Votre question

[RESOLU] A l'aide s'il vous plait...

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Octobre 2008 22:23:17

Bonsoir out le monde,

je viens solliciter votre aide car je ne sais plus quoi faire...
J'ai parcouru tous les sujets parlant de pb de fond d'écran mais rien n'y fait,il est toujours là!!

En effet j'ai un fond d'écran assez bizarre:


Et je n'ai plus accès à la modification du fond d'écran (les boutons sont grisés) et il est bloqué sur un lien nommé ^tmp avec un icone d'IE.

J'ai essayé tous les outils d'usage (adaware, smitfraudfix, spybot, ccleaner, malwarebyte...en mode sans échec aussi!) mais rien n'y fais il ne veut pas partir!!

Mon anti-virus est NOD32 et l'analyse ne montre rien non-plus...

Pendant le démarrage, j'aperçois quelques seconde l'ancien fond d'écran.

Mon système d'exploitation est win XP mediaCenter et j'ai toutes les mises à jour sauf le SP3 'trop peur que ça beug).

Si une âme charitable pouvait m'aider à me débarrasser de cette mer** ce serait pas mal...

Merci à tous par avance.

Autres pages sur : resolu aide plait

23 Octobre 2008 22:48:24

Bonsoir
c'est joli comme fond d'écran :) 

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
23 Octobre 2008 23:35:40

Merci pour ta réponse rapide! :) 

Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:00, on 23/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Ef8zLat2yr] C:\Documents and Settings\All Users\Application Data\ybyjqnyv\gfwpidoz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 6881 bytes
Contenus similaires
23 Octobre 2008 23:49:47

re

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer


ajoute un nouveau rapport Hijackthis.

24 Octobre 2008 00:05:49

Voici le rapport combofix:

ComboFix 08-10-23.03 - armin 2008-10-23 23:54:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.521 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\armin\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\drivers\nod32drv.sys

----- BITS: Il y a peut-être des sites infectés -----

hxxp://hqsextube08.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NOD32DRV
-------\Legacy_NPF
-------\Legacy_TDSSSERV
-------\Service_nod32drv
-------\Service_TDSSserv


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.

2008-10-23 23:34 . 2008-10-23 23:34 <REP> d-------- C:\Program Files\Trend Micro
2008-10-23 20:50 . 2008-10-23 20:50 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-23 20:42 . 2008-10-23 20:42 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-23 20:41 . 2008-10-23 20:50 <REP> d-------- C:\Program Files\Lavasoft
2008-10-23 20:41 . 2008-10-23 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-23 18:49 . 2008-10-23 18:49 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-10-23 01:07 . 2008-10-23 01:23 <REP> d-------- C:\Program Files\Navilog1
2008-10-23 00:20 . 2008-10-23 19:11 1,210 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-22 18:59 . 2008-10-22 19:02 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-22 18:59 . 2008-10-22 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-22 18:47 . 2008-10-22 18:48 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-10-22 18:47 . 2008-10-03 19:12 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-22 18:47 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-22 18:47 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-22 18:47 . 2008-08-26 10:11 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-22 18:47 . 2008-08-26 10:11 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-22 18:47 . 2008-08-26 10:11 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-22 18:47 . 2008-08-26 10:11 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-22 18:47 . 2008-08-26 10:11 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-22 18:47 . 2008-08-25 10:38 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-22 01:09 . 2008-10-22 01:09 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-10-22 01:09 . 2008-10-22 01:09 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-10-22 01:08 . 2008-10-22 22:35 <REP> d-------- C:\Program Files\ESET
2008-10-22 00:27 . 2008-10-22 00:27 <REP> d-------- C:\Program Files\CCleaner
2008-10-21 22:46 . 2008-10-23 22:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 22:46 . 2008-10-21 22:46 <REP> d-------- C:\Documents and Settings\armin\Application Data\Malwarebytes
2008-10-21 22:46 . 2008-10-21 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-21 22:46 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 22:46 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-19 21:50 . 2008-10-21 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-19 21:49 . 2008-10-19 21:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-19 21:09 . 2008-10-19 21:10 144 --ahs---- C:\WINDOWS\system32\2684659626.dat
2008-09-24 23:27 . 2008-09-24 23:27 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 22:46 --------- d-----w C:\Program Files\Google
2008-10-21 20:40 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-20 21:56 --------- d-----w C:\Program Files\eMule
2008-10-19 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-29 11:32 --------- d-----w C:\Program Files\BitComet
2008-09-12 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ybyjqnyv
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.

------- Sigcheck -------

2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-10-22 949376]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20172:TCP"= 20172:TCP:BitComet 20172 TCP
"20172:UDP"= 20172:UDP:BitComet 20172 UDP

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2008-10-17 C:\WINDOWS\Tasks\At100.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At101.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At102.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At103.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At104.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At105.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At106.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-13 C:\WINDOWS\Tasks\At107.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At108.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At109.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At110.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At111.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At112.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At113.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At114.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At115.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At116.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At117.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At118.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At119.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At120.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At121.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At122.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At123.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At124.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At125.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At126.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At127.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At128.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At129.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At130.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-13 C:\WINDOWS\Tasks\At131.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At132.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At133.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At134.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At135.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At136.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At137.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At138.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At139.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At140.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At141.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At142.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At143.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At144.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At145.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-22 C:\WINDOWS\Tasks\At146.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-17 C:\WINDOWS\Tasks\At147.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-17 C:\WINDOWS\Tasks\At148.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-17 C:\WINDOWS\Tasks\At149.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-16 C:\WINDOWS\Tasks\At150.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-16 C:\WINDOWS\Tasks\At151.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-16 C:\WINDOWS\Tasks\At152.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-16 C:\WINDOWS\Tasks\At153.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-20 C:\WINDOWS\Tasks\At154.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-13 C:\WINDOWS\Tasks\At155.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-15 C:\WINDOWS\Tasks\At156.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-10 C:\WINDOWS\Tasks\At157.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-10 C:\WINDOWS\Tasks\At158.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-10 C:\WINDOWS\Tasks\At159.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-10 C:\WINDOWS\Tasks\At160.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-10 C:\WINDOWS\Tasks\At161.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-10 C:\WINDOWS\Tasks\At162.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-20 C:\WINDOWS\Tasks\At163.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-22 C:\WINDOWS\Tasks\At164.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-22 C:\WINDOWS\Tasks\At165.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-23 C:\WINDOWS\Tasks\At166.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-23 C:\WINDOWS\Tasks\At167.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-23 C:\WINDOWS\Tasks\At168.job
- C:\WINDOWS\system32\WR603hbH.exe []

2008-10-22 C:\WINDOWS\Tasks\At169.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At170.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At171.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At172.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At173.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At174.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At175.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At176.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At177.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At178.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-13 C:\WINDOWS\Tasks\At179.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At180.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At181.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At182.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At183.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At184.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At185.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-10 C:\WINDOWS\Tasks\At186.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At187.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At188.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At189.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At190.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At191.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At192.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-21 C:\WINDOWS\Tasks\At193.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At194.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At195.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At196.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-17 C:\WINDOWS\Tasks\At197.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At198.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At199.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At200.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-16 C:\WINDOWS\Tasks\At201.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At202.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At203.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At204.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At205.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At206.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At207.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At208.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At209.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-15 C:\WINDOWS\Tasks\At210.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At211.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At212.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At213.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At214.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At215.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At216.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-21 C:\WINDOWS\Tasks\At217.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At218.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At219.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At220.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At221.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At222.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At223.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At224.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At225.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At226.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At227.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At228.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At229.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At230.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At231.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At232.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At233.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At234.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-20 C:\WINDOWS\Tasks\At235.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At236.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-22 C:\WINDOWS\Tasks\At237.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At238.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At239.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-23 C:\WINDOWS\Tasks\At240.job
- C:\WINDOWS\system32\l8CHxiDD.exe []

2008-10-19 C:\WINDOWS\Tasks\WebReg Photosmart C4200 series.job
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 22:27]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Explorer_Run-Ef8zLat2yr - C:\Documents and Settings\All Users\Application Data\ybyjqnyv\gfwpidoz.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\armin\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 23:57:56
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
NoActiveDesktopChanges = 3F 00 00 00
NoActiveDesktop = 63
NoSaveSettings = 63
ClassicShell = 63

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-10-24 0:02:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-23 22:02:33

Avant-CF: 35 828 056 064 octets libres
Après-CF: 35,793,805,312 octets libres

476 --- E O F --- 2008-10-23 18:42:54




et le nouveau rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:26, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 6659 bytes


Merci de ton aide.
24 Octobre 2008 00:23:56

re

Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
:files
C:\WINDOWS\tasks\At???.job
C:\Documents and Settings\All Users\Application Data\ybyjqnyv
C:\WINDOWS\system32\l8CHxiDD.exe
C:\WINDOWS\system32\WR603hbH.exe
C:\WINDOWS\system32\2684659626.dat
:commands
[purity]
[emptytemp]
[start explorer]
[reboot]


Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

+++++++++++++++++
24 Octobre 2008 00:35:38

Voici le rapport:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys\\ not found.
========== FILES ==========
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\Documents and Settings\All Users\Application Data\ybyjqnyv moved successfully.
File/Folder C:\WINDOWS\system32\l8CHxiDD.exe not found.
File/Folder C:\WINDOWS\system32\WR603hbH.exe not found.
C:\WINDOWS\system32\2684659626.dat moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10242008_002830

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\armin\Local Settings\Application Data\Mozilla\Firefox\Profiles\46h1abij.default\Cache\_CACHE_MAP_ moved successfully.


Encore merci pour ton aide.

J'ai pu modifier mon fond d'écran et le fichier ^tmp a disparu!!

Trop bien!
25 Octobre 2008 00:43:55

bonsoir

Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.




    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS