Se connecter / S'enregistrer
Votre question

erreur de chargement de C:\windows\systeme32\wjuhaxur.dll

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Octobre 2008 19:09:07

bonsoir a tous,

(tout d'abord je voudrai signaler que je suis novice dans ce domaine)

a chaque foie que j' allume mon pc il m'affiche le message suivant:

Erreur de chargement de C:\windows\systeme32\wjuhaxur.dll le module spécifie est introuvable.

il faut savoir que j'étais infesté de virus vundo que j'ai supprimé avec mcaffe.

Cependant mon pc tourne assez bien je voudrai savoir comment supprimer ce message merci a tous

Autres pages sur : erreur chargement windows systeme32 wjuhaxur dll

2 Octobre 2008 19:22:24

Bonsoir
c'est que ton antivirus n'as pas eu la totalité de l'infection. :) 

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
2 Octobre 2008 20:49:30

il y a un problème, il m'est impossible de télécharger quoi que se soi,
mon navigateur échoue sur tous les sites que j'ai trouvé permettant le téléchargement de Hijackthis.
Contenus similaires
2 Octobre 2008 21:17:21

j'ai finalement réussi a télécharger Hijackthis
voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:59, on 02/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {07D03F2C-A17F-480A-AF77-11EEF13E87F8} - C:\WINDOWS\system32\vturo.dll (file missing)
O2 - BHO: (no name) - {0A81D54C-8E60-4EA3-8995-7DD4223A33AD} - (no file)
O2 - BHO: (no name) - {11AF8210-F039-4EF9-B36F-F4209FD10DA1} - (no file)
O2 - BHO: (no name) - {15060ff4-bd48-4542-84df-5c180bfa91ad} - (no file)
O2 - BHO: (no name) - {159E25D9-0053-48B8-A0D4-4394E4C7B8BC} - (no file)
O2 - BHO: (no name) - {1EB9D862-DB7D-4FC3-BC33-FCB8F3B6CAC1} - (no file)
O2 - BHO: (no name) - {1FBC90D7-9182-47E5-86D0-BBBC96B27481} - (no file)
O2 - BHO: (no name) - {2e652987-4eb8-402c-a549-59e0b291b9d6} - (no file)
O2 - BHO: (no name) - {4B868623-35EF-4199-852E-F66C45930AEA} - (no file)
O2 - BHO: (no name) - {621B3EF5-B5DE-4435-9AE8-93B6E9EA887F} - (no file)
O2 - BHO: (no name) - {62b543ee-ffe6-42b2-941c-57e9260d5764} - (no file)
O2 - BHO: (no name) - {695021b8-8f55-40c9-87eb-16e63ca3502c} - (no file)
O2 - BHO: (no name) - {6E25BCC0-FE84-4E09-AF4F-7FD554BAF997} - (no file)
O2 - BHO: (no name) - {6EB6FB08-7E51-4A57-A4FF-A3FF3F74D4A8} - C:\WINDOWS\system32\yayabyAq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7b3e6123-7fb2-4657-b7aa-f58522943fb7} - (no file)
O2 - BHO: (no name) - {7e6067d1-48e1-4c63-a714-cdc7bdb16f40} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A91A8AEE-7A07-4110-BA18-DE3636281801} - (no file)
O2 - BHO: (no name) - {B2E6FECA-8CB8-4723-A7B6-E257051A607B} - (no file)
O2 - BHO: (no name) - {B678BB25-F6A1-4535-A438-DFBD3AD7585A} - (no file)
O2 - BHO: (no name) - {BAEB5B4A-7DEF-41CA-BB3E-479BEF491ECA} - (no file)
O2 - BHO: (no name) - {C0DE7815-9EAD-4DEC-9251-F48D512934F9} - (no file)
O2 - BHO: (no name) - {CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
O2 - BHO: (no name) - {D00D44AB-DE61-40A9-8AF3-0F122CFC8C60} - (no file)
O2 - BHO: (no name) - {D41A7DC5-A4A4-42B7-AD7F-1347E9F00D48} - (no file)
O2 - BHO: (no name) - {D89034CD-B0FB-4A22-B124-81154C4A21AE} - (no file)
O2 - BHO: (no name) - {DC0B4925-D684-4D88-B595-99D87C223ED9} - (no file)
O2 - BHO: (no name) - {DD1A060D-D56F-4EBE-A468-96F7755B2181} - (no file)
O2 - BHO: (no name) - {DE49EF6B-AA35-4A72-8163-15E435527635} - (no file)
O2 - BHO: (no name) - {e6316553-6662-4d0a-9c56-2f4d724a832e} - (no file)
O2 - BHO: (no name) - {F5720D68-205B-418C-9AFF-0118D56FF814} - (no file)
O2 - BHO: (no name) - {FC661BD2-D338-4DC9-8E4E-228C17BC1909} - (no file)
O2 - BHO: (no name) - {FDBC92BD-80E2-4512-BF3D-2EE0FCC4D955} - (no file)
O2 - BHO: (no name) - {fee943a3-cef4-47dd-956f-5fa63afe5ce1} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMf337c27a] Rundll32.exe "C:\WINDOWS\system32\flpubvud.dll",s
O4 - HKLM\..\Run: [f004f1e6] rundll32.exe "C:\WINDOWS\system32\wjuhaxur.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
O4 - Global Startup: RFScheduler.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll
O20 - Winlogon Notify: ddcddaw - ddcddaw.dll (file missing)
O20 - Winlogon Notify: hgGyxVLE - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 13059 bytes
2 Octobre 2008 21:54:10

re

1

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    2
    ajoute un nouveau log hijackthis stp
    6 Octobre 2008 21:51:38

    re
    merci pour ta réponse

    je n'ai pas réussi à relancer mon pc en mode sans échec je ne sait pas pourquoi il trouvait une erreur et ne voulait pas se lancer.

    j' ai fait un scan avec MalwareByte's Anti-Malware en mode normal et voici le rapport:

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1234
    Windows 5.1.2600 Service Pack 2

    06/10/2008 21:21:40
    mbam-log-2008-10-06 (21-21-40).txt

    Type de recherche: Examen complet (C:\|O:\|)
    Eléments examinés: 157307
    Temps écoulé: 41 minute(s), 25 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 13
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 21

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\lkqnyp.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{fb00e2b8-f077-4e24-833f-140f6a66da28} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf337c27a (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f004f1e6 (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdkwa.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\awmfdepb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bpedfmwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ocjdgmyl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lymgdjco.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lkqnyp.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\TSM33RW6\kb678031[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\TSM33RW6\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\alex\Local Settings\Temporary Internet Files\Content.IE5\TSM33RW6\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QUARANTINE\nciiej.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QUARANTINE\tlgfxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bodlpwvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cjfrvonu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yuafle.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMf337c27a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMf337c27a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gbidpg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gbidpg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.

    et voila le nouveau log hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:49:28, on 06/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {07D03F2C-A17F-480A-AF77-11EEF13E87F8} - C:\WINDOWS\system32\vturo.dll (file missing)
    O2 - BHO: (no name) - {0A81D54C-8E60-4EA3-8995-7DD4223A33AD} - (no file)
    O2 - BHO: (no name) - {11AF8210-F039-4EF9-B36F-F4209FD10DA1} - (no file)
    O2 - BHO: (no name) - {15060ff4-bd48-4542-84df-5c180bfa91ad} - (no file)
    O2 - BHO: (no name) - {159E25D9-0053-48B8-A0D4-4394E4C7B8BC} - (no file)
    O2 - BHO: (no name) - {1EB9D862-DB7D-4FC3-BC33-FCB8F3B6CAC1} - (no file)
    O2 - BHO: (no name) - {1FBC90D7-9182-47E5-86D0-BBBC96B27481} - (no file)
    O2 - BHO: (no name) - {2e652987-4eb8-402c-a549-59e0b291b9d6} - (no file)
    O2 - BHO: (no name) - {4B868623-35EF-4199-852E-F66C45930AEA} - (no file)
    O2 - BHO: (no name) - {621B3EF5-B5DE-4435-9AE8-93B6E9EA887F} - (no file)
    O2 - BHO: (no name) - {62b543ee-ffe6-42b2-941c-57e9260d5764} - (no file)
    O2 - BHO: (no name) - {695021b8-8f55-40c9-87eb-16e63ca3502c} - (no file)
    O2 - BHO: (no name) - {6E25BCC0-FE84-4E09-AF4F-7FD554BAF997} - (no file)
    O2 - BHO: (no name) - {6EB6FB08-7E51-4A57-A4FF-A3FF3F74D4A8} - C:\WINDOWS\system32\yayabyAq.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7b3e6123-7fb2-4657-b7aa-f58522943fb7} - (no file)
    O2 - BHO: (no name) - {7e6067d1-48e1-4c63-a714-cdc7bdb16f40} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A91A8AEE-7A07-4110-BA18-DE3636281801} - (no file)
    O2 - BHO: (no name) - {B2E6FECA-8CB8-4723-A7B6-E257051A607B} - (no file)
    O2 - BHO: (no name) - {B678BB25-F6A1-4535-A438-DFBD3AD7585A} - (no file)
    O2 - BHO: (no name) - {BAEB5B4A-7DEF-41CA-BB3E-479BEF491ECA} - (no file)
    O2 - BHO: (no name) - {C0DE7815-9EAD-4DEC-9251-F48D512934F9} - (no file)
    O2 - BHO: (no name) - {CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
    O2 - BHO: (no name) - {D00D44AB-DE61-40A9-8AF3-0F122CFC8C60} - (no file)
    O2 - BHO: (no name) - {D41A7DC5-A4A4-42B7-AD7F-1347E9F00D48} - (no file)
    O2 - BHO: (no name) - {D89034CD-B0FB-4A22-B124-81154C4A21AE} - (no file)
    O2 - BHO: (no name) - {DC0B4925-D684-4D88-B595-99D87C223ED9} - (no file)
    O2 - BHO: (no name) - {DD1A060D-D56F-4EBE-A468-96F7755B2181} - (no file)
    O2 - BHO: (no name) - {DE49EF6B-AA35-4A72-8163-15E435527635} - (no file)
    O2 - BHO: (no name) - {e6316553-6662-4d0a-9c56-2f4d724a832e} - (no file)
    O2 - BHO: (no name) - {F5720D68-205B-418C-9AFF-0118D56FF814} - (no file)
    O2 - BHO: (no name) - {FC661BD2-D338-4DC9-8E4E-228C17BC1909} - (no file)
    O2 - BHO: (no name) - {FDBC92BD-80E2-4512-BF3D-2EE0FCC4D955} - (no file)
    O2 - BHO: (no name) - {fee943a3-cef4-47dd-956f-5fa63afe5ce1} - (no file)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
    O4 - Global Startup: RFScheduler.lnk = ?
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll
    O20 - Winlogon Notify: ddcddaw - ddcddaw.dll (file missing)
    O20 - Winlogon Notify: hgGyxVLE - C:\WINDOWS\
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 12600 bytes

    PS: mon pc ne me met plus le message d'erreur au demarage.
    7 Octobre 2008 20:49:51

    bonsoir

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.

    15 Octobre 2008 17:40:07

    bonjour et merci pour tes conseils

    j'ai fait se que tu m'as dit de faire voici le rapport de combofix:

    ComboFix 08-10-14.03 - alex 2008-10-15 17:09:50.1 - NTFSx86
    Lancé depuis: C:\Documents and Settings\alex\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .
    ADS - svchost.exe: deleted 68 bytes in 1 streams.

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\aobcavwd.ini
    C:\WINDOWS\system32\dnigkblf.ini
    C:\WINDOWS\system32\ewqfeage.ini
    C:\WINDOWS\system32\ikcsuvje.ini
    C:\WINDOWS\system32\iwwecdlr.ini
    C:\WINDOWS\system32\qAybayay.ini
    C:\WINDOWS\system32\qAybayay.ini2
    C:\WINDOWS\system32\qjbkehxd.ini
    C:\WINDOWS\system32\roodeaqj.ini
    C:\WINDOWS\system32\ruxahujw.ini
    C:\WINDOWS\system32\svreckyb.ini
    C:\WINDOWS\system32\vqocmttd.ini
    C:\WINDOWS\system32\yiupjbdc.ini
    O:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-14 18:15 . 2008-10-14 18:15 <REP> d-------- C:\Program Files\iTunes
    2008-10-14 18:15 . 2008-10-14 18:15 <REP> d-------- C:\Program Files\iPod
    2008-10-14 18:15 . 2008-10-14 18:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-10-14 18:13 . 2008-10-14 18:14 <REP> d-------- C:\Program Files\QuickTime
    2008-10-14 18:04 . 2008-10-14 18:04 <REP> d-------- C:\Program Files\Bonjour
    2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Documents and Settings\alex\Application Data\Malwarebytes
    2008-10-06 18:33 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-10-06 18:33 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-10-02 21:03 . 2008-10-02 21:03 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-01 18:46 . 2008-10-01 19:44 151 --a------ C:\WINDOWS\wininit.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-14 16:13 --------- d-----w C:\Program Files\Fichiers communs\Apple
    2008-10-14 16:06 --------- d-----w C:\Program Files\Safari
    2008-10-09 20:00 --------- d-----w C:\Documents and Settings\alex\Application Data\Azureus
    2008-10-06 16:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-10-06 16:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-01 11:01 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-09-10 14:54 --------- d-----w C:\Documents and Settings\alex\Application Data\Viewpoint
    2008-09-03 09:59 --------- d-----w C:\Program Files\Lavasoft
    2008-09-03 09:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-03 09:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-03 09:49 --------- d-----w C:\Documents and Settings\alex\Application Data\Lavasoft
    2008-09-03 09:25 --------- d-----w C:\Documents and Settings\chirtian\Application Data\Lavasoft
    2008-09-03 09:21 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-08-31 16:48 --------- d-----w C:\Program Files\Azureus
    2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
    2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
    2008-08-24 10:23 --------- d-----w C:\Program Files\HP
    2008-08-22 15:47 --------- d-----w C:\Documents and Settings\alex\Application Data\Hamachi
    2008-08-18 10:15 --------- d-----w C:\Program Files\Apple Software Update
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-11-03 09:33 1 ----a-w C:\Documents and Settings\alex\SI.bin
    2006-11-05 18:43 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-08-24 13:24 392 ------w C:\Program Files\Setup.ini
    2006-08-10 15:14 1,676,288 ------w C:\Program Files\ABBYY PDF Transformer 2.0.msi
    2006-08-10 05:26 99,840 ------w C:\Program Files\1031.mst
    2006-08-10 05:26 99,840 ------w C:\Program Files\1029.mst
    2006-08-10 05:26 97,792 ------w C:\Program Files\1040.mst
    2006-08-10 05:26 97,280 ------w C:\Program Files\1051.mst
    2006-08-10 05:26 96,256 ------w C:\Program Files\1045.mst
    2006-08-10 05:26 95,744 ------w C:\Program Files\1036.mst
    2006-08-10 05:26 94,720 ------w C:\Program Files\1034.mst
    2006-08-10 05:26 91,136 ------w C:\Program Files\1043.mst
    2006-08-10 05:26 3,584 ------w C:\Program Files\1033.mst
    2006-08-10 05:26 159,744 ------w C:\Program Files\1049.mst
    2006-08-10 05:26 102,400 ------w C:\Program Files\1038.mst
    2006-05-10 18:45 1,230 ----a-w C:\Program Files\liste.rfm
    2003-04-21 13:09 245,408 ------w C:\Program Files\unicows.dll
    2002-03-11 10:06 1,822,520 ------w C:\Program Files\instmsiw.exe
    1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    2007-09-12 09:19 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
    2007-09-12 09:22 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
    2005-07-11 18:58 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 81920]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-06-20 180269]
    "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-21 90182]
    "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-26 139347]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SoundMan.exe]
    "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 C:\WINDOWS\system32\bthprops.cpl]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-03 113664]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    Philips FunCam Monitor.lnk - C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe [2005-09-28 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=tlgfxf.dll lkqnyp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%ProgramFiles%\\AOL 9.0\\aol.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
    "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3478:UDP"= 3478:UDP:stun
    "3479:UDP"= 3479:UDP:stun 2
    "6112:UDP"= 6112:UDP:stun 3
    "5730:UDP"= 5730:UDP:game
    "5739:UDP"= 5739:UDP:game 1
    "9001:TCP"= 9001:TCP:game 2
    "11881:TCP"= 11881:TCP:game 3

    R2 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [1999-04-18 9152]
    R3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 229760]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [ ]
    S3 FT8591;FT8591 Filter;C:\WINDOWS\system32\DRIVERS\FT8591.sys [2005-12-22 30021]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2005-06-20 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job
    - C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-05 14:00]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{07D03F2C-A17F-480A-AF77-11EEF13E87F8} - C:\WINDOWS\system32\vturo.dll
    BHO-{0A81D54C-8E60-4EA3-8995-7DD4223A33AD} - (no file)
    BHO-{11AF8210-F039-4EF9-B36F-F4209FD10DA1} - (no file)
    BHO-{15060ff4-bd48-4542-84df-5c180bfa91ad} - (no file)
    BHO-{159E25D9-0053-48B8-A0D4-4394E4C7B8BC} - (no file)
    BHO-{1EB9D862-DB7D-4FC3-BC33-FCB8F3B6CAC1} - (no file)
    BHO-{1FBC90D7-9182-47E5-86D0-BBBC96B27481} - (no file)
    BHO-{2e652987-4eb8-402c-a549-59e0b291b9d6} - (no file)
    BHO-{4B868623-35EF-4199-852E-F66C45930AEA} - (no file)
    BHO-{621B3EF5-B5DE-4435-9AE8-93B6E9EA887F} - (no file)
    BHO-{62b543ee-ffe6-42b2-941c-57e9260d5764} - (no file)
    BHO-{695021b8-8f55-40c9-87eb-16e63ca3502c} - (no file)
    BHO-{6E25BCC0-FE84-4E09-AF4F-7FD554BAF997} - (no file)
    BHO-{6EB6FB08-7E51-4A57-A4FF-A3FF3F74D4A8} - C:\WINDOWS\system32\yayabyAq.dll
    BHO-{7b3e6123-7fb2-4657-b7aa-f58522943fb7} - (no file)
    BHO-{7e6067d1-48e1-4c63-a714-cdc7bdb16f40} - (no file)
    BHO-{A91A8AEE-7A07-4110-BA18-DE3636281801} - (no file)
    BHO-{B2E6FECA-8CB8-4723-A7B6-E257051A607B} - (no file)
    BHO-{B678BB25-F6A1-4535-A438-DFBD3AD7585A} - (no file)
    BHO-{BAEB5B4A-7DEF-41CA-BB3E-479BEF491ECA} - (no file)
    BHO-{C0DE7815-9EAD-4DEC-9251-F48D512934F9} - (no file)
    BHO-{CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
    BHO-{D00D44AB-DE61-40A9-8AF3-0F122CFC8C60} - (no file)
    BHO-{D41A7DC5-A4A4-42B7-AD7F-1347E9F00D48} - (no file)
    BHO-{D89034CD-B0FB-4A22-B124-81154C4A21AE} - (no file)
    BHO-{DC0B4925-D684-4D88-B595-99D87C223ED9} - (no file)
    BHO-{DD1A060D-D56F-4EBE-A468-96F7755B2181} - (no file)
    BHO-{DE49EF6B-AA35-4A72-8163-15E435527635} - (no file)
    BHO-{e6316553-6662-4d0a-9c56-2f4d724a832e} - (no file)
    BHO-{F5720D68-205B-418C-9AFF-0118D56FF814} - (no file)
    BHO-{FC661BD2-D338-4DC9-8E4E-228C17BC1909} - (no file)
    BHO-{FDBC92BD-80E2-4512-BF3D-2EE0FCC4D955} - (no file)
    BHO-{fee943a3-cef4-47dd-956f-5fa63afe5ce1} - (no file)
    HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
    HKCU-Run-Skype - C:\Program Files\Skype\Phone\Skype.exe
    HKCU-Run-Update Service - C:\Program Files\Fichiers communs\Teknum Systems\update.exe
    HKLM-Run-LogMeIn GUI - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    ShellExecuteHooks-{CAA59A5A-5CA0-4853-9DA4-02C6EDE98C0F} - (no file)
    Notify-ddcddaw - ddcddaw.dll
    Notify-hgGyxVLE - (no file)
    Notify-LMIinit - LMIinit.dll


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\alex\Application Data\Mozilla\Firefox\Profiles\rc1g4d2b.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp:// fficial" rel="nofollow" target="_blank">www.google.fr/firefox?client=firefox-a&rls=org.mozilla:...
    FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
    FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-15 17:16:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...


    C:\Documents and Settings\alex\Local Settings\Application Data\Microsoft\Messenger\alexmasse@hotmail.com\SharingMetadata\jenniferpatu@msn.com\DFSR\Staging\CS{700587A0-A542-DC8E-287D-C38DE392AE33}\00\100-{8AB3F6FE-BA7A-4A8D-96B5-3B786ED005EB}-v100-{8AB3F6FE-BA7A-4A8D-96B5-3B786ED005EB}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 43446 bytes executable hidden from API

    Scan terminé avec succès
    Fichiers cachés: 1

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MysqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    C:\Program Files\Inventel\Gateway\WLANCFG.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\WINDOWS\system32\verclsid.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-15 17:26:57 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-15 15:26:47

    Avant-CF: 71 249 457 152 octets libres
    Après-CF: 71,409,750,016 octets libres

    298 --- E O F --- 2008-10-09 20:01:00



    de plus voile le nouveau rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:39:02, on 15/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe
    O4 - Global Startup: RFScheduler.lnk = ?
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

    --
    End of file - 9369 bytes

    merci et a bientot.
    15 Octobre 2008 20:40:09

    est ce que j'en est fini avec mon infection? ou faut il encore faire quelque chose?
    quels logiciels vous pourriez me conseiller pour éviter les contamination a l'avenir?

    a bientôt
    15 Octobre 2008 22:54:41

    re

    Citation :
    est ce que j'en est fini avec mon infection? ou faut il encore faire quelque chose?
    quels logiciels vous pourriez me conseiller pour éviter les contamination a l'avenir?

    ce n'est pas terminé. pour l'avenir, ce ne sont pas les logiciels qui importent mais ton comportement sur le net. ;O)
    je t'expliquerai à la fin.



    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - AppInit_DLLs: tlgfxf.dll lkqnyp.dll



    Clique sur Fix checked (en bas à gauche)


    +++++++++++++

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.


    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS