Se connecter / S'enregistrer
Votre question

Virus Alert: nouvelle épisode

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Septembre 2008 18:37:59

Bonjour, (** EDIT ** )

Alors, comme certains , je suis à mon tour affecté de ce virus dont je ne connais pas le nom... Ce virus provoque une grosse rame, il affiche sans cesse des messages intempestifs de télechargement d'anti-Spyware, il vire certaine option de la page "démarrer", aucun point de restauration du systéme n'est enregistré et une mention "VIRUS ALERT !" est présente à coté de l'horloge..

Je suis obligé de naviguer sur internet via le "mode sans echec avec prise en charge du réseau".

Je demande qu'une personne compétante :)  me dise étapes par étapes comment faire pour que mon PC reprenne son état normal...

PS: les autres personnes qui ont le même probléme que moi sont priées de ne pas poster leur message d'aide ici mais sur un nouveau sujet qui leur sera propre.

Autres pages sur : virus alert nouvelle episode

a b 8 Sécurité
25 Septembre 2008 18:43:11

Un bonjour ?

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
25 Septembre 2008 20:52:51

Excusez moi, j'ai oublier de dire "bonjour" mais j'ai réediter mon message

Voila le manuscrit....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45: VIRUS ALERT!, on 25/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Pauline\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: QXK Olive - {D27D3178-FD5A-4052-8EF7-33EE84C17DAB} - C:\WINDOWS\dfmlxbpkksw.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: peltodgx - {DFEAE9D3-90B8-4F9E-8AC2-8317693C94BA} - C:\WINDOWS\peltodgx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Gestionnaire de liaison sans fil] "C:\Program Files\Inventel\Gateway\wlancfg.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\YUR19A.exe] C:\Windows\system32\YUR19A.exe
O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [\YUR19A.exe] C:\Windows\system32\YUR19A.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\poker Unibet\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: rwlfsdmk - {8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: onfwbsak - {B07A0E7E-1387-4ECF-8F5B-9270420F5E25} - C:\WINDOWS\onfwbsak.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9169 bytes



J'ai hate de savoir l'étape suivante....
Contenus similaires
a b 8 Sécurité
25 Septembre 2008 21:03:55

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    25 Septembre 2008 22:37:53


    Franchement RESPECT, voilà votre doc:


    "Pauline" - 2008-09-25 22:29:03 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Pauline\Bureau\"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\WINDOWS\system32\windows_update.exe"


    ((((((((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 ))))))))))))))))))))))))))))))))))


    2008-09-25 20:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-25 10:21 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    2008-09-24 20:47 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\skypePM
    2008-09-24 20:42 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Skype
    2008-09-24 19:59 <REP> d-------- C:\Program Files\AntiSpywareExpert
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\TmpRecentIcons
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\HP
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Google
    2008-09-24 19:49 1,310,720 --ah----- C:\DOCUME~1\Victor\NTUSER.DAT
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Mes documents
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Menu D‚marrer
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Favoris
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage r‚seau
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage d'impression
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\ModŠles
    2008-09-24 19:49 <REP> d-------- C:\DOCUME~1\Victor\Bureau
    2008-09-24 18:22 <REP> d--hs---- C:\WINDOWS\CSC
    2008-09-23 22:42 74,752 --a------ C:\WINDOWS\system32\YUR173.exe
    2008-09-23 22:34 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\TmpRecentIcons
    2008-09-23 20:34 <REP> d-------- C:\Program Files\MicroAV
    2008-09-23 20:33 385,024 --a------ C:\WINDOWS\rwlfsdmk.dll
    2008-09-23 20:33 344,064 --a------ C:\WINDOWS\dfmlxbpkksw.dll
    2008-09-23 20:33 278,528 --a------ C:\WINDOWS\onfwbsak.dll
    2008-09-23 20:33 208,896 --a------ C:\WINDOWS\peltodgx.dll
    2008-09-23 20:33 151,552 --a------ C:\WINDOWS\eqvm.exe
    2008-09-23 20:33 102,400 --a------ C:\WINDOWS\fbxrqtwn.exe
    2008-09-19 06:56 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-18 10:12 <REP> d-------- C:\Program Files\Power Tab Software
    2008-09-13 17:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-13 17:06 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\skypePM
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Skype
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    2008-09-13 15:44 <REP> d-------- C:\WINDOWS\system32\appmgmt
    2008-09-09 19:54 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\AOL
    2008-09-09 19:53 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-09-09 19:53 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\occache
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\Program Files\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\aolback
    2008-09-09 19:53 <REP> d-------- C:\My Music
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Real
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-09-09 19:51 335 --a------ C:\WINDOWS\nsreg.dat
    2008-09-09 19:51 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-09-09 19:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-09-04 15:32 <REP> d-------- C:\Program Files\Azureus
    2008-09-03 15:36 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Help
    2008-09-03 15:32 109,056 --a------ C:\WINDOWS\system32\UNINSTAL.EXE
    2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\BACKUP
    2008-09-03 15:31 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
    2008-09-03 15:31 72,704 --------- C:\WINDOWS\system32\ODBCTL32.DLL
    2008-09-03 15:31 407,312 --------- C:\WINDOWS\system32\MSREPL35.DLL
    2008-09-03 15:31 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL
    2008-09-03 15:31 262,144 --------- C:\WINDOWS\system32\MSRD2X35.DLL
    2008-09-03 15:31 24,848 --------- C:\WINDOWS\system32\MSJTER35.DLL
    2008-09-03 15:31 168,720 --------- C:\WINDOWS\system32\MSLTUS35.DLL
    2008-09-03 15:31 165,648 --------- C:\WINDOWS\system32\MSTEXT35.DLL
    2008-09-03 15:31 123,664 --------- C:\WINDOWS\system32\MSJINT35.DLL
    2008-09-03 15:31 1,050,896 --------- C:\WINDOWS\system32\MSJET35.DLL
    2008-09-03 15:30 4,608 --------- C:\WINDOWS\system32\W95INF32.DLL
    2008-09-03 15:30 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL
    2008-09-03 15:30 393,728 --------- C:\WINDOWS\system32\MSVCRTD.DLL
    2008-09-03 15:30 2,304 --------- C:\WINDOWS\system32\W95INF16.DLL
    2008-09-03 15:29 <REP> d-------- C:\Program Files\greenstreet
    2008-09-03 15:23 <REP> d-------- C:\WINDOWS\Sellnew
    2008-09-03 14:53 <REP> d-------- C:\Program Files\Office10
    2008-08-25 19:24 <REP> d-------- C:\Program Files\eBay
    2008-08-25 19:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\eBay
    2008-08-25 19:22 <REP> d-------- C:\WINDOWS\Downloaded Installations


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-09-24 20:27:52 58,652 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-09-24 20:27:52 438,652 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-09-23 20:32:49 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Azureus
    2008-09-20 19:47:52 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Microgaming
    2008-09-18 08:20:31 128,313 ----a-w C:\WINDOWS\hpoins11.dat
    2008-09-13 13:51:53 -------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-13 13:46:55 -------- d-----w C:\Program Files\Micro Trivial Pursuit
    2008-09-13 13:44:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\WinAce
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\HPQ
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-09-04 19:49:12 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\U3
    2008-08-14 08:38:13 -------- d-----w C:\Program Files\Messenger
    2008-08-11 19:02:32 -------- d-----w C:\Program Files\Inventel
    2008-08-11 19:02:26 81,920 ----a-w C:\WINDOWS\system32\W32N50.DLL
    2008-08-11 19:02:26 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.SYS
    2008-08-01 19:11:57 48 ---ha-w C:\Program Files\.mcfl.dat
    2008-07-31 21:36:48 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Media Player Classic
    2008-07-30 12:55:36 49,152 ------w C:\WINDOWS\system32\inetwh32.dll
    2008-07-30 12:55:36 1,044,480 ------w C:\WINDOWS\system32\roboex32.dll
    2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 17:13]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 04:27]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-04-30 11:49]
    {D27D3178-FD5A-4052-8EF7-33EE84C17DAB}=C:\WINDOWS\dfmlxbpkksw.dll [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
    "nwiz"="nwiz.exe" [2006-08-18 10:00 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
    "Gestionnaire de liaison sans fil"="C:\Program Files\Inventel\Gateway\wlancfg.exe" [2008-08-11 21:02]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-09 19:53]
    "PCPrivacyCleaner"="C:\Program Files\PCPrivacyCleaner\pcpc.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 11:49]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 17:13]
    "\YUR19A.exe"="C:\Windows\system32\YUR19A.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispCPL"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoToolbarCustomize"=1 (0x1)
    "StartMenuLogoff"=1 (0x1)
    "NoStartMenuMorePrograms"=1 (0x1)
    "NoSetFolders"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"="C:\WINDOWS\rwlfsdmk.dll" [2008-09-23 18:35]
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"="C:\WINDOWS\onfwbsak.dll" [2008-09-23 18:35]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58813d54-2432-11dd-a6ab-a12e89753c67}]
    AutoRun\command- G:\LaunchU3.exe

    *Newly Created Service* - MDMXSDK

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-25 22:32:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????p??????Y?@?????<?@
    PCPrivacyCleaner = C:\Program Files\PCPrivacyCleaner\pcpc.exe? Internet Files\Content.IE5\P68U27GP\PCPC_Setup_Free_fr[1].exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    disk error: C:\WINDOWS\

    please note that you need administrator rights to perform deep scan

    ********************************************************************

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "\\YUR19A.exe"="C:\\Windows\\system32\\YUR19A.exe"

    [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv]
    "imagepath"="\systemroot\system32\drivers\TDSSserv.sys"

    Completion time: 2008-09-25 22:34:37
    C:\ComboFix-quarantined-files.txt ... 2008-09-25 22:34

    --- E O F ---
    a b 8 Sécurité
    26 Septembre 2008 19:35:55

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    27 Septembre 2008 20:42:09

    OK OK on poursuit.....

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 2

    27/09/2008 15:26:32
    mbam-log-2008-09-27 (15-26-32).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 101781
    Temps écoulé: 39 minute(s), 51 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 12
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 17
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 27

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur19a.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76413-OEM-0011903-00803) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\AntiSpywareExpert\BL.dat (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
    C:\Program Files\AntiSpywareExpert\WL.dat (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\Documents and Settings\Victor\Bureau\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Application Data\TmpRecentIcons\PCPrivacyCleaner.lnk (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Victor\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Victor\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Victor\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Victor\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Victor\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Victor\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Pauline\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.




    28 Septembre 2008 21:12:02

    Que dois-je faire maintenant? le virus est toujours là...
    a b 8 Sécurité
    28 Septembre 2008 21:36:36

    Refais un scan Combofix.
    28 Septembre 2008 21:43:43

    "Administrateur" - 2008-09-28 21:39:23 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Pauline\Bureau\"


    ((((((((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 ))))))))))))))))))))))))))))))))))


    2008-09-27 14:44 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-27 14:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Malwarebytes
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-09-25 22:34 49,152 --a------ C:\WINDOWS\nircmd.exe
    2008-09-25 20:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-25 10:21 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    2008-09-24 20:47 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\skypePM
    2008-09-24 20:42 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Skype
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\TmpRecentIcons
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\HP
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Google
    2008-09-24 19:49 1,310,720 --ah----- C:\DOCUME~1\Victor\NTUSER.DAT
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Mes documents
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Menu D‚marrer
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Favoris
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage r‚seau
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage d'impression
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\ModŠles
    2008-09-24 19:49 <REP> d-------- C:\DOCUME~1\Victor\Bureau
    2008-09-24 18:22 <REP> d--hs---- C:\WINDOWS\CSC
    2008-09-23 22:42 74,752 --a------ C:\WINDOWS\system32\YUR173.exe
    2008-09-23 22:34 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\TmpRecentIcons
    2008-09-23 20:34 <REP> d-------- C:\Program Files\MicroAV
    2008-09-23 20:33 385,024 --a------ C:\WINDOWS\rwlfsdmk.dll
    2008-09-23 20:33 344,064 --a------ C:\WINDOWS\dfmlxbpkksw.dll
    2008-09-23 20:33 278,528 --a------ C:\WINDOWS\onfwbsak.dll
    2008-09-23 20:33 208,896 --a------ C:\WINDOWS\peltodgx.dll
    2008-09-23 20:33 151,552 --a------ C:\WINDOWS\eqvm.exe
    2008-09-23 20:33 102,400 --a------ C:\WINDOWS\fbxrqtwn.exe
    2008-09-19 06:56 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-18 10:12 <REP> d-------- C:\Program Files\Power Tab Software
    2008-09-13 17:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-13 17:06 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\skypePM
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Skype
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    2008-09-13 15:44 <REP> d-------- C:\WINDOWS\system32\appmgmt
    2008-09-09 19:54 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\AOL
    2008-09-09 19:53 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-09-09 19:53 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\occache
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\Program Files\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\aolback
    2008-09-09 19:53 <REP> d-------- C:\My Music
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Real
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-09-09 19:51 335 --a------ C:\WINDOWS\nsreg.dat
    2008-09-09 19:51 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-09-09 19:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-09-04 15:32 <REP> d-------- C:\Program Files\Azureus
    2008-09-03 15:36 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Help
    2008-09-03 15:32 109,056 --a------ C:\WINDOWS\system32\UNINSTAL.EXE
    2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\BACKUP
    2008-09-03 15:31 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
    2008-09-03 15:31 72,704 --------- C:\WINDOWS\system32\ODBCTL32.DLL
    2008-09-03 15:31 407,312 --------- C:\WINDOWS\system32\MSREPL35.DLL
    2008-09-03 15:31 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL
    2008-09-03 15:31 262,144 --------- C:\WINDOWS\system32\MSRD2X35.DLL
    2008-09-03 15:31 24,848 --------- C:\WINDOWS\system32\MSJTER35.DLL
    2008-09-03 15:31 168,720 --------- C:\WINDOWS\system32\MSLTUS35.DLL
    2008-09-03 15:31 165,648 --------- C:\WINDOWS\system32\MSTEXT35.DLL
    2008-09-03 15:31 123,664 --------- C:\WINDOWS\system32\MSJINT35.DLL
    2008-09-03 15:31 1,050,896 --------- C:\WINDOWS\system32\MSJET35.DLL
    2008-09-03 15:30 4,608 --------- C:\WINDOWS\system32\W95INF32.DLL
    2008-09-03 15:30 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL
    2008-09-03 15:30 393,728 --------- C:\WINDOWS\system32\MSVCRTD.DLL
    2008-09-03 15:30 2,304 --------- C:\WINDOWS\system32\W95INF16.DLL
    2008-09-03 15:29 <REP> d-------- C:\Program Files\greenstreet
    2008-09-03 15:23 <REP> d-------- C:\WINDOWS\Sellnew
    2008-09-03 14:53 <REP> d-------- C:\Program Files\Office10


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-09-24 20:27:52 58,652 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-09-24 20:27:52 438,652 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-09-18 08:20:31 128,313 ----a-w C:\WINDOWS\hpoins11.dat
    2008-09-13 13:51:53 -------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-13 13:46:55 -------- d-----w C:\Program Files\Micro Trivial Pursuit
    2008-09-13 13:44:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\WinAce
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\HPQ
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-25 17:24:16 -------- d-----w C:\Program Files\eBay
    2008-08-14 08:38:13 -------- d-----w C:\Program Files\Messenger
    2008-08-11 19:02:32 -------- d-----w C:\Program Files\Inventel
    2008-08-11 19:02:26 81,920 ----a-w C:\WINDOWS\system32\W32N50.DLL
    2008-08-11 19:02:26 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.SYS
    2008-08-01 19:11:57 48 ---ha-w C:\Program Files\.mcfl.dat
    2008-07-30 12:55:36 49,152 ------w C:\WINDOWS\system32\inetwh32.dll
    2008-07-30 12:55:36 1,044,480 ------w C:\WINDOWS\system32\roboex32.dll
    2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 17:13]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 04:27]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-04-30 11:49]
    {D27D3178-FD5A-4052-8EF7-33EE84C17DAB}=C:\WINDOWS\dfmlxbpkksw.dll [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
    "nwiz"="nwiz.exe" [2006-08-18 10:00 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
    "Gestionnaire de liaison sans fil"="C:\Program Files\Inventel\Gateway\wlancfg.exe" [2008-08-11 21:02]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-09 19:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-27 22:24]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"="C:\WINDOWS\rwlfsdmk.dll" [2008-09-23 18:35]
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"="C:\WINDOWS\onfwbsak.dll" [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\setupSNK.exe

    *Newly Created Service* - MDMXSDK

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 21:41:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???pV??????Y?@?????<?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-09-28 21:42:16
    C:\ComboFix-quarantined-files.txt ... 2008-09-28 21:42
    C:\ComboFix2.txt ... 2008-09-25 22:34

    --- E O F ---
    a b 8 Sécurité
    28 Septembre 2008 21:55:29

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\YUR173.exe
    C:\WINDOWS\rwlfsdmk.dll
    C:\WINDOWS\dfmlxbpkksw.dll
    C:\WINDOWS\onfwbsak.dll
    C:\WINDOWS\peltodgx.dll
    C:\WINDOWS\eqvm.exe
    C:\WINDOWS\fbxrqtwn.exe
    C:\WINDOWS\system32\ezsidmv.dat
    C:\WINDOWS\unvise32qt.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27D3178-FD5A-4052-8EF7-33EE84C17DAB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"=-
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"=-
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    28 Septembre 2008 22:11:27

    Toute les manipulation que tu me demande sont faite sous le mode sans échec...

    Rapport combofix:

    "Administrateur" - 2008-09-28 22:06:30 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Administrateur\"
    Command switches used :: ""C:\Documents and Settings\Administrateur\Bureau\CFScript.txt..txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 ))))))))))))))))))))))))))))))))))


    2008-09-27 14:44 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-27 14:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Malwarebytes
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-09-25 22:34 49,152 --a------ C:\WINDOWS\nircmd.exe
    2008-09-25 20:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-25 10:21 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    2008-09-24 20:47 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\skypePM
    2008-09-24 20:42 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Skype
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\TmpRecentIcons
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\HP
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Google
    2008-09-24 19:49 1,310,720 --ah----- C:\DOCUME~1\Victor\NTUSER.DAT
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Mes documents
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Menu D‚marrer
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Favoris
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage r‚seau
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage d'impression
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\ModŠles
    2008-09-24 19:49 <REP> d-------- C:\DOCUME~1\Victor\Bureau
    2008-09-24 18:22 <REP> d--hs---- C:\WINDOWS\CSC
    2008-09-23 22:42 74,752 --a------ C:\WINDOWS\system32\YUR173.exe
    2008-09-23 22:34 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\TmpRecentIcons
    2008-09-23 20:34 <REP> d-------- C:\Program Files\MicroAV
    2008-09-23 20:33 385,024 --a------ C:\WINDOWS\rwlfsdmk.dll
    2008-09-23 20:33 344,064 --a------ C:\WINDOWS\dfmlxbpkksw.dll
    2008-09-23 20:33 278,528 --a------ C:\WINDOWS\onfwbsak.dll
    2008-09-23 20:33 208,896 --a------ C:\WINDOWS\peltodgx.dll
    2008-09-23 20:33 151,552 --a------ C:\WINDOWS\eqvm.exe
    2008-09-23 20:33 102,400 --a------ C:\WINDOWS\fbxrqtwn.exe
    2008-09-19 06:56 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-18 10:12 <REP> d-------- C:\Program Files\Power Tab Software
    2008-09-13 17:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-13 17:06 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\skypePM
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Skype
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    2008-09-13 15:44 <REP> d-------- C:\WINDOWS\system32\appmgmt
    2008-09-09 19:54 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\AOL
    2008-09-09 19:53 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-09-09 19:53 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\occache
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\Program Files\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\aolback
    2008-09-09 19:53 <REP> d-------- C:\My Music
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Real
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-09-09 19:51 335 --a------ C:\WINDOWS\nsreg.dat
    2008-09-09 19:51 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-09-09 19:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-09-04 15:32 <REP> d-------- C:\Program Files\Azureus
    2008-09-03 15:36 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Help
    2008-09-03 15:32 109,056 --a------ C:\WINDOWS\system32\UNINSTAL.EXE
    2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\BACKUP
    2008-09-03 15:31 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
    2008-09-03 15:31 72,704 --------- C:\WINDOWS\system32\ODBCTL32.DLL
    2008-09-03 15:31 407,312 --------- C:\WINDOWS\system32\MSREPL35.DLL
    2008-09-03 15:31 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL
    2008-09-03 15:31 262,144 --------- C:\WINDOWS\system32\MSRD2X35.DLL
    2008-09-03 15:31 24,848 --------- C:\WINDOWS\system32\MSJTER35.DLL
    2008-09-03 15:31 168,720 --------- C:\WINDOWS\system32\MSLTUS35.DLL
    2008-09-03 15:31 165,648 --------- C:\WINDOWS\system32\MSTEXT35.DLL
    2008-09-03 15:31 123,664 --------- C:\WINDOWS\system32\MSJINT35.DLL
    2008-09-03 15:31 1,050,896 --------- C:\WINDOWS\system32\MSJET35.DLL
    2008-09-03 15:30 4,608 --------- C:\WINDOWS\system32\W95INF32.DLL
    2008-09-03 15:30 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL
    2008-09-03 15:30 393,728 --------- C:\WINDOWS\system32\MSVCRTD.DLL
    2008-09-03 15:30 2,304 --------- C:\WINDOWS\system32\W95INF16.DLL
    2008-09-03 15:29 <REP> d-------- C:\Program Files\greenstreet
    2008-09-03 15:23 <REP> d-------- C:\WINDOWS\Sellnew
    2008-09-03 14:53 <REP> d-------- C:\Program Files\Office10


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-09-24 20:27:52 58,652 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-09-24 20:27:52 438,652 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-09-18 08:20:31 128,313 ----a-w C:\WINDOWS\hpoins11.dat
    2008-09-13 13:51:53 -------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-13 13:46:55 -------- d-----w C:\Program Files\Micro Trivial Pursuit
    2008-09-13 13:44:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\WinAce
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\HPQ
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-25 17:24:16 -------- d-----w C:\Program Files\eBay
    2008-08-14 08:38:13 -------- d-----w C:\Program Files\Messenger
    2008-08-11 19:02:32 -------- d-----w C:\Program Files\Inventel
    2008-08-11 19:02:26 81,920 ----a-w C:\WINDOWS\system32\W32N50.DLL
    2008-08-11 19:02:26 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.SYS
    2008-08-01 19:11:57 48 ---ha-w C:\Program Files\.mcfl.dat
    2008-07-30 12:55:36 49,152 ------w C:\WINDOWS\system32\inetwh32.dll
    2008-07-30 12:55:36 1,044,480 ------w C:\WINDOWS\system32\roboex32.dll
    2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 17:13]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 04:27]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-04-30 11:49]
    {D27D3178-FD5A-4052-8EF7-33EE84C17DAB}=C:\WINDOWS\dfmlxbpkksw.dll [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
    "nwiz"="nwiz.exe" [2006-08-18 10:00 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
    "Gestionnaire de liaison sans fil"="C:\Program Files\Inventel\Gateway\wlancfg.exe" [2008-08-11 21:02]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-09 19:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-27 22:24]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"="C:\WINDOWS\rwlfsdmk.dll" [2008-09-23 18:35]
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"="C:\WINDOWS\onfwbsak.dll" [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\setupSNK.exe

    *Newly Created Service* - MDMXSDK

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 22:06:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???pV??????Y?@?????<?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-09-28 22:07:19
    C:\ComboFix-quarantined-files.txt ... 2008-09-28 22:07
    C:\ComboFix2.txt ... 2008-09-28 21:42
    C:\ComboFix3.txt ... 2008-09-25 22:34

    --- E O F ---




    Rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:10:27, on 28/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Pauline\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: QXK Olive - {D27D3178-FD5A-4052-8EF7-33EE84C17DAB} - C:\WINDOWS\dfmlxbpkksw.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: peltodgx - {DFEAE9D3-90B8-4F9E-8AC2-8317693C94BA} - C:\WINDOWS\peltodgx.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Gestionnaire de liaison sans fil] "C:\Program Files\Inventel\Gateway\wlancfg.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\poker Unibet\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: rwlfsdmk - {8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D} - C:\WINDOWS\rwlfsdmk.dll
    O21 - SSODL: onfwbsak - {B07A0E7E-1387-4ECF-8F5B-9270420F5E25} - C:\WINDOWS\onfwbsak.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8854 bytes
    a b 8 Sécurité
    28 Septembre 2008 22:18:52

    Citation :
    ""C:\Documents and Settings\Administrateur\Bureau\CFScript.txt..txt""

    Le fichier doit se nommer CFScript.txt.
    28 Septembre 2008 22:31:25

    excuse je suis tomper en le nommant..

    Rapport combofix:

    "Administrateur" - 2008-09-28 22:24:49 Service Pack 2 [SAFE MODE]
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Administrateur\"
    Command switches used :: ""C:\Documents and Settings\Administrateur\Bureau\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 ))))))))))))))))))))))))))))))))))


    2008-09-27 14:44 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-27 14:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Malwarebytes
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-09-25 22:34 49,152 --a------ C:\WINDOWS\nircmd.exe
    2008-09-25 20:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-25 10:21 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    2008-09-24 20:47 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\skypePM
    2008-09-24 20:42 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Skype
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\TmpRecentIcons
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\HP
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Google
    2008-09-24 19:49 1,310,720 --ah----- C:\DOCUME~1\Victor\NTUSER.DAT
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Mes documents
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Menu D‚marrer
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Favoris
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage r‚seau
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage d'impression
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\ModŠles
    2008-09-24 19:49 <REP> d-------- C:\DOCUME~1\Victor\Bureau
    2008-09-24 18:22 <REP> d--hs---- C:\WINDOWS\CSC
    2008-09-23 22:42 74,752 --a------ C:\WINDOWS\system32\YUR173.exe
    2008-09-23 22:34 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\TmpRecentIcons
    2008-09-23 20:34 <REP> d-------- C:\Program Files\MicroAV
    2008-09-23 20:33 385,024 --a------ C:\WINDOWS\rwlfsdmk.dll
    2008-09-23 20:33 344,064 --a------ C:\WINDOWS\dfmlxbpkksw.dll
    2008-09-23 20:33 278,528 --a------ C:\WINDOWS\onfwbsak.dll
    2008-09-23 20:33 208,896 --a------ C:\WINDOWS\peltodgx.dll
    2008-09-23 20:33 151,552 --a------ C:\WINDOWS\eqvm.exe
    2008-09-23 20:33 102,400 --a------ C:\WINDOWS\fbxrqtwn.exe
    2008-09-19 06:56 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-18 10:12 <REP> d-------- C:\Program Files\Power Tab Software
    2008-09-13 17:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-13 17:06 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\skypePM
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Skype
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    2008-09-13 15:44 <REP> d-------- C:\WINDOWS\system32\appmgmt
    2008-09-09 19:54 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\AOL
    2008-09-09 19:53 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-09-09 19:53 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\occache
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\Program Files\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\aolback
    2008-09-09 19:53 <REP> d-------- C:\My Music
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Real
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-09-09 19:51 335 --a------ C:\WINDOWS\nsreg.dat
    2008-09-09 19:51 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-09-09 19:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-09-04 15:32 <REP> d-------- C:\Program Files\Azureus
    2008-09-03 15:36 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Help
    2008-09-03 15:32 109,056 --a------ C:\WINDOWS\system32\UNINSTAL.EXE
    2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\BACKUP
    2008-09-03 15:31 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
    2008-09-03 15:31 72,704 --------- C:\WINDOWS\system32\ODBCTL32.DLL
    2008-09-03 15:31 407,312 --------- C:\WINDOWS\system32\MSREPL35.DLL
    2008-09-03 15:31 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL
    2008-09-03 15:31 262,144 --------- C:\WINDOWS\system32\MSRD2X35.DLL
    2008-09-03 15:31 24,848 --------- C:\WINDOWS\system32\MSJTER35.DLL
    2008-09-03 15:31 168,720 --------- C:\WINDOWS\system32\MSLTUS35.DLL
    2008-09-03 15:31 165,648 --------- C:\WINDOWS\system32\MSTEXT35.DLL
    2008-09-03 15:31 123,664 --------- C:\WINDOWS\system32\MSJINT35.DLL
    2008-09-03 15:31 1,050,896 --------- C:\WINDOWS\system32\MSJET35.DLL
    2008-09-03 15:30 4,608 --------- C:\WINDOWS\system32\W95INF32.DLL
    2008-09-03 15:30 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL
    2008-09-03 15:30 393,728 --------- C:\WINDOWS\system32\MSVCRTD.DLL
    2008-09-03 15:30 2,304 --------- C:\WINDOWS\system32\W95INF16.DLL
    2008-09-03 15:29 <REP> d-------- C:\Program Files\greenstreet
    2008-09-03 15:23 <REP> d-------- C:\WINDOWS\Sellnew
    2008-09-03 14:53 <REP> d-------- C:\Program Files\Office10


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-09-24 20:27:52 58,652 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-09-24 20:27:52 438,652 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-09-18 08:20:31 128,313 ----a-w C:\WINDOWS\hpoins11.dat
    2008-09-13 13:51:53 -------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-13 13:46:55 -------- d-----w C:\Program Files\Micro Trivial Pursuit
    2008-09-13 13:44:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\WinAce
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\HPQ
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-08-25 17:24:16 -------- d-----w C:\Program Files\eBay
    2008-08-14 08:38:13 -------- d-----w C:\Program Files\Messenger
    2008-08-11 19:02:32 -------- d-----w C:\Program Files\Inventel
    2008-08-11 19:02:26 81,920 ----a-w C:\WINDOWS\system32\W32N50.DLL
    2008-08-11 19:02:26 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.SYS
    2008-08-01 19:11:57 48 ---ha-w C:\Program Files\.mcfl.dat
    2008-07-30 12:55:36 49,152 ------w C:\WINDOWS\system32\inetwh32.dll
    2008-07-30 12:55:36 1,044,480 ------w C:\WINDOWS\system32\roboex32.dll
    2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 17:13]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 04:27]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-04-30 11:49]
    {D27D3178-FD5A-4052-8EF7-33EE84C17DAB}=C:\WINDOWS\dfmlxbpkksw.dll [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
    "nwiz"="nwiz.exe" [2006-08-18 10:00 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
    "Gestionnaire de liaison sans fil"="C:\Program Files\Inventel\Gateway\wlancfg.exe" [2008-08-11 21:02]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-09 19:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-27 22:24]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"="C:\WINDOWS\rwlfsdmk.dll" [2008-09-23 18:35]
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"="C:\WINDOWS\onfwbsak.dll" [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\setupSNK.exe

    *Newly Created Service* - MDMXSDK

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-28 22:25:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???pV??????Y?@?????<?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-09-28 22:25:38
    C:\ComboFix-quarantined-files.txt ... 2008-09-28 22:25
    C:\ComboFix2.txt ... 2008-09-28 22:07
    C:\ComboFix3.txt ... 2008-09-28 21:42

    --- E O F ---


    rapport Hyjackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:31:08, on 28/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Pauline\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: QXK Olive - {D27D3178-FD5A-4052-8EF7-33EE84C17DAB} - C:\WINDOWS\dfmlxbpkksw.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: peltodgx - {DFEAE9D3-90B8-4F9E-8AC2-8317693C94BA} - C:\WINDOWS\peltodgx.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Gestionnaire de liaison sans fil] "C:\Program Files\Inventel\Gateway\wlancfg.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\poker Unibet\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: rwlfsdmk - {8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D} - C:\WINDOWS\rwlfsdmk.dll
    O21 - SSODL: onfwbsak - {B07A0E7E-1387-4ECF-8F5B-9270420F5E25} - C:\WINDOWS\onfwbsak.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8854 bytes
    a b 8 Sécurité
    29 Septembre 2008 17:20:24

    Euh tu as mis quoi dans le CFScrip ? :/ 
    29 Septembre 2008 18:44:58

    ce que tu m'as dit de mettre: sa:

    File::
    C:\WINDOWS\system32\YUR173.ex
    C:\WINDOWS\rwlfsdmk.dll
    C:\WINDOWS\dfmlxbpkksw.dll
    C:\WINDOWS\onfwbsak.dll
    C:\WINDOWS\peltodgx.dll
    C:\WINDOWS\eqvm.exe
    C:\WINDOWS\fbxrqtwn.exe
    C:\WINDOWS\system32\ezsidmv.dat
    C:\WINDOWS\unvise32qt.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27D3178-FD5A-4052-8EF7-33EE84C17DAB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"=-
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"=-
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys]

    a b 8 Sécurité
    29 Septembre 2008 19:47:51

    Tu dois faire les manips en mode normal.
    30 Septembre 2008 06:51:02

    ok, a partir du script ou depuis le début ?
    a b 8 Sécurité
    30 Septembre 2008 12:38:00

    Script :) 
    30 Septembre 2008 18:27:18

    "mode normal"

    Rapport combofix:

    "Pauline" - 2008-09-30 18:13:27 Service Pack 2
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Pauline\"
    Command switches used :: ""C:\Documents and Settings\Pauline\Bureau\CFScript.txt""


    ((((((((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))))))


    2008-09-27 14:44 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-27 14:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Malwarebytes
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-09-25 22:34 49,152 --a------ C:\WINDOWS\nircmd.exe
    2008-09-25 20:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-25 10:21 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    2008-09-24 20:47 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\skypePM
    2008-09-24 20:42 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Skype
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\TmpRecentIcons
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\HP
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Google
    2008-09-24 19:49 1,310,720 --ah----- C:\DOCUME~1\Victor\NTUSER.DAT
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Mes documents
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Menu D‚marrer
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Favoris
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage r‚seau
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage d'impression
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\ModŠles
    2008-09-24 19:49 <REP> d-------- C:\DOCUME~1\Victor\Bureau
    2008-09-24 18:22 <REP> d--hs---- C:\WINDOWS\CSC
    2008-09-23 22:42 74,752 --a------ C:\WINDOWS\system32\YUR173.exe
    2008-09-23 22:34 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\TmpRecentIcons
    2008-09-23 20:34 <REP> d-------- C:\Program Files\MicroAV
    2008-09-23 20:33 385,024 --a------ C:\WINDOWS\rwlfsdmk.dll
    2008-09-23 20:33 344,064 --a------ C:\WINDOWS\dfmlxbpkksw.dll
    2008-09-23 20:33 208,896 --a------ C:\WINDOWS\peltodgx.dll
    2008-09-23 20:33 151,552 --a------ C:\WINDOWS\eqvm.exe
    2008-09-23 20:33 102,400 --a------ C:\WINDOWS\fbxrqtwn.exe
    2008-09-19 06:56 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-18 10:12 <REP> d-------- C:\Program Files\Power Tab Software
    2008-09-13 17:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-09-13 17:06 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\skypePM
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Skype
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    2008-09-13 15:44 <REP> d-------- C:\WINDOWS\system32\appmgmt
    2008-09-09 19:54 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\AOL
    2008-09-09 19:53 86,016 --a------ C:\WINDOWS\unvise32qt.exe
    2008-09-09 19:53 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\occache
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\Program Files\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\aolback
    2008-09-09 19:53 <REP> d-------- C:\My Music
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Real
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-09-09 19:51 335 --a------ C:\WINDOWS\nsreg.dat
    2008-09-09 19:51 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-09-09 19:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-09-04 15:32 <REP> d-------- C:\Program Files\Azureus
    2008-09-03 15:36 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Help
    2008-09-03 15:32 109,056 --a------ C:\WINDOWS\system32\UNINSTAL.EXE
    2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\BACKUP
    2008-09-03 15:31 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
    2008-09-03 15:31 72,704 --------- C:\WINDOWS\system32\ODBCTL32.DLL
    2008-09-03 15:31 407,312 --------- C:\WINDOWS\system32\MSREPL35.DLL
    2008-09-03 15:31 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL
    2008-09-03 15:31 262,144 --------- C:\WINDOWS\system32\MSRD2X35.DLL
    2008-09-03 15:31 24,848 --------- C:\WINDOWS\system32\MSJTER35.DLL
    2008-09-03 15:31 168,720 --------- C:\WINDOWS\system32\MSLTUS35.DLL
    2008-09-03 15:31 165,648 --------- C:\WINDOWS\system32\MSTEXT35.DLL
    2008-09-03 15:31 123,664 --------- C:\WINDOWS\system32\MSJINT35.DLL
    2008-09-03 15:31 1,050,896 --------- C:\WINDOWS\system32\MSJET35.DLL
    2008-09-03 15:30 4,608 --------- C:\WINDOWS\system32\W95INF32.DLL
    2008-09-03 15:30 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL
    2008-09-03 15:30 393,728 --------- C:\WINDOWS\system32\MSVCRTD.DLL
    2008-09-03 15:30 2,304 --------- C:\WINDOWS\system32\W95INF16.DLL
    2008-09-03 15:29 <REP> d-------- C:\Program Files\greenstreet
    2008-09-03 15:23 <REP> d-------- C:\WINDOWS\Sellnew
    2008-09-03 14:53 <REP> d-------- C:\Program Files\Office10
    2008-08-25 19:24 <REP> d-------- C:\Program Files\eBay
    2008-08-25 19:24 <REP> d-------- C:\DOCUME~1\ALLUSE~1\eBay
    2008-08-25 19:22 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-08-11 21:02 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
    2008-08-11 21:02 45,056 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
    2008-08-11 21:02 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
    2008-08-11 21:02 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
    2008-08-11 21:02 <REP> d-------- C:\Program Files\Inventel
    2008-08-03 15:52 <REP> d-------- C:\Microgaming


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-09-27 12:15:53 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Azureus
    2008-09-24 20:27:52 58,652 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-09-24 20:27:52 438,652 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-09-20 19:47:52 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Microgaming
    2008-09-18 08:20:31 128,313 ----a-w C:\WINDOWS\hpoins11.dat
    2008-09-13 13:51:53 -------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-13 13:46:55 -------- d-----w C:\Program Files\Micro Trivial Pursuit
    2008-09-13 13:44:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\WinAce
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\HPQ
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-09-04 19:49:12 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\U3
    2008-08-14 08:38:13 -------- d-----w C:\Program Files\Messenger
    2008-08-01 19:11:57 48 ---ha-w C:\Program Files\.mcfl.dat
    2008-07-31 21:36:48 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Media Player Classic
    2008-07-30 12:55:36 49,152 ------w C:\WINDOWS\system32\inetwh32.dll
    2008-07-30 12:55:36 1,044,480 ------w C:\WINDOWS\system32\roboex32.dll
    2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 17:13]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 04:27]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-04-30 11:49]
    {D27D3178-FD5A-4052-8EF7-33EE84C17DAB}=C:\WINDOWS\dfmlxbpkksw.dll [2008-09-23 18:35]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
    "nwiz"="nwiz.exe" [2006-08-18 10:00 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
    "Gestionnaire de liaison sans fil"="C:\Program Files\Inventel\Gateway\wlancfg.exe" [2008-08-11 21:02]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-09 19:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 11:49]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 17:13]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispCPL"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuMorePrograms"=1 (0x1)
    "StartMenuLogOff"=1 (0x1)
    "NoToolbarCustomize"=1 (0x1)
    "NoSetFolders"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"="C:\WINDOWS\rwlfsdmk.dll" [2008-09-23 18:35]
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"="C:\WINDOWS\onfwbsak.dll" []

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58813d54-2432-11dd-a6ab-a12e89753c67}]
    AutoRun\command- G:\LaunchU3.exe


    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-30 18:23:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???pV??????Y?@?????<?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-09-30 18:24:23
    C:\ComboFix-quarantined-files.txt ... 2008-09-30 18:24: VIRUS ALERT!
    C:\ComboFix2.txt ... 2008-09-28 22:25: VIRUS ALERT!
    C:\ComboFix3.txt ... 2008-09-28 22:07: VIRUS ALERT!

    --- E O F ---



    Rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:25: VIRUS ALERT!, on 30/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Pauline\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: QXK Olive - {D27D3178-FD5A-4052-8EF7-33EE84C17DAB} - C:\WINDOWS\dfmlxbpkksw.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: peltodgx - {DFEAE9D3-90B8-4F9E-8AC2-8317693C94BA} - C:\WINDOWS\peltodgx.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Gestionnaire de liaison sans fil] "C:\Program Files\Inventel\Gateway\wlancfg.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\poker Unibet\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: rwlfsdmk - {8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D} - C:\WINDOWS\rwlfsdmk.dll
    O21 - SSODL: onfwbsak - {B07A0E7E-1387-4ECF-8F5B-9270420F5E25} - C:\WINDOWS\onfwbsak.dll (file missing)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9594 bytes
    a b 8 Sécurité
    30 Septembre 2008 19:13:32

    On va faire autrement.

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: QXK Olive - {D27D3178-FD5A-4052-8EF7-33EE84C17DAB} - C:\WINDOWS\dfmlxbpkksw.dll
    O3 - Toolbar: peltodgx - {DFEAE9D3-90B8-4F9E-8AC2-8317693C94BA} - C:\WINDOWS\peltodgx.dll
    O21 - SSODL: rwlfsdmk - {8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D} - C:\WINDOWS\rwlfsdmk.dll
    O21 - SSODL: onfwbsak - {B07A0E7E-1387-4ECF-8F5B-9270420F5E25} - C:\WINDOWS\onfwbsak.dll (file missing)


    &

    Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    :files
    C:\WINDOWS\system32\YUR173.exe
    C:\WINDOWS\rwlfsdmk.dll
    C:\WINDOWS\dfmlxbpkksw.dll
    C:\WINDOWS\onfwbsak.dll
    C:\WINDOWS\peltodgx.dll
    C:\WINDOWS\eqvm.exe
    C:\WINDOWS\fbxrqtwn.exe
    C:\WINDOWS\system32\ezsidmv.dat
    C:\WINDOWS\unvise32qt.exe

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27D3178-FD5A-4052-8EF7-33EE84C17DAB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}"=-
    "{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}"=-
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys]


    Double clique sur OTMoveIt3.exe afin de le lancer.
    Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
    Clique maintenant sur le bouton [#ff0000]MoveIt![/#f] puis ferme OTMoveIt3.

    [#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.[/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    30 Septembre 2008 19:38:02

    C'est fait:

    Error: Unable to interpret <files > in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\YUR173.exe > in the current context!
    Error: Unable to interpret <C:\WINDOWS\rwlfsdmk.dll > in the current context!
    Error: Unable to interpret <C:\WINDOWS\dfmlxbpkksw.dll > in the current context!
    Error: Unable to interpret <C:\WINDOWS\onfwbsak.dll > in the current context!
    Error: Unable to interpret <C:\WINDOWS\peltodgx.dll > in the current context!
    Error: Unable to interpret <C:\WINDOWS\eqvm.exe > in the current context!
    Error: Unable to interpret <C:\WINDOWS\fbxrqtwn.exe > in the current context!
    Error: Unable to interpret <C:\WINDOWS\system32\ezsidmv.dat > in the current context!
    Error: Unable to interpret <C:\WINDOWS\unvise32qt.exe > in the current context!
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27D3178-FD5A-4052-8EF7-33EE84C17DAB}\\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{B07A0E7E-1387-4ECF-8F5B-9270420F5E25} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}\ not found.
    Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys\\ deleted successfully.

    OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09302008_193434

    Merci de ton aide, la situtation s'est amélioré: mon PC ne rame plus et je peut facilement naviguer sur intenet... Cela dit, il reste l'écrito "VIRUS ALERT!" j'espére que l'on va en venir a bout...
    a b 8 Sécurité
    30 Septembre 2008 21:08:24

    Re,

    :files
    C:\WINDOWS\system32\YUR173.exe
    C:\WINDOWS\rwlfsdmk.dll
    C:\WINDOWS\dfmlxbpkksw.dll
    C:\WINDOWS\onfwbsak.dll
    C:\WINDOWS\peltodgx.dll
    C:\WINDOWS\eqvm.exe
    C:\WINDOWS\fbxrqtwn.exe
    C:\WINDOWS\system32\ezsidmv.dat
    C:\WINDOWS\unvise32qt.exe

    Tu n'as pas oublié le :files quand tu as collé le texte ?
    30 Septembre 2008 21:22:56

    Je ne sais plus... Tu veut que je refasse la manip du OTMoveIt3 ?
    1 Octobre 2008 18:47:53

    comme tu le sent...
    a b 8 Sécurité
    1 Octobre 2008 18:53:41

    Oui :) 
    1 Octobre 2008 19:13:37

    t'avais raison... le files est apparue dans le rapport:

    ========== FILES ==========
    C:\WINDOWS\system32\YUR173.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\rwlfsdmk.dll
    C:\WINDOWS\rwlfsdmk.dll NOT unregistered.
    C:\WINDOWS\rwlfsdmk.dll moved successfully.
    C:\WINDOWS\dfmlxbpkksw.dll unregistered successfully.
    C:\WINDOWS\dfmlxbpkksw.dll moved successfully.
    File/Folder C:\WINDOWS\onfwbsak.dll not found.
    C:\WINDOWS\peltodgx.dll unregistered successfully.
    C:\WINDOWS\peltodgx.dll moved successfully.
    C:\WINDOWS\eqvm.exe moved successfully.
    C:\WINDOWS\fbxrqtwn.exe moved successfully.
    C:\WINDOWS\system32\ezsidmv.dat moved successfully.
    C:\WINDOWS\unvise32qt.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27D3178-FD5A-4052-8EF7-33EE84C17DAB}\\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D4D82D1-B92A-4BEC-8F25-AF3B3C69960D}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{B07A0E7E-1387-4ECF-8F5B-9270420F5E25} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B07A0E7E-1387-4ECF-8F5B-9270420F5E25}\ not found.
    Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TDSSserv.sys\\ not found.

    OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 10012008_191103
    a b 8 Sécurité
    1 Octobre 2008 19:31:36

    Reposte un rapport Hijackthis.
    1 Octobre 2008 19:40:02

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:38: VIRUS ALERT!, on 01/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Pauline\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Gestionnaire de liaison sans fil] "C:\Program Files\Inventel\Gateway\wlancfg.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\poker Unibet\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9323 bytes
    a b 8 Sécurité
    1 Octobre 2008 19:50:41

    C'est mieux ?

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    1 Octobre 2008 23:04:56

    KASPERSKY ON-LINE SCANNER REPORT
    Wednesday, October 01, 2008 10:56:22 PM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 1/10/2008
    Enregistrements dans la base antivirus Kaspersky : 1144272


    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai

    Cible de l'analyse Poste de travail
    C:\
    D:\
    E:\

    Statistiques de l'analyse
    Total d'objets analysés 67703
    Nombre de virus trouvés 1
    Nombre d'objets infectés 4 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 01:34:52

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\call256.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\callmember256.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\chat512.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\chatmember256.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\chatmsg256.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\contactgroup256.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\dyncontent\bundle.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\index2.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\profile256.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\user1024.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Skype\pauline\voicemail256.dbb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4baeb5d2.zip/vmain.class Infecté : Exploit.Java.Gimsh.a ignoré

    C:\Documents and Settings\Pauline\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4baeb5d2.zip ZIP: infecté - 1 ignoré

    C:\Documents and Settings\Pauline\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-765ca994.zip/vmain.class Infecté : Exploit.Java.Gimsh.a ignoré

    C:\Documents and Settings\Pauline\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-765ca994.zip ZIP: infecté - 1 ignoré

    C:\Documents and Settings\Pauline\Cookies\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Historique\History.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Historique\History.IE5\MSHist012008100120081002\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Messenger\victor_m1@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Messenger\victor_m1@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Messenger\victor_m1@hotmail.fr\SharingMetadata\Working\database_2658_536A_5853_382F\dfsr.db L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Messenger\victor_m1@hotmail.fr\SharingMetadata\Working\database_2658_536A_5853_382F\fsr.log L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Messenger\victor_m1@hotmail.fr\SharingMetadata\Working\database_2658_536A_5853_382F\tmp.edb L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Windows Live Contacts\victor_m1@hotmail.fr\real\members.stg L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Application Data\Microsoft\Windows Live Contacts\victor_m1@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\fla118.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\fla42.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\fla473.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\fla48C.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\fla757.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\~DF23A9.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\~DF42BC.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\~DF42C7.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\~DFEA78.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Local Settings\Temp\~DFEB90.tmp L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\NTUSER.DAT L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\ntuser.dat.LOG L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Temporary Internet Files\Content.IE5\HR98LUOQ\get_video[1] L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Temporary Internet Files\Content.IE5\HR98LUOQ\get_video[3] L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré

    C:\Documents and Settings\Pauline\Temporary Internet Files\Content.IE5\WT8VJ11X\get_video[1] L'objet est verrouillé ignoré

    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP101\A0025759.dll L'objet est verrouillé ignoré

    C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP101\change.log L'objet est verrouillé ignoré

    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt L'objet est verrouillé ignoré

    C:\WINDOWS\RTacDbg.txt L'objet est verrouillé ignoré

    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

    C:\WINDOWS\system32\MsDtc\MSDTC.LOG L'objet est verrouillé ignoré

    C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log L'objet est verrouillé ignoré

    C:\WINDOWS\system32\msmq\storage\QMLog L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    C:\_OTMoveIt\MovedFiles\10012008_191103\WINDOWS\system32\YUR173.exe L'objet est verrouillé ignoré

    Analyse terminée.




    Alors voilà les petit probléme qui persiste sur le PC:

    > Le "Virus Alert ! " est toujours présent à coté de l'horloge
    > Lorsque je vais dans poste de travial il n'y a pas de disque dur
    > Dans le menu "démarer" l'option "fermer la session" et l'accés à "tout les programmes" ne sont pas présent
    a b 8 Sécurité
    2 Octobre 2008 18:08:33

    Re,

    Vide ce dossier :
    C:\Documents and Settings\Pauline\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar

    Refais un scan Combofix.
    2 Octobre 2008 19:18:48

    "Pauline" - 2008-10-02 19:12:57 Service Pack 2
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Pauline\Bureau\"


    ((((((((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 ))))))))))))))))))))))))))))))))))


    2008-10-02 08:30 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
    2008-10-01 20:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-09-27 14:44 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-27 14:44 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Malwarebytes
    2008-09-27 14:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    2008-09-25 22:34 49,152 --a------ C:\WINDOWS\nircmd.exe
    2008-09-25 20:39 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-25 10:21 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
    2008-09-24 20:47 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\skypePM
    2008-09-24 20:42 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Skype
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\TmpRecentIcons
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\HP
    2008-09-24 19:50 <REP> d-------- C:\DOCUME~1\Victor\APPLIC~1\Google
    2008-09-24 19:49 1,310,720 --ah----- C:\DOCUME~1\Victor\NTUSER.DAT
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Mes documents
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Menu D‚marrer
    2008-09-24 19:49 <REP> dr------- C:\DOCUME~1\Victor\Favoris
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage r‚seau
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\Voisinage d'impression
    2008-09-24 19:49 <REP> d--h----- C:\DOCUME~1\Victor\ModŠles
    2008-09-24 19:49 <REP> d-------- C:\DOCUME~1\Victor\Bureau
    2008-09-24 18:22 <REP> d--hs---- C:\WINDOWS\CSC
    2008-09-23 22:34 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\TmpRecentIcons
    2008-09-23 20:34 <REP> d-------- C:\Program Files\MicroAV
    2008-09-19 06:56 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-18 10:12 <REP> d-------- C:\Program Files\Power Tab Software
    2008-09-13 17:06 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\skypePM
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Skype
    2008-09-13 17:02 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Skype
    2008-09-13 17:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    2008-09-13 15:44 <REP> d-------- C:\WINDOWS\system32\appmgmt
    2008-09-09 19:54 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\AOL
    2008-09-09 19:53 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\system32\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\WINDOWS\occache
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\Program Files\QuickTime
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Nullsoft
    2008-09-09 19:53 <REP> d-------- C:\Program Files\Fichiers communs\aolback
    2008-09-09 19:53 <REP> d-------- C:\My Music
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\You've Got Pictures Screensaver
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-09-09 19:53 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Real
    2008-09-09 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2008-09-09 19:51 335 --a------ C:\WINDOWS\nsreg.dat
    2008-09-09 19:51 <REP> d-------- C:\Program Files\Fichiers communs\AOL
    2008-09-09 19:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-09-04 15:32 <REP> d-------- C:\Program Files\Azureus
    2008-09-03 15:36 <REP> d-------- C:\DOCUME~1\Pauline\APPLIC~1\Help
    2008-09-03 15:32 109,056 --a------ C:\WINDOWS\system32\UNINSTAL.EXE
    2008-09-03 15:32 <REP> d-------- C:\WINDOWS\system32\BACKUP
    2008-09-03 15:31 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
    2008-09-03 15:31 72,704 --------- C:\WINDOWS\system32\ODBCTL32.DLL
    2008-09-03 15:31 407,312 --------- C:\WINDOWS\system32\MSREPL35.DLL
    2008-09-03 15:31 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL
    2008-09-03 15:31 262,144 --------- C:\WINDOWS\system32\MSRD2X35.DLL
    2008-09-03 15:31 24,848 --------- C:\WINDOWS\system32\MSJTER35.DLL
    2008-09-03 15:31 168,720 --------- C:\WINDOWS\system32\MSLTUS35.DLL
    2008-09-03 15:31 165,648 --------- C:\WINDOWS\system32\MSTEXT35.DLL
    2008-09-03 15:31 123,664 --------- C:\WINDOWS\system32\MSJINT35.DLL
    2008-09-03 15:31 1,050,896 --------- C:\WINDOWS\system32\MSJET35.DLL
    2008-09-03 15:30 4,608 --------- C:\WINDOWS\system32\W95INF32.DLL
    2008-09-03 15:30 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL
    2008-09-03 15:30 393,728 --------- C:\WINDOWS\system32\MSVCRTD.DLL
    2008-09-03 15:30 2,304 --------- C:\WINDOWS\system32\W95INF16.DLL
    2008-09-03 15:29 <REP> d-------- C:\Program Files\greenstreet
    2008-09-03 15:23 <REP> d-------- C:\WINDOWS\Sellnew
    2008-09-03 14:53 <REP> d-------- C:\Program Files\Office10


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-09-27 12:15:53 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Azureus
    2008-09-24 20:27:52 58,652 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2008-09-24 20:27:52 438,652 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2008-09-20 19:47:52 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\Microgaming
    2008-09-18 08:20:31 128,313 ----a-w C:\WINDOWS\hpoins11.dat
    2008-09-13 13:51:53 -------- d-----w C:\Program Files\Messenger Plus! Live
    2008-09-13 13:46:55 -------- d-----w C:\Program Files\Micro Trivial Pursuit
    2008-09-13 13:44:47 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\WinAce
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\HPQ
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-13 13:44:47 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-09-04 19:49:12 -------- d-----w C:\DOCUME~1\Pauline\APPLIC~1\U3
    2008-08-25 17:24:16 -------- d-----w C:\Program Files\eBay
    2008-08-14 08:38:13 -------- d-----w C:\Program Files\Messenger
    2008-08-11 19:02:32 -------- d-----w C:\Program Files\Inventel
    2008-08-11 19:02:26 81,920 ----a-w C:\WINDOWS\system32\W32N50.DLL
    2008-08-11 19:02:26 17,134 ----a-w C:\WINDOWS\system32\PCANDIS5.SYS
    2008-08-01 19:11:57 48 ---ha-w C:\Program Files\.mcfl.dat
    2008-07-30 12:55:36 49,152 ------w C:\WINDOWS\system32\inetwh32.dll
    2008-07-30 12:55:36 1,044,480 ------w C:\WINDOWS\system32\roboex32.dll
    2008-07-18 20:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 17:13]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 04:27]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:56]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2008-04-30 11:49]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27]
    "nwiz"="nwiz.exe" [2006-08-18 10:00 C:\WINDOWS\system32\nwiz.exe]
    "MsmqIntCert"="regsvr32 /s mqrt.dll" []
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
    "QlbCtrl"="%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" []
    "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 16:02]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-27 22:28]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
    "Gestionnaire de liaison sans fil"="C:\Program Files\Inventel\Gateway\wlancfg.exe" [2008-08-11 21:02]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-09 19:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 06:00]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-30 11:49]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 17:13]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispCPL"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuMorePrograms"=1 (0x1)
    "StartMenuLogOff"=1 (0x1)
    "NoToolbarCustomize"=1 (0x1)
    "NoSetFolders"=1 (0x1)

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58813d54-2432-11dd-a6ab-a12e89753c67}]
    AutoRun\command- G:\LaunchU3.exe

    *Newly Created Service* - SJYPKT

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 19:15:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???pV??????Y?@?????<?@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2008-10-02 19:16:14
    C:\ComboFix-quarantined-files.txt ... 2008-10-02 19:16
    C:\ComboFix2.txt ... 2008-09-30 18:24
    C:\ComboFix3.txt ... 2008-09-28 22:25

    --- E O F ---
    a b 8 Sécurité
    2 Octobre 2008 19:59:06

    Re,

    Télécharge Smitfraudfix (de S!ri).
    Enregistre-le sur ton bureau.
    Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    **Si le lien ne fonctionne pas, clique ici**
    2 Octobre 2008 21:18:41

    SmitFraudFix v2.356

    Rapport fait à 21:14:52,79, 02/10/2008
    Executé à partir de C:\Documents and Settings\Pauline\Bureau\jeux victor\hijack this\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pauline


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pauline\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pauline\Favoris

    C:\DOCUME~1\Pauline\Favoris\Error Cleaner.url PRESENT !
    C:\DOCUME~1\Pauline\Favoris\Privacy Protector.url PRESENT !
    C:\DOCUME~1\Pauline\Favoris\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\Pauline\Bureau\Error Cleaner.url PRESENT !
    C:\DOCUME~1\Pauline\Bureau\Privacy Protector.url PRESENT !
    C:\DOCUME~1\Pauline\Bureau\Spyware?Malware Protection.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\MicroAV\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: TRENDnet TEW-424UB 54M USB Dongle - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.40.241
    DNS Server Search Order: 212.27.40.240

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    3 Octobre 2008 14:16:45

    ET bien écoute tout est revenu.... parfait merci beaucoup: tu fais du bon boulot !
    a b 8 Sécurité
    3 Octobre 2008 16:07:25

    On n'a même pas terminé :/ 
    3 Octobre 2008 16:43:30

    alors continuons tout de même... car il peut resurgir....
    a b 8 Sécurité
    3 Octobre 2008 18:25:27

    Re,

    Redémarre en mode sans échec

    Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
    Sauvegarde le rapport sur ton Bureau.

    Redémarre normalement.

    Poste les rapports Hijackthis et SmitfraudFix.
    5 Octobre 2008 12:53:29

    Rapport Smitfraudfix en mode sans echec sur l'option 2:

    SmitFraudFix v2.356

    Rapport fait à 12:48:03,43, 05/10/2008
    Executé à partir de C:\Documents and Settings\Pauline\Bureau\jeux victor\hijack this\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\DOCUME~1\Pauline\Bureau\Error Cleaner.url supprimé
    C:\DOCUME~1\Pauline\Bureau\Privacy Protector.url supprimé
    C:\DOCUME~1\Pauline\Bureau\Spyware?Malware Protection.url supprimé
    C:\DOCUME~1\Pauline\Favoris\Error Cleaner.url supprimé
    C:\DOCUME~1\Pauline\Favoris\Privacy Protector.url supprimé
    C:\DOCUME~1\Pauline\Favoris\Spyware?Malware Protection.url supprimé
    C:\Program Files\MicroAV\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: TRENDnet TEW-424UB 54M USB Dongle - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{779EA1E6-C1EF-4CF2-A3FA-DE180E37FD7E}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    rapport Hijackthis aprés redemarage en mode normal:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:02:19, on 05/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Documents and Settings\Pauline\Mes documents\HijackThis.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Gestionnaire de liaison sans fil] "C:\Program Files\Inventel\Gateway\wlancfg.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\poker Unibet\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 8844 bytes

    a b 8 Sécurité
    5 Octobre 2008 15:30:40

    Mieux nan ?
    5 Octobre 2008 20:43:35

    perfect !!

    tu veut continuer? ou on considére que le probléme est résolu et on arrête ?

    sachant que de mon coté tout est parfait..
    a b 8 Sécurité
    6 Octobre 2008 17:16:32

    C'est ok pour moi.
    6 Octobre 2008 18:58:47

    Eh bien merci pour ton aide!!
    a b 8 Sécurité
    6 Octobre 2008 20:03:14

    Bon surf.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS