2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
    2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
    2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2008-11-01 04:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2008-11-01 02:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
    2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
    2008-09-24 08:09 174 a--sh--- c:\program files\desktop.ini
    2008-09-24 05:41 665,600 a------- c:\windows\inf\drvindex.dat
    2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
    2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
    2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
    2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\duduhahi.dll
    1601-01-01 01:12 70,237 a--sh--- c:\windows\system32\duvapame.dll
    1601-01-01 01:12 70,237 a--sh--- c:\windows\system32\fovaseku.dll
    1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\jejuvusu.dll
    1601-01-01 01:12 70,357 a--sh--- c:\windows\system32\mubodigi.dll
    1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\norozuse.dll
    1601-01-01 01:12 70,357 a--sh--- c:\windows\system32\vatoteju.dll
    1601-01-01 01:12 70,237 a--sh--- c:\windows\system32\watebebo.dll

    ============= FINISH: 9:57:54,20 ===============
    m
    0
    l
    Contenus similaires
    25 Janvier 2009 20:38:51

    bonsoir
    bien infecté...

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer


    m
    0
    l
    26 Janvier 2009 18:50:21

    Bonsoir, alors c'est pas brillant tout ça. Je n'est pas réussi a utilisé combofix il cesse de fonctionné immédiatement en mode normal et sans échec. Pareil avec spybot impossible a lancé et impossible a réinstallé puisque il me met en ecran bleu "erreur" a la fin de l'installation. J'ai réussi a récupéré ma base de registre et mes options de dossiers avec hijackthis en fixant les lignes correspondantes. je te files les rapports tout neuf voila bon courage lol


    DDS (Ver_09-01-19.01) - NTFSx86
    Run by util at 18:32:04,79 on 26/01/2009
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1032 [GMT 1:00]

    AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
    FW: Pack Securite Plus 7.00 *enabled*

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
    C:\Program Files\Lexmark 5200 Series\ezprint.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Pack Securite\Common\FSMA32.EXE
    C:\Windows\system32\lxbtcoms.exe
    C:\Program Files\Pack Securite\Common\FSMB32.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Pack Securite\Common\FCH32.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
    C:\Program Files\Pack Securite\Common\FAMEH32.EXE
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\util\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.msn.fr/
    BHO: {0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - c:\windows\system32\duduhahi.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [lxbtmon.exe] "c:\program files\lexmark 5200 series\lxbtmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 5200 series\ezprint.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [F-Secure Manager] "c:\program files\pack securite\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\pack securite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [LXBTCATS] rundll32 \3\LXBTtime.dll,_RunDLLEntry@16
    mRun: [vebohilori] Rundll32.exe "c:\windows\system32\jejuvusu.dll",s
    dRun: [Jnskdfmf9eldfd] c:\windows\temp\csrssc.exe
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: NoFolderOptions = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\windows\system32\norozuse.dll c:\windows\system32\pidikayi.dll
    SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pidikayi.dll
    STS: {C5BF49A2-94F3-42BD-F434-3604812C8955} - No File
    STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pidikayi.dll
    LSA: Notification Packages = scecli c:\windows\system32\norozuse.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnkjHxx

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\util\appdata\roaming\mozilla\firefox\profiles\ty2p2323.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R1 F-Secure HIPS;F-Secure HIPS;c:\program files\pack securite\hips\fshs.sys [2008-12-20 41184]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-12-20 35024]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-20 60064]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\pack securite\anti-virus\minifilter\fsvista.sys [2008-12-20 13168]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\pack securite\anti-virus\minifilter\fsgk.sys [2008-12-20 59760]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\pack securite\anti-virus\win2k\fsfilter.sys [2008-12-20 40048]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\pack securite\anti-virus\win2k\fsrec.sys [2008-12-20 25456]
    S4 FCI;FCI;c:\windows\system32\fci.exe.exe:ext.exe --> c:\windows\system32\fci.exe.exe:ext.exe [?]
    S4 ICF;ICF;c:\windows\system32\icf.exe.exe:ext.exe --> c:\windows\system32\icf.exe.exe:ext.exe [?]
    S4 SrvCDEject;SrvCDEject;c:\program files\packard bell\srvCDEject.exe [2008-9-8 600064]

    =============== Created Last 30 ================

    2009-01-25 17:48 <DIR> --d----- c:\program files\a-squared Free
    2009-01-25 13:28 223,893,955 a------- c:\windows\MEMORY.DMP
    2009-01-24 21:34 120 ---sh--- c:\windows\system32\irivopas.ini
    2009-01-24 19:06 <DIR> --d----- c:\programdata\NVIDIA
    2009-01-24 18:57 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-24 18:57 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-24 18:57 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-24 18:57 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-24 14:07 3,636 a------- c:\windows\system32\drivers\nvphy.bin
    2009-01-24 09:34 120 ---sh--- c:\windows\system32\ubabarob.ini
    2009-01-23 00:49 120 ---sh--- c:\windows\system32\edojoyis.ini
    2009-01-23 00:26 120 ---sh--- c:\windows\system32\esunekih.ini
    2009-01-22 12:07 120 ---sh--- c:\windows\system32\ivisozez.ini
    2009-01-22 12:01 <DIR> --d----- c:\program files\CCleaner
    2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG2
    2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG1
    2009-01-22 01:25 0 a------- C:\ntuser.dat
    2009-01-21 23:12 507,400 a------- c:\windows\system32\XAudio2_1.dll
    2009-01-21 23:12 238,088 a------- c:\windows\system32\xactengine3_1.dll
    2009-01-21 23:12 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
    2009-01-21 23:12 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
    2009-01-21 23:12 467,984 a------- c:\windows\system32\d3dx10_38.dll
    2009-01-21 23:12 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
    2009-01-21 23:12 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
    2009-01-21 23:10 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
    2009-01-21 23:10 462,864 a------- c:\windows\system32\d3dx10_37.dll
    2009-01-21 23:10 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
    2009-01-21 23:10 81,768 a------- c:\windows\system32\xinput1_3.dll
    2009-01-20 21:42 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
    2009-01-20 21:42 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
    2009-01-15 08:48 90,112 a------- c:\windows\unvise32.exe
    2009-01-15 08:48 <DIR> --d----- c:\program files\Pixie
    2009-01-15 08:47 <DIR> a-d----- c:\program files\Furnish Pro
    2009-01-14 19:22 288,768 a------- c:\windows\system32\drivers\srv.sys
    2009-01-09 17:17 <DIR> --d----- c:\programdata\Installations

    ==================== Find3M ====================

    2009-01-25 21:38 101,542 a--sh--- c:\windows\system32\zisopola.dll
    2009-01-25 09:38 87,169 a--sh--- c:\windows\system32\zevitedu.dll
    2009-01-24 21:34 101,533 a--sh--- c:\windows\system32\nusuzefa.dll
    2009-01-24 21:34 87,137 a--sh--- c:\windows\system32\sapoviri.dll
    2009-01-24 19:13 688,024 a------- c:\windows\system32\perfh00C.dat
    2009-01-24 19:13 131,996 a------- c:\windows\system32\perfc00C.dat
    2009-01-24 14:07 143,360 a------- c:\windows\inf\infstrng.dat
    2009-01-24 14:07 51,200 a------- c:\windows\inf\infpub.dat
    2009-01-24 14:07 86,016 a------- c:\windows\inf\infstor.dat
    2009-01-24 09:34 99,555 a--sh--- c:\windows\system32\tepusiga.dll
    2009-01-23 00:48 101,700 a--sh--- c:\windows\system32\zuzigiju.dll
    2009-01-23 00:26 100,504 a--sh--- c:\windows\system32\fitomupo.dll
    2009-01-23 00:26 85,742 -------- c:\windows\system32\hikenuse.dll
    2009-01-22 12:07 100,508 a--sh--- c:\windows\system32\bukipuke.dll
    2009-01-22 12:07 86,317 a--sh--- c:\windows\system32\zezosivi.dll
    2008-12-20 17:37 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
    2008-12-20 11:06 410,984 a------- c:\windows\system32\deploytk.dll
    2008-12-20 10:17 60,064 a------- c:\windows\system32\drivers\fsdfw.sys
    2008-11-27 20:34 87,608 a------- c:\users\util\appdata\roaming\inst.exe
    2008-11-27 20:34 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
    2008-11-27 20:34 47,360 a------- c:\users\util\appdata\roaming\pcouffin.sys
    2008-11-26 15:04 86,016 a------- c:\windows\system32\XmotsSHExt.dll
    2008-11-23 13:24 66,872 a------- c:\windows\system32\PnkBstrA.exe
    2008-11-17 14:52 111,928 a------- c:\windows\system32\PnkBstrB.exe
    2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
    2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
    2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
    2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
    2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
    2008-11-01 04:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
    2008-11-01 02:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
    2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
    2008-09-24 08:09 174 a--sh--- c:\program files\desktop.ini
    2008-09-24 05:41 665,600 a------- c:\windows\inf\drvindex.dat
    2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
    2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
    2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
    2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\norozuse.dll

    ============= FINISH: 18:33:47,73 ===============


    Logfile of HijackThis v1.99.1
    Scan saved at 18:35:33, on 26/01/2009
    Platform: Unknown Windows (WinNT 6.00.1905 SP1)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
    C:\Program Files\Lexmark 5200 Series\ezprint.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Windows\system32\notepad.exe
    C:\Users\util\Desktop\ComboFix.exe
    C:\Users\util\Desktop\Nouveau dossier\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - C:\Windows\system32\duduhahi.dll (file missing)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 \3\LXBTtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [vebohilori] Rundll32.exe "C:\Windows\system32\jejuvusu.dll",s
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\Windows\system32\norozuse.dll c:\windows\system32\pidikayi.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pidikayi.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: FCI - Unknown owner - C:\Windows\system32\fci.exe.exe:ext.exe (file missing)
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ICF - Unknown owner - C:\Windows\system32\icf.exe.exe:ext.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

    m
    0
    l
    26 Janvier 2009 20:39:20

    bonsoir
    on va feinter pour combofix...
    tu vas le prendre sur ce lien:
    http://www.sendspace.com/file/43qjpt

    je l'ai dl chez moi et renommé pour leurrer l'infection, ça va marcher ;O)
    m
    0
    l
    26 Janvier 2009 21:42:32

    Bingo, bon on doit être sur la bonne voie sa marché je te files le rapport:

    ComboFix 09-01-21.04 - util 2009-01-26 21:21:51.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.964 [GMT 1:00]
    Lancé depuis: c:\users\util\Desktop\Comboalpha26.exe
    AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
    FW: Pack Securite Plus 7.00 *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\util\AppData\Roaming\inst.exe
    c:\windows\system32\drivers\TDSSmccb.sys
    c:\windows\system32\norozuse.dll
    c:\windows\system32\TDSScrrx.dll
    c:\windows\system32\TDSSfopt.log
    c:\windows\system32\TDSSmbcb.dat
    c:\windows\system32\TDSStmei.dll
    c:\windows\system32\TDSSwqsc.dll
    c:\windows\Tasks\mowwassq.job

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_TDSSserv.sys
    -------\Legacy_TDSSSERV.SYS
    -------\Service_FCI
    -------\Service_ICF


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-25 17:48 . 2009-01-26 18:58 <REP> d-------- c:\program files\a-squared Free
    2009-01-25 13:28 . 2009-01-25 13:29 223,893,955 --a------ c:\windows\MEMORY.DMP
    2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\users\All Users\NVIDIA
    2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\programdata\NVIDIA
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-24 14:07 . 2007-11-17 23:22 3,636 --a------ c:\windows\System32\drivers\nvphy.bin
    2009-01-24 14:00 . 2009-01-24 14:00 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-01-24 13:59 . 2009-01-24 14:03 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-22 12:01 . 2009-01-22 12:01 <REP> d-------- c:\program files\CCleaner
    2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG2
    2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG1
    2009-01-22 01:25 . 2009-01-22 01:25 0 --a------ C:\ntuser.dat
    2009-01-21 23:12 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
    2009-01-21 23:12 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
    2009-01-21 23:12 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
    2009-01-21 23:12 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
    2009-01-21 23:12 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
    2009-01-21 23:12 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
    2009-01-21 23:12 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
    2009-01-21 23:10 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
    2009-01-21 23:10 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
    2009-01-21 23:10 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
    2009-01-21 23:10 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll
    2009-01-20 21:42 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
    2009-01-20 21:42 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
    2009-01-15 08:48 . 2009-01-15 08:48 <REP> d-------- c:\program files\Pixie
    2009-01-15 08:48 . 2008-01-30 17:36 90,112 --a------ c:\windows\unvise32.exe
    2009-01-15 08:47 . 2009-01-15 08:48 <REP> d-a------ c:\program files\Furnish Pro
    2009-01-14 19:22 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\users\All Users\Installations
    2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\programdata\Installations

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-24 17:52 --------- d-----w c:\programdata\Spybot - Search & Destroy
    2009-01-23 23:02 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-01-23 22:59 --------- d-----w c:\program files\Soldier of Fortune II - Double Helix
    2009-01-23 18:38 --------- d-----w c:\program files\Lx_cats
    2009-01-23 10:48 --------- d-----w c:\users\util\AppData\Roaming\OFFICEOne7
    2009-01-21 22:37 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-21 22:19 --------- d-----w c:\program files\eMule
    2009-01-18 09:53 --------- d-----w c:\program files\Google
    2009-01-15 02:04 --------- d-----w c:\program files\Windows Mail
    2009-01-11 10:20 --------- d-----w c:\users\util\AppData\Roaming\vlc
    2009-01-10 08:02 --------- d-----w c:\users\util\AppData\Roaming\Vso
    2009-01-09 17:05 --------- d-----w c:\program files\Nokia
    2009-01-09 16:57 --------- d-----w c:\program files\Common Files\Nokia
    2009-01-08 20:25 --------- d-----w c:\users\util\AppData\Roaming\dvdcss
    2008-12-21 08:08 --------- d-----w c:\programdata\Micro Application
    2008-12-21 08:08 --------- d-----w c:\program files\Micro Application
    2008-12-20 16:37 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
    2008-12-20 10:06 --------- d-----w c:\program files\Java
    2008-12-20 09:36 --------- d-----w c:\program files\Pack Securite
    2008-12-20 09:17 60,064 ----a-w c:\windows\system32\drivers\fsdfw.sys
    2008-12-20 07:55 --------- d-----w c:\programdata\F-Secure
    2008-12-20 07:53 --------- d-----w c:\programdata\fssg
    2008-12-20 07:14 --------- d-----w c:\users\util\AppData\Roaming\F-Secure
    2008-12-16 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-12-16 09:54 --------- d-----w c:\programdata\Symantec
    2008-11-27 20:24 --------- d-----w c:\programdata\vsosdk
    2008-11-27 19:34 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
    2008-11-27 19:34 47,360 ----a-w c:\users\util\AppData\Roaming\pcouffin.sys
    2008-11-27 19:34 --------- d-----w c:\program files\VSO
    2008-11-26 17:23 --------- d-----w c:\program files\Les mots fléchés
    2008-11-26 14:00 --------- d-----w c:\program files\VideoLAN
    2008-11-26 07:33 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
    2008-09-24 07:09 174 --sha-w c:\program files\desktop.ini
    2008-09-08 15:53 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
    "lxbtmon.exe"="c:\program files\Lexmark 5200 Series\lxbtmon.exe" [2007-05-03 230320]
    "EzPrint"="c:\program files\Lexmark 5200 Series\ezprint.exe" [2007-05-03 103344]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
    "F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=G,c:\windows\system32\norozuse.dll

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
    backup=c:\windows\pss\OFFICE One Startup v7.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    --a------ 2007-01-18 13:03 79416 c:\program files\Packard Bell\FIJI\ABoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2008-09-08 16:53 243200 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
    --a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2006-06-15 11:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    --a------ 2006-06-27 15:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-02-21 02:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    --a------ 2007-01-11 10:40 232184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
    --a------ 2007-05-03 14:44 1116728 c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2009-01-18 10:54 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    --a------ 2008-09-26 14:50 206184 c:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    --a------ 2007-02-20 17:20 28672 c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3729243398-3042036631-2498703042-1002]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{680A32AE-C416-4BDB-B095-C113F211C852}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{23D12DBC-625C-4DAA-AAAC-98FF72C7C5EE}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{5186EFA6-5EE1-4FCF-8539-8BCC120A2CF7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{D9A2403E-984E-40D8-B995-D4B693143A9F}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
    "{A3CD637A-3E14-4506-A957-BFB12226EC77}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
    "{DC7E2D74-E3E3-4395-8BB4-B42ED6D47B47}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9593063C-D537-471C-AD40-6093F583F5E3}"= UDP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
    "{2047EB65-76C7-4889-95B9-D14901F17B5C}"= TCP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
    "{3ECD2FBB-0259-4992-B896-79B4029EC43E}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe:p rinter Status Window
    "{3EC4A850-6A01-47FE-BFB9-BCFC889CB9C1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe:p rinter Status Window
    "{7036B6EE-4D48-4463-96F8-34F87914FA8E}"= UDP:c:\program files\Internet Explorer\iexplore.exe:iexplore
    "{50E5DE7B-A8DD-4A8D-98C9-1552F6A990D7}"= TCP:c:\program files\Internet Explorer\iexplore.exe:iexplore
    "{2DFC8131-C28F-47ED-A007-306F63C35C60}"= UDP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
    "{0F1CD687-EEFF-4044-BECD-4F6D92C2EAF1}"= TCP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
    "{1E7B515D-697F-456B-AFCD-29D087C02D68}"= UDP:c:\windows\System32\rundll32.exe:rundll32
    "{9F2F7BD7-7105-4C01-98B2-719C70FE8F04}"= TCP:c:\windows\System32\rundll32.exe:rundll32
    "{775CAC2B-6703-4BC5-95FE-6F16E8EF29F1}"= UDP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
    "{0B6EA1EC-1459-46CC-A407-1EF4A45B9414}"= TCP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
    "{942490DD-63E5-4729-AC2E-14EE25C6B413}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
    "{877ED7C0-F1B8-490A-B0DA-D1D68C1BD9D8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
    "{CE9373E8-6AD5-4455-92F3-20113389DBBB}"= UDP:c:\windows\System32\wininit.exe:wininit
    "{54BE0E2F-8E6C-4ECE-9A02-1F8CD55C8CF5}"= TCP:c:\windows\System32\wininit.exe:wininit
    "{9F215583-7F07-4B26-B196-E5A6D39F57F9}"= UDP:c:\windows\ehome\ehtray.exe:ehtray
    "{BCF5C20B-E6F2-425F-B2B5-B873E429A127}"= TCP:c:\windows\ehome\ehtray.exe:ehtray
    "{2BA1F312-37F1-40FE-9C48-E6EACA30BBF7}"= UDP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
    "{EBED74A1-1D04-488A-9B73-4C6B8B4BCA46}"= TCP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
    "{3E277C36-DE00-4FB1-B2BF-2222822948BD}"= UDP:c:\windows\explorer.exe:Explorer
    "{7852D5E1-2DE0-40D5-ABFC-C38F140C67FD}"= TCP:c:\windows\explorer.exe:Explorer
    "{D0DF695D-F71E-46CF-B9C7-5C6F3114710D}"= UDP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR
    "{B95B7272-17B4-4762-B01D-9933AE32A4A0}"= TCP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-12-20 41184]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-12-20 35024]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-12-20 60064]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\Pack Securite\Anti-Virus\minifilter\fsvista.sys [2008-12-20 13168]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2008-12-20 59760]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [2008-12-20 40048]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [2008-12-20 25456]
    S4 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\srvCDEject.exe [2008-09-08 600064]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - sptd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e20112d-939b-11dd-a12e-001731745480}]
    \shell\AutoRun\command - J:\InstallTomTomHOME.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-26 c:\windows\Tasks\Extension de garantie.job
    - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

    2008-10-01 c:\windows\Tasks\HDReg.job
    - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

    2009-01-16 c:\windows\Tasks\Norton Internet Security - Analyse système complète - util.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

    2009-01-26 c:\windows\Tasks\Recovery DVD Creator.job
    - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

    2009-01-26 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-04-26 12:42]

    2009-01-26 c:\windows\Tasks\User_Feed_Synchronization-{4E06830C-DA2B-42FC-BD3F-5E0F210D75AD}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - c:\windows\system32\duduhahi.dll
    HKLM-Run-LXBTCATS - \3\LXBTtime.dll
    HKLM-Run-vebohilori - c:\windows\system32\jejuvusu.dll
    SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
    SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pidikayi.dll
    MSConfigStartUp-7050902c - c:\windows\system32\siyojode.dll
    MSConfigStartUp-CPM7363a3b0 - c:\windows\system32\pidikayi.dll
    MSConfigStartUp-Jnskdfmf9eldfd - c:\users\util\AppData\Local\Temp\csrssc.exe
    MSConfigStartUp-vebohilori - c:\windows\system32\jejuvusu.dll
    MSConfigStartUp-wpiqjz - c:\users\util\appdata\local\wpiqjz.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.fr/
    LSP: c:\program files\Pack Securite\FSPS\program\fslsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\users\util\AppData\Roaming\Mozilla\Firefox\Profiles\ty2p2323.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-26 21:27:49
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXBTCATS = rundll32 \3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(3628)
    c:\program files\Pack Securite\Spam Control\fsscoepl.dll
    c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
    c:\program files\PC Connectivity Solution\ConnAPI.DLL
    c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
    c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\windows\System32\conime.exe
    c:\program files\a-squared Free\a2service.exe
    c:\program files\Pack Securite\Anti-Virus\fsgk32st.exe
    c:\program files\Pack Securite\Common\FSMA32.EXE
    c:\program files\Pack Securite\Anti-Virus\fsgk32.exe
    c:\windows\System32\lxbtcoms.exe
    c:\program files\Pack Securite\Common\FSMB32.EXE
    c:\program files\Pack Securite\Common\FCH32.EXE
    c:\windows\System32\rundll32.exe
    c:\program files\Pack Securite\Common\FAMEH32.EXE
    c:\program files\Pack Securite\Anti-Virus\fsqh.exe
    c:\windows\System32\rundll32.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\Pack Securite\Anti-Virus\fssm32.exe
    c:\program files\Pack Securite\FSAUA\program\fsaua.exe
    c:\program files\Pack Securite\FWES\program\fsdfwd.exe
    c:\program files\Pack Securite\FSAUA\program\fsus.exe
    c:\program files\Pack Securite\FSGUI\fsguidll.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Pack Securite\Anti-Virus\fsav32.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-26 21:32:46 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-26 20:32:32

    Avant-CF: 392,516,911,104 octets libres
    Après-CF: 392,249,987,072 octets libres

    323 --- E O F --- 2009-01-24 13:07:53
    m
    0
    l
    27 Janvier 2009 21:31:49

    re

    1

    Copie (Ctrl+C) le texte ci-dessous :
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



    2

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
    ~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

    [#FF0000]Aide
    :
  • Comment utiliser MBAM.
  • Comment faire démarrer son ordinateur en mode sans échec.
    m
    0
    l
    28 Janvier 2009 00:33:56

    re,
    Me revoilà au rapport!! Alors encore et encore des suppressions, mais il fait quoi mon antivirus!!??J'ai un petit souci qui est apparu:
    j'ai plus de fond d'écran (a moins qu'on imagine un trou noir lol) et je n'est plus l'aperçu en miniature des images dans l'explorateur pareil pour choisir le fond d'écran du bureau je ne vois pas l'aperçu de mes images ou même des fond d'écran windows.Oula je sait pas si tu ma suivi mais bon si ta une piste :D 
    Question bête je suis injecté par quoi??!!J'ai attrapé ça en installant un crack(hoo po bien) ça m'apprendra!!!eh pan lol

    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1699
    Windows 6.0.6001 Service Pack 1

    27/01/2009 23:50:00
    mbam-log-2009-01-27 (23-50-00).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 143825
    Temps écoulé: 29 minute(s), 53 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 3

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Qoobox\Quarantine\C\Windows\System32\TDSScrrx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\System32\TDSStmei.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\Qoobox\Quarantine\C\Windows\System32\TDSSwqsc.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

    _____________________________________________________________________________________________________


    ComboFix 09-01-21.04 - util 2009-01-27 22:20:23.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1258 [GMT 1:00]
    Lancé depuis: c:\users\util\Desktop\Comboalpha26.exe
    Commutateurs utilisés :: c:\users\util\Desktop\CFScript.txt
    AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
    FW: Pack Securite Plus 7.00 *disabled*
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-27 13:57 . 2009-01-27 13:57 <REP> d-------- c:\users\util\AppData\Roaming\XnView
    2009-01-27 13:46 . 2009-01-27 14:00 <REP> d-------- c:\program files\XnView
    2009-01-25 17:48 . 2009-01-26 18:58 <REP> d-------- c:\program files\a-squared Free
    2009-01-25 13:28 . 2009-01-25 13:29 223,893,955 --a------ c:\windows\MEMORY.DMP
    2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\users\All Users\NVIDIA
    2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\programdata\NVIDIA
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-01-24 14:07 . 2007-11-17 23:22 3,636 --a------ c:\windows\System32\drivers\nvphy.bin
    2009-01-24 14:00 . 2009-01-24 14:00 <REP> d-------- c:\program files\Microsoft Silverlight
    2009-01-24 13:59 . 2009-01-24 14:03 <REP> d-------- c:\windows\BDOSCAN8
    2009-01-22 12:01 . 2009-01-22 12:01 <REP> d-------- c:\program files\CCleaner
    2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG2
    2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG1
    2009-01-22 01:25 . 2009-01-22 01:25 0 --a------ C:\ntuser.dat
    2009-01-21 23:12 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
    2009-01-21 23:12 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
    2009-01-21 23:12 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
    2009-01-21 23:12 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
    2009-01-21 23:12 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
    2009-01-21 23:12 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
    2009-01-21 23:12 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
    2009-01-21 23:10 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
    2009-01-21 23:10 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
    2009-01-21 23:10 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
    2009-01-21 23:10 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll
    2009-01-20 21:42 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
    2009-01-20 21:42 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
    2009-01-15 08:48 . 2009-01-27 13:08 <REP> d-------- c:\program files\Pixie
    2009-01-15 08:48 . 2008-01-30 17:36 90,112 --a------ c:\windows\unvise32.exe
    2009-01-15 08:47 . 2009-01-27 13:08 <REP> d-a------ c:\program files\Furnish Pro
    2009-01-14 19:22 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
    2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\users\All Users\Installations
    2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\programdata\Installations

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-27 12:08 --------- d-----w c:\programdata\Spybot - Search & Destroy
    2009-01-27 12:08 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-01-23 22:59 --------- d-----w c:\program files\Soldier of Fortune II - Double Helix
    2009-01-23 18:38 --------- d-----w c:\program files\Lx_cats
    2009-01-23 10:48 --------- d-----w c:\users\util\AppData\Roaming\OFFICEOne7
    2009-01-21 22:37 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-21 22:19 --------- d-----w c:\program files\eMule
    2009-01-18 09:53 --------- d-----w c:\program files\Google
    2009-01-15 02:04 --------- d-----w c:\program files\Windows Mail
    2009-01-11 10:20 --------- d-----w c:\users\util\AppData\Roaming\vlc
    2009-01-10 08:02 --------- d-----w c:\users\util\AppData\Roaming\Vso
    2009-01-09 17:05 --------- d-----w c:\program files\Nokia
    2009-01-09 16:57 --------- d-----w c:\program files\Common Files\Nokia
    2009-01-08 20:25 --------- d-----w c:\users\util\AppData\Roaming\dvdcss
    2008-12-21 08:08 --------- d-----w c:\programdata\Micro Application
    2008-12-21 08:08 --------- d-----w c:\program files\Micro Application
    2008-12-20 16:37 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
    2008-12-20 10:06 410,984 ----a-w c:\windows\System32\deploytk.dll
    2008-12-20 10:06 --------- d-----w c:\program files\Java
    2008-12-20 09:36 --------- d-----w c:\program files\Pack Securite
    2008-12-20 09:17 60,064 ----a-w c:\windows\system32\drivers\fsdfw.sys
    2008-12-20 07:55 --------- d-----w c:\programdata\F-Secure
    2008-12-20 07:53 --------- d-----w c:\programdata\fssg
    2008-12-20 07:14 --------- d-----w c:\users\util\AppData\Roaming\F-Secure
    2008-12-16 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-12-16 09:54 --------- d-----w c:\programdata\Symantec
    2008-11-27 20:24 --------- d-----w c:\programdata\vsosdk
    2008-11-27 19:34 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
    2008-11-27 19:34 47,360 ----a-w c:\users\util\AppData\Roaming\pcouffin.sys
    2008-11-27 19:34 --------- d-----w c:\program files\VSO
    2008-11-26 14:04 86,016 ----a-w c:\windows\System32\XmotsSHExt.dll
    2008-11-23 12:24 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
    2008-11-17 13:52 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
    2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
    2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
    2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
    2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
    2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
    2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
    2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
    2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
    2008-09-24 07:09 174 --sha-w c:\program files\desktop.ini
    2008-09-08 15:53 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-26_21.30.25.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-01-27 20:16:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-01-27 20:16:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2009-01-26 20:27:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-01-27 20:18:43 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2009-01-27 20:18:43 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2009-01-26 20:27:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-01-27 20:18:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2009-01-27 20:18:38 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2009-01-26 18:20:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-01-27 08:02:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-01-26 18:20:08 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-27 08:02:23 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-01-26 18:20:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-01-27 08:02:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-01-26 20:14:17 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    + 2009-01-27 12:08:41 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
    - 2009-01-26 20:21:49 10,432 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3729243398-3042036631-2498703042-1002_UserData.bin
    + 2009-01-27 20:18:28 10,782 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3729243398-3042036631-2498703042-1002_UserData.bin
    - 2009-01-26 20:21:49 75,860 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-01-27 20:18:28 76,334 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-01-26 20:21:46 57,702 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-01-27 20:18:28 58,354 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-01-24 12:37:45 150,381,073 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2009-01-27 12:31:58 150,920,980 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
    "lxbtmon.exe"="c:\program files\Lexmark 5200 Series\lxbtmon.exe" [2007-05-03 230320]
    "EzPrint"="c:\program files\Lexmark 5200 Series\ezprint.exe" [2007-05-03 103344]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
    "F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
    backup=c:\windows\pss\OFFICE One Startup v7.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    --a------ 2007-01-18 13:03 79416 c:\program files\Packard Bell\FIJI\ABoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2008-09-08 16:53 243200 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
    --a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a------ 2006-06-15 11:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    --a------ 2006-06-27 15:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-02-21 02:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    --a------ 2007-01-11 10:40 232184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
    --a------ 2007-05-03 14:44 1116728 c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2009-01-18 10:54 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    --a------ 2008-09-26 14:50 206184 c:\program files\TomTom HOME 2\HOMERunner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    --a------ 2007-02-20 17:20 28672 c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3729243398-3042036631-2498703042-1002]
    "EnableNotifications"=dword:00000001
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{680A32AE-C416-4BDB-B095-C113F211C852}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{23D12DBC-625C-4DAA-AAAC-98FF72C7C5EE}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
    "{5186EFA6-5EE1-4FCF-8539-8BCC120A2CF7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{D9A2403E-984E-40D8-B995-D4B693143A9F}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
    "{A3CD637A-3E14-4506-A957-BFB12226EC77}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
    "{DC7E2D74-E3E3-4395-8BB4-B42ED6D47B47}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{9593063C-D537-471C-AD40-6093F583F5E3}"= UDP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
    "{2047EB65-76C7-4889-95B9-D14901F17B5C}"= TCP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
    "{3ECD2FBB-0259-4992-B896-79B4029EC43E}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe:p rinter Status Window
    "{3EC4A850-6A01-47FE-BFB9-BCFC889CB9C1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe:p rinter Status Window
    "{7036B6EE-4D48-4463-96F8-34F87914FA8E}"= UDP:c:\program files\Internet Explorer\iexplore.exe:iexplore
    "{50E5DE7B-A8DD-4A8D-98C9-1552F6A990D7}"= TCP:c:\program files\Internet Explorer\iexplore.exe:iexplore
    "{2DFC8131-C28F-47ED-A007-306F63C35C60}"= UDP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
    "{0F1CD687-EEFF-4044-BECD-4F6D92C2EAF1}"= TCP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
    "{1E7B515D-697F-456B-AFCD-29D087C02D68}"= UDP:c:\windows\System32\rundll32.exe:rundll32
    "{9F2F7BD7-7105-4C01-98B2-719C70FE8F04}"= TCP:c:\windows\System32\rundll32.exe:rundll32
    "{775CAC2B-6703-4BC5-95FE-6F16E8EF29F1}"= UDP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
    "{0B6EA1EC-1459-46CC-A407-1EF4A45B9414}"= TCP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
    "{942490DD-63E5-4729-AC2E-14EE25C6B413}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
    "{877ED7C0-F1B8-490A-B0DA-D1D68C1BD9D8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
    "{CE9373E8-6AD5-4455-92F3-20113389DBBB}"= UDP:c:\windows\System32\wininit.exe:wininit
    "{54BE0E2F-8E6C-4ECE-9A02-1F8CD55C8CF5}"= TCP:c:\windows\System32\wininit.exe:wininit
    "{9F215583-7F07-4B26-B196-E5A6D39F57F9}"= UDP:c:\windows\ehome\ehtray.exe:ehtray
    "{BCF5C20B-E6F2-425F-B2B5-B873E429A127}"= TCP:c:\windows\ehome\ehtray.exe:ehtray
    "{2BA1F312-37F1-40FE-9C48-E6EACA30BBF7}"= UDP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
    "{EBED74A1-1D04-488A-9B73-4C6B8B4BCA46}"= TCP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
    "{3E277C36-DE00-4FB1-B2BF-2222822948BD}"= UDP:c:\windows\explorer.exe:Explorer
    "{7852D5E1-2DE0-40D5-ABFC-C38F140C67FD}"= TCP:c:\windows\explorer.exe:Explorer
    "{D0DF695D-F71E-46CF-B9C7-5C6F3114710D}"= UDP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR
    "{B95B7272-17B4-4762-B01D-9933AE32A4A0}"= TCP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-12-20 41184]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-12-20 35024]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-12-20 60064]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\Pack Securite\Anti-Virus\minifilter\fsvista.sys [2008-12-20 13168]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2008-12-20 59760]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [2008-12-20 40048]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [2008-12-20 25456]
    S4 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\srvCDEject.exe [2008-09-08 600064]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - sptd

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e20112d-939b-11dd-a12e-001731745480}]
    \shell\AutoRun\command - J:\InstallTomTomHOME.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-27 c:\windows\Tasks\Extension de garantie.job
    - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

    2008-10-01 c:\windows\Tasks\HDReg.job
    - c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

    2009-01-16 c:\windows\Tasks\Norton Internet Security - Analyse système complète - util.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

    2009-01-27 c:\windows\Tasks\Recovery DVD Creator.job
    - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

    2009-01-27 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-04-26 12:42]

    2009-01-27 c:\windows\Tasks\User_Feed_Synchronization-{4E06830C-DA2B-42FC-BD3F-5E0F210D75AD}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.msn.fr/
    LSP: c:\program files\Pack Securite\FSPS\program\fslsp.dll
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\users\util\AppData\Roaming\Mozilla\Firefox\Profiles\ty2p2323.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - www.google.fr
    FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: yahoo.homepage.dontask - true.

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-27 22:23:03
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'Explorer.exe'(4300)
    c:\program files\Pack Securite\Spam Control\fsscoepl.dll
    .
    Heure de fin: 2009-01-27 22:26:01
    ComboFix-quarantined-files.txt 2009-01-27 21:25:55
    ComboFix2.txt 2009-01-26 20:32:47

    Avant-CF: 387 810 422 784 octets libres
    Après-CF: 387,815,870,464 octets libres

    292 --- E O F --- 2009-01-27 20:25:08

    m
    0
    l
    28 Janvier 2009 00:54:22

    Te creuse pas la tête pour mon souci de fond d'écran et de miniature sa vient de se remettre en ordre pourtant j'ai rien fait mystère!!!!!!!!!peut être les scans ont remis ça en place.merci encore de m'aider
    m
    0
    l
    28 Janvier 2009 17:39:58

    bonjour
    on continue...
    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    m
    0
    l
    29 Janvier 2009 10:35:33

    bonjour,
    alors voilà les rapports:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, January 28, 2009
    Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Wednesday, January 28, 2009 17:04:02
    Records in database: 1721069
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    K:\

    Scan statistics:
    Files scanned: 104583
    Threat name: 2
    Infected objects: 2
    Suspicious objects: 0
    Duration of the scan: 02:08:00


    File name / Threat name / Threats count
    C:\Qoobox\Quarantine\C\Windows\System32\drivers\__.zip Infected: Backdoor.Win32.TDSS.bkw 1
    C:\Windows\System32\sapoviri.0ll Infected: Backdoor.Win32.Agent.adbl 1

    The selected area was scanned.

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Wednesday, January 28, 2009
    Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Wednesday, January 28, 2009 19:46:32
    Records in database: 1721477
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - Folder:
    C:\Windows\System32

    Scan statistics:
    Files scanned: 18090
    Threat name: 2
    Infected objects: 2
    Suspicious objects: 0
    Duration of the scan: 00:18:03


    File name / Threat name / Threats count
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK2YHIJG\pldr8[2].htm Infected: Trojan-Downloader.Win32.Agent.bflj 1
    C:\Windows\System32\sapoviri.0ll Infected: Backdoor.Win32.Agent.adbl 1

    The selected area was scanned.
    _____________________________________________________________________________________________________
    Logfile of HijackThis v1.99.1
    Scan saved at 10:26:04, on 29/01/2009
    Platform: Unknown Windows (WinNT 6.00.1905 SP1)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
    C:\Program Files\Lexmark 5200 Series\ezprint.exe
    C:\Program Files\Pack Securite\Common\FSM32.EXE
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Users\util\Desktop\Nouveau dossier\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

    voili voilou merci encore
    m
    0
    l
    29 Janvier 2009 14:11:21

    re
    supprime:
    C:\Qoobox
    C:\Windows\System32\sapoviri.0ll

    ~Télécharge CCleaner:

    http://www.filehippo.com/download_ccleaner/

    ~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
    Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
    Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
    Tuto de CCleaner: (merci à Malekal) .
    http://www.malekal.com/tutorial_CCleaner.html


    d'autres soucis?
    m
    0
    l
    29 Janvier 2009 14:34:30

    re,
    voilà j'ai supprimé le dossier:c:\qoobox et l'autre m*rde dans system32 non j'ai pas d'autre souci et je te remercie encore de m'avoir aidé.
    m
    0
    l
    29 Janvier 2009 14:38:18

    re
    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 
    m
    0
    l
    29 Janvier 2009 15:27:22

    re,désolé de t'embeté encore un peu lol
    J'ai pas compris ce qu'il faut que je supprime. J'ai ccleaner, hijackthis, spybot, mbam,a-squared, combofix, dds et catchme.
    merci encore
    m
    0
    l
    29 Janvier 2009 22:42:57

    re
    supprime/désinstalle:
    hijackthis, spybot, a-squared, combofix, dds et catchme.
    garde:
    CCleaner, MBAM

    :hello: 
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS