Se connecter / S'enregistrer
Votre question

Pb malwares [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Septembre 2008 21:59:16

Bonsoir

J'ai des fenetres disant que je suis infecte. Cela m'a supprimee windows update qui me dit, quand je l'active, que mon aministateur systeme l'a déconcte, ce qui est faux, je ne peux plus accéder à mon gestionnaire de tâches via les touches ctrl alt suppr. J'ai un Trojan-Spy.Win32.GreenScreen et ses petits freres. Un programmeppele MicroAV 2009
Aidez-loi à nettoyer tout cela svp

Voilà mon rapport hijackhis

Logfile of HijackThis v1.99.1
Scan saved at 21:58:21, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\ebgxqtwj\qrafqlqf.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\qzcngdcp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\WINDOWS\system32\qzcngdcp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {C2503670-6D0E-4662-AC65-EFA76E33056C} - C:\WINDOWS\system32\ljJDWNFY.dll
O2 - BHO: (no name) - {CE3C5D3E-658E-4966-A675-8AFDE578AAE9} - C:\WINDOWS\system32\qoMcawvT.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe\Manager.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.atoopic.com/XUpload.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ljJDWNFY - C:\WINDOWS\SYSTEM32\ljJDWNFY.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: ActCmd - {4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Autres pages sur : malwares resolu

30 Septembre 2008 22:01:31

bonsoir

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM

    30 Septembre 2008 22:17:05

    ok je m'y mets :) 
    Contenus similaires
    1 Octobre 2008 02:47:55

    Il y avait des elements qui ont fait que j'ai dû redémarrer kl'ordinateur. J'ai fait au meux. En tout cas j'ai pu réactiver Windows Update et le gestionnaire de tâches s'affiche de nouveau, c'est déjà cela:o ) Voilà le rapport



    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1225
    Windows 5.1.2600 Service Pack 3

    01/10/2008 02:35:03
    mbam-log-2008-10-01 (02-35-03).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 298906
    Temps écoulé: 3 hour(s), 47 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 30
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 87

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ljJDWNFY.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2503670-6d0e-4662-ac65-efa76e33056c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjdwnfy (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{c2503670-6d0e-4662-ac65-efa76e33056c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\joe0fj1enr (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c2503670-6d0e-4662-ac65-efa76e33056c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Run (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ljJDWNFY.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\Documents and Settings\All Users\Application Data\ebgxqtwj\qrafqlqf.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\buqvjouc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\wnmbawgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\7KQ3C9WV\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\G47LC5U6\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\G47LC5U6\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\K6T3X57J\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130614.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130615.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130616.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130617.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130618.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130619.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130620.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0130621.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0131614.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0131615.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132653.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132654.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132655.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132656.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132657.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132658.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0132659.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP470\A0133637.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP471\A0133748.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133855.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133856.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133857.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133858.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP472\A0133859.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133883.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133884.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133886.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133888.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133889.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133890.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133891.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5864E199-E068-480D-BF55-3BCEB0D80CFD}\RP473\A0133913.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUkklLC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\temp\NOD499.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\MicroAV\MicroAV.cpl (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\1.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\2.ico (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    1 Octobre 2008 15:35:58

    bonjour

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    1 Octobre 2008 18:55:01

    ok, merci , je m'y colle !
    1 Octobre 2008 19:36:48

    Voilà le rapport de ComboFix

    ComboFix 08-09-30.03 - HP_Propri‚taire 2008-10-01 19:02:59.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.284 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\HP_Propri‚taire\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\install_flash_player.exe
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ads.128b[1].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clickintext[1].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clicktorrent[2].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@edt02[2].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@revsci[2].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@t.spike[1].txt

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://hqsextube08.com
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-30 22:45 . 2008-09-30 22:45 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Malwarebytes
    2008-09-30 22:44 . 2005-01-01 12:21 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\WINDOWS
    2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage r‚seau
    2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage d'impression
    2008-09-30 22:44 . 2007-06-02 03:58 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\ModŠles
    2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Mes documents
    2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Menu D‚marrer
    2008-09-30 22:44 . 2007-06-01 19:34 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Favoris
    2008-09-30 22:44 . 2005-01-01 17:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Bureau
    2008-09-30 22:44 . 2005-01-01 14:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Symantec
    2008-09-30 22:44 . 2005-01-01 15:41 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\SampleView
    2008-09-30 22:44 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Intervideo
    2008-09-30 22:44 . 2005-01-01 12:20 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Apple Computer
    2008-09-30 22:44 . 2008-09-30 22:44 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001
    2008-09-30 22:33 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-09-30 22:32 . 2008-09-30 22:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 22:32 . 2008-09-30 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-30 22:32 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-30 22:32 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-30 21:15 . 2008-09-30 21:15 <REP> d-------- C:\Program Files\ygmppu
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\ModŠles
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Mes documents
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Favoris
    2008-09-30 09:37 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Application Data\Intervideo
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d---s---- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000
    2008-09-30 09:17 . 2008-09-30 22:28 545,563 --ahs---- C:\WINDOWS\system32\TvwacMoq.ini2
    2008-09-30 09:17 . 2008-09-30 22:28 545,563 --ahs---- C:\WINDOWS\system32\TvwacMoq.ini
    2008-09-30 09:16 . 2008-09-30 09:16 <REP> d-------- C:\Program Files\ESET
    2008-09-30 09:12 . 2008-10-01 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ebgxqtwj
    2008-09-30 09:07 . 2008-09-30 09:07 93,696 --a------ C:\WINDOWS\system32\setup(1).exe
    2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Program Files\NOS
    2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-18 18:04 . 2008-09-18 18:04 <REP> d-------- C:\Program Files\SnadBoy's Revelation v2
    2008-09-05 10:27 . 2008-10-01 11:40 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-09-05 10:27 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
    2008-09-05 10:27 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-09-05 10:27 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-09-05 10:27 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-09-05 10:27 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-01 16:45 --------- d-----w C:\Program Files\Paint Shop Pro 6
    2008-10-01 09:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-01 09:51 --------- d-----w C:\Program Files\eMule
    2008-09-30 19:58 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-09-27 09:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-09-23 15:56 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-09-19 13:46 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\AdobeUM
    2008-09-14 06:36 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe
    2008-08-28 09:00 --------- d-----w C:\Program Files\BitTornado
    2008-08-26 10:54 1,572,864 ---ha-w C:\Documents and Settings\thãd\ntuser.dat
    2008-08-19 07:30 --------- d-----w C:\Program Files\Bonjour
    2008-08-18 13:19 --------- d-----w C:\Program Files\DivX
    2008-08-11 11:32 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-09 10:56 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\ESET
    2008-08-09 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-08-09 09:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 11:38 --------- d-----w C:\Program Files\iTunes
    2008-08-04 11:38 --------- d-----w C:\Program Files\iPod
    2007-06-01 17:31 262,144 ----a-w C:\Documents and Settings\HP_Propriétaire\NTUSER.DAT
    2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java\utilurl.dll
    2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java1\lrulitu.bak2
    2005-05-01 20:44 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    2008-02-11 12:46 56 --sh--r C:\WINDOWS\system32\4C5A114734.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-29 185896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
    "SiSPower"="SiSPower.dll" [2004-09-24 C:\WINDOWS\system32\SiSPower.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-07-29 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2004-07-29 C:\WINDOWS\ALCWZRD.EXE]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ActCmd"= {4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll [2008-09-30 114688]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - K:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07861b1-e4a7-11dc-95d8-0011d888b889}]
    \Shell\AutoRun\command - K:\LaunchU3.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{CE3C5D3E-658E-4966-A675-8AFDE578AAE9} - C:\WINDOWS\system32\qoMcawvT.dll
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    HKLM-Run-VTTimer - VTTimer.exe


    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
    R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
    R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-01 19:22:05
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-01 19:29:29 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-01 17:29:24
    ComboFix2.txt 2007-09-02 22:53:28

    Avant-CF: 15ÿ239ÿ016ÿ448 octets libres
    Après-CF: 18,945,007,616 octets libres

    200 --- E O F --- 2008-09-10 20:20:25


    Et celui de HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:44, on 01/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.atoopic.com/XUpload.ocx
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: ActCmd - {4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    Merci pour ton aide !
    1 Octobre 2008 19:44:51

    Bonsoir

    ComboFix a généré un rapport que je n'ai pas mis. Le voici

    1. 2004-04-30 14:01 53 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir
    2. 2007-09-01 15:59 4286 --a------ C:\Qoobox\Quarantine\C\Program Files\VideoAccessCodec\install.ico.vir
    3. 2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\PROGRAMS.folder.cf
    4. 2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\START MENU.folder.cf
    5. 2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\STARTUP.folder.cf
    6. 2007-09-03 00:44 0 --a------ C:\Qoobox\BackEnv\TEMPLATES.folder.cf
    7. 2007-09-03 00:44 151 --a------ C:\Qoobox\BackEnv\APPDATA.folder.cf
    8. 2007-09-03 00:44 156 --a------ C:\Qoobox\BackEnv\CACHE.folder.cf
    9. 2007-09-03 00:44 156 --a------ C:\Qoobox\BackEnv\LOCAL APPDATA.folder.cf
    10. 2007-09-03 00:44 166 --a------ C:\Qoobox\BackEnv\LOCAL SETTINGS.folder.cf
    11. 2007-09-03 00:44 228 --a------ C:\Qoobox\BackEnv\profiles.folder.cf
    12. 2007-09-03 00:44 3423 --a------ C:\Qoobox\BackEnv\setpath.bat
    13. 2007-09-03 00:44 54 --a------ C:\Qoobox\BackEnv\DESKTOP.folder.cf
    14. 2007-09-03 00:44 56 --a------ C:\Qoobox\BackEnv\FAVORITES.folder.cf
    15. 2007-09-03 00:44 58 --a------ C:\Qoobox\BackEnv\PERSONAL.folder.cf
    16. 2007-09-03 00:44 76 --a------ C:\Qoobox\BackEnv\MY PICTURES.folder.cf
    17. 2007-09-03 00:52 688071 --a------ C:\Qoobox\snapshot_2007-09-03_ 05255,25.cf
    18.  
    19.  
    20. Structure du dossier pour le volume HP_PAVILION
    21. Le num‚ro de s‚rie du volume est 9CA6-6640
    22. C:\QOOBOX
    23. | snapshot_2007-09-03_ 05255,25.cf
    24. |
    25. +---BackEnv
    26. | APPDATA.folder.cf
    27. | CACHE.folder.cf
    28. | DESKTOP.folder.cf
    29. | FAVORITES.folder.cf
    30. | LOCAL APPDATA.folder.cf
    31. | LOCAL SETTINGS.folder.cf
    32. | MY PICTURES.folder.cf
    33. | PERSONAL.folder.cf
    34. | profiles.folder.cf
    35. | PROGRAMS.folder.cf
    36. | setpath.bat
    37. | START MENU.folder.cf
    38. | STARTUP.folder.cf
    39. | TEMPLATES.folder.cf
    40. |
    41. \---Quarantine
    42. +---C
    43. | +---ComboFix
    44. | \---Program Files
    45. | \---VideoAccessCodec
    46. | install.ico.vir
    47. |
    48. +---D
    49. | Autorun.inf.vir
    50. |
    51. \---Registry_backups

    1 Octobre 2008 21:02:04

    re

    J'ai un gros doute sur ta version de nod32... ça serait pas un crack?
    ++++++++++++++++++++++++

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\system32\TvwacMoq.ini2
    C:\WINDOWS\system32\TvwacMoq.ini

    Folder::
    C:\Program Files\ygmppu
    C:\Documents and Settings\All Users\Application Data\ebgxqtwj

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "ActCmd"=-



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    +++++++++++++++



    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\java\utilurl.dll

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    +++++++++++++++++++++++


    Même chose avec:
    C:\WINDOWS\system32\4C5A114734.sys
    2 Octobre 2008 00:11:45

    Pour Nod 32 c'est à l'install que j'ai eu toutes ses m... C'était une version crackée dès l'install. pas de crack ni de keygen. Il y a eu du recodage, c'est sûr.
    2 Octobre 2008 00:57:38

    Je n'ai pas trouvé utilurl.dll ni 4C5A114734.sys

    Voici le rapport de Combofix

    ComboFix 08-09-30.03 - HP_Propri‚taire 2008-10-02 0:21:08.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.272 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\HP_Propri‚taire\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\HP_Propri‚taire\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé
    * Resident AV is active


    FILE ::
    C:\WINDOWS\system32\TvwacMoq.ini
    C:\WINDOWS\system32\TvwacMoq.ini2
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\ebgxqtwj
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@ads.128b[1].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clickintext[1].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@clicktorrent[2].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@edt02[2].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@revsci[2].txt
    C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@t.spike[1].txt
    C:\Program Files\ygmppu
    C:\Program Files\ygmppu\ActCmd.dll
    C:\WINDOWS\system32\TvwacMoq.ini
    C:\WINDOWS\system32\TvwacMoq.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-30 22:45 . 2008-09-30 22:45 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Malwarebytes
    2008-09-30 22:44 . 2005-01-01 12:21 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\WINDOWS
    2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage r‚seau
    2008-09-30 22:44 . 2005-01-01 11:38 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Voisinage d'impression
    2008-09-30 22:44 . 2007-06-02 03:58 <REP> d--h----- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\ModŠles
    2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Mes documents
    2008-09-30 22:44 . 2007-06-02 03:57 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Menu D‚marrer
    2008-09-30 22:44 . 2007-06-01 19:34 <REP> dr------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Favoris
    2008-09-30 22:44 . 2005-01-01 17:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Bureau
    2008-09-30 22:44 . 2005-01-01 14:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Symantec
    2008-09-30 22:44 . 2005-01-01 15:41 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\SampleView
    2008-09-30 22:44 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Intervideo
    2008-09-30 22:44 . 2005-01-01 12:20 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001\Application Data\Apple Computer
    2008-09-30 22:44 . 2008-09-30 22:44 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.001
    2008-09-30 22:33 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-09-30 22:32 . 2008-09-30 22:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-30 22:32 . 2008-09-30 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-30 22:32 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-30 22:32 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\ModŠles
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Mes documents
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Favoris
    2008-09-30 09:37 . 2005-01-01 12:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000\Application Data\Intervideo
    2008-09-30 09:37 . 2008-09-30 21:15 <REP> d---s---- C:\Documents and Settings\Administrateur.NOM-B0A1C0A3909.000
    2008-09-30 09:16 . 2008-09-30 09:16 <REP> d-------- C:\Program Files\ESET
    2008-09-30 09:07 . 2008-09-30 09:07 93,696 --a------ C:\WINDOWS\system32\setup(1).exe
    2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Program Files\NOS
    2008-09-27 11:49 . 2008-09-28 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-09-18 18:04 . 2008-09-18 18:04 <REP> d-------- C:\Program Files\SnadBoy's Revelation v2
    2008-09-05 10:27 . 2008-10-01 11:40 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-09-05 10:27 . <REP> C:\Documents and Settings\HP_Propriétaire\Application Data\PC Tools
    2008-09-05 10:27 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-09-05 10:27 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-09-05 10:27 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-09-05 10:27 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-01 21:31 --------- d-----w C:\Program Files\Paint Shop Pro 6
    2008-10-01 17:31 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-10-01 09:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-01 09:51 --------- d-----w C:\Program Files\eMule
    2008-09-27 09:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-09-23 15:56 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-09-19 13:46 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\AdobeUM
    2008-09-14 06:36 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Adobe
    2008-08-28 09:00 --------- d-----w C:\Program Files\BitTornado
    2008-08-26 10:54 1,572,864 ---ha-w C:\Documents and Settings\thãd\ntuser.dat
    2008-08-19 07:30 --------- d-----w C:\Program Files\Bonjour
    2008-08-18 13:19 --------- d-----w C:\Program Files\DivX
    2008-08-11 11:32 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-09 10:56 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\ESET
    2008-08-09 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
    2008-08-09 09:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-04 11:38 --------- d-----w C:\Program Files\iTunes
    2008-08-04 11:38 --------- d-----w C:\Program Files\iPod
    2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2007-06-01 17:31 262,144 ----a-w C:\Documents and Settings\HP_Propriétaire\NTUSER.DAT
    2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java\utilurl.dll
    2005-04-28 16:22 444,471 --sha-w C:\WINDOWS\java1\lrulitu.bak2
    2005-05-01 20:44 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    2008-02-11 12:46 56 --sh--r C:\WINDOWS\system32\4C5A114734.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 155648]
    "HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
    "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 659456]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-29 185896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
    "SiSPower"="SiSPower.dll" [2004-09-24 C:\WINDOWS\system32\SiSPower.dll]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-07-29 C:\WINDOWS\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2004-07-29 C:\WINDOWS\ALCWZRD.EXE]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
    "C:\\Program Files\\FileZilla\\FileZilla.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - K:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07861b1-e4a7-11dc-95d8-0011d888b889}]
    \Shell\AutoRun\command - K:\LaunchU3.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    SSODL-ActCmd-{4F662BA3-3986-1A22-A732-08B297B85579} - C:\Program Files\ygmppu\ActCmd.dll



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 00:26:08
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-10-02 0:30:25
    ComboFix-quarantined-files.txt 2008-10-01 22:30:22
    ComboFix2.txt 2008-10-01 17:29:29
    ComboFix3.txt 2007-09-02 22:53:28

    Avant-CF: 18,821,337,088 octets libres
    Après-CF: 18,843,361,280 octets libres

    181 --- E O F --- 2008-09-10 20:20:25
    2 Octobre 2008 18:37:54

    re

    1

    Désinstalle Nod32 si ce n'est pas déjà fait...
    puis vire:

    C:\Program Files\ESET
    C:\WINDOWS\system32\setup(1).exe

    2


    installe un antivirus gratuit et efficace:
    Antivir.

    -->Tuto<--


    3
    Citation :
    Je n'ai pas trouvé utilurl.dll ni 4C5A114734.sys

    vois si en faisant ça tu les retrouves:

    Citation :
    Pour afficher les dossiers et fichiers cachés du système:
    Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

    Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.


    4
    fais un scan avec antivir et poste le rapport.
    2 Octobre 2008 19:56:55

    ok merci :o )
    2 Octobre 2008 20:08:21

    utilurl.dll et 4C5A114734.sys même en affichant les fichiers et dossiers cachés

    Je dl Antivir et faus les scan
    2 Octobre 2008 20:16:21

    J(ai troube utilurl et l'autre :) 
    2 Octobre 2008 20:28:05

    Résultat pour utilurl.dll


    Fichier utilurl.dll reçu le 2008.10.02 20:12:30 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.3.0 2008.10.02 -
    AntiVir 7.8.1.34 2008.10.02 -
    Authentium 5.1.0.4 2008.10.02 -
    Avast 4.8.1248.0 2008.10.02 -
    AVG 8.0.0.161 2008.10.02 -
    BitDefender 7.2 2008.10.02 -
    CAT-QuickHeal 9.50 2008.10.01 -
    ClamAV 0.93.1 2008.10.02 -
    DrWeb 4.44.0.09170 2008.10.02 -
    eSafe 7.0.17.0 2008.10.02 -
    eTrust-Vet 31.6.6121 2008.10.02 -
    Ewido 4.0 2008.10.02 -
    F-Prot 4.4.4.56 2008.09.30 -
    F-Secure 8.0.14332.0 2008.10.02 -
    Fortinet 3.113.0.0 2008.10.02 -
    GData 19 2008.10.02 -
    Ikarus T3.1.1.34.0 2008.10.02 -
    K7AntiVirus 7.10.481 2008.10.02 -
    Kaspersky 7.0.0.125 2008.10.02 -
    McAfee 5396 2008.10.02 -
    Microsoft 1.4005 2008.10.02 -
    NOD32 3490 2008.10.02 -
    Norman 5.80.02 2008.10.02 -
    Panda 9.0.0.4 2008.10.02 -
    PCTools 4.4.2.0 2008.10.02 -
    Prevx1 V2 2008.10.02 -
    Rising 20.63.62.00 2008.09.28 -
    SecureWeb-Gateway 6.7.6 2008.10.02 -
    Sophos 4.34.0 2008.10.02 -
    Sunbelt 3.1.1675.1 2008.09.27 -
    Symantec 10 2008.10.02 -
    TheHacker 6.3.0.9.098 2008.10.01 -
    TrendMicro 8.700.0.1004 2008.10.02 -
    VBA32 3.12.8.6 2008.10.02 -
    ViRobot 2008.10.2.1403 2008.10.02 -
    VirusBuster 4.5.11.0 2008.10.02 -

    Information additionnelle
    File size: 444471 bytes
    MD5...: 30f09bae97f2888e0e2153915fa68c3f
    SHA1..: d9c97c2647359efe51fb42340b416e1514aed561
    SHA256: 2df132ded8c9177db54c162bbeb0805dfcc4410e05d7b709d636b3d4d088fd73
    SHA512: c629382abea4050d3b5a352759141e1b99d43b99dc9b1d7c4fdb0078bcb06327<BR>a9ab0a298cbbc8198088a8b33e8ea6aec0962a1151a0d647492c42b2d271b7ae
    PEiD..: -
    TrID..: File type identification<BR>Unknown!
    PEInfo: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.3.0 2008.10.02 -
    AntiVir 7.8.1.34 2008.10.02 -
    Authentium 5.1.0.4 2008.10.02 -
    Avast 4.8.1248.0 2008.10.02 -
    AVG 8.0.0.161 2008.10.02 -
    BitDefender 7.2 2008.10.02 -
    CAT-QuickHeal 9.50 2008.10.01 -
    ClamAV 0.93.1 2008.10.02 -
    DrWeb 4.44.0.09170 2008.10.02 -
    eSafe 7.0.17.0 2008.10.02 -
    eTrust-Vet 31.6.6121 2008.10.02 -
    Ewido 4.0 2008.10.02 -
    F-Prot 4.4.4.56 2008.09.30 -
    F-Secure 8.0.14332.0 2008.10.02 -
    Fortinet 3.113.0.0 2008.10.02 -
    GData 19 2008.10.02 -
    Ikarus T3.1.1.34.0 2008.10.02 -
    K7AntiVirus 7.10.481 2008.10.02 -
    Kaspersky 7.0.0.125 2008.10.02 -
    McAfee 5396 2008.10.02 -
    Microsoft 1.4005 2008.10.02 -
    NOD32 3490 2008.10.02 -
    Norman 5.80.02 2008.10.02 -
    Panda 9.0.0.4 2008.10.02 -
    PCTools 4.4.2.0 2008.10.02 -
    Prevx1 V2 2008.10.02 -
    Rising 20.63.62.00 2008.09.28 -
    SecureWeb-Gateway 6.7.6 2008.10.02 -
    Sophos 4.34.0 2008.10.02 -
    Sunbelt 3.1.1675.1 2008.09.27 -
    Symantec 10 2008.10.02 -
    TheHacker 6.3.0.9.098 2008.10.01 -
    TrendMicro 8.700.0.1004 2008.10.02 -
    VBA32 3.12.8.6 2008.10.02 -
    ViRobot 2008.10.2.1403 2008.10.02 -
    VirusBuster 4.5.11.0 2008.10.02 -

    Information additionnelle
    File size: 444471 bytes
    MD5...: 30f09bae97f2888e0e2153915fa68c3f
    SHA1..: d9c97c2647359efe51fb42340b416e1514aed561
    SHA256: 2df132ded8c9177db54c162bbeb0805dfcc4410e05d7b709d636b3d4d088fd73
    SHA512: c629382abea4050d3b5a352759141e1b99d43b99dc9b1d7c4fdb0078bcb06327<BR>a9ab0a298cbbc8198088a8b33e8ea6aec0962a1151a0d647492c42b2d271b7ae
    PEiD..: -
    TrID..: File type identification<BR>Unknown!
    PEInfo: -


    Résultat pour 4C5A114734.sys

    Fichier 4C5A114734.sys reçu le 2008.10.02 20:20:27 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.3.0 2008.10.02 -
    AntiVir 7.8.1.34 2008.10.02 -
    Authentium 5.1.0.4 2008.10.02 -
    Avast 4.8.1248.0 2008.10.02 -
    AVG 8.0.0.161 2008.10.02 -
    BitDefender 7.2 2008.10.02 -
    CAT-QuickHeal 9.50 2008.10.01 -
    ClamAV 0.93.1 2008.10.02 -
    DrWeb 4.44.0.09170 2008.10.02 -
    eSafe 7.0.17.0 2008.10.02 -
    eTrust-Vet 31.6.6121 2008.10.02 -
    Ewido 4.0 2008.10.02 -
    F-Prot 4.4.4.56 2008.09.30 -
    F-Secure 8.0.14332.0 2008.10.02 -
    Fortinet 3.113.0.0 2008.10.02 -
    GData 19 2008.10.02 -
    Ikarus T3.1.1.34.0 2008.10.02 -
    K7AntiVirus 7.10.481 2008.10.02 -
    Kaspersky 7.0.0.125 2008.10.02 -
    McAfee 5396 2008.10.02 -
    Microsoft 1.4005 2008.10.02 -
    NOD32 3490 2008.10.02 -
    Norman 5.80.02 2008.10.02 -
    Panda 9.0.0.4 2008.10.02 -
    PCTools 4.4.2.0 2008.10.02 -
    Prevx1 V2 2008.10.02 -
    Rising 20.63.62.00 2008.09.28 -
    SecureWeb-Gateway 6.7.6 2008.10.02 -
    Sophos 4.34.0 2008.10.02 -
    Sunbelt 3.1.1675.1 2008.09.27 -
    Symantec 10 2008.10.02 -
    TheHacker 6.3.0.9.098 2008.10.01 -
    TrendMicro 8.700.0.1004 2008.10.02 -
    VBA32 3.12.8.6 2008.10.02 -
    ViRobot 2008.10.2.1403 2008.10.02 -
    VirusBuster 4.5.11.0 2008.10.02 -

    Information additionnelle
    File size: 56 bytes
    MD5...: 422bffb47f52bc58b986645f66a02f7a
    SHA1..: 410a7ffa309970e2c7b3c2d24e6b587c201ebe4c
    SHA256: 1a560623ed40f089ca689d90205271bcfb2c3a80cc46658dd3554119b4d44ad5
    SHA512: 165a95c9457a7e1cc05925b1932d984f1f4b9f6293d2ef918c0b79c5e591fd40<BR>d804b5924b81ccd3a4a7260891de5012a5087867a60461f89b2b26b38bb96b32
    PEiD..: -
    TrID..: File type identification<BR>MS Flight Simulator Aircraft Performance Info (100.0%)
    PEInfo: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.3.0 2008.10.02 -
    AntiVir 7.8.1.34 2008.10.02 -
    Authentium 5.1.0.4 2008.10.02 -
    Avast 4.8.1248.0 2008.10.02 -
    AVG 8.0.0.161 2008.10.02 -
    BitDefender 7.2 2008.10.02 -
    CAT-QuickHeal 9.50 2008.10.01 -
    ClamAV 0.93.1 2008.10.02 -
    DrWeb 4.44.0.09170 2008.10.02 -
    eSafe 7.0.17.0 2008.10.02 -
    eTrust-Vet 31.6.6121 2008.10.02 -
    Ewido 4.0 2008.10.02 -
    F-Prot 4.4.4.56 2008.09.30 -
    F-Secure 8.0.14332.0 2008.10.02 -
    Fortinet 3.113.0.0 2008.10.02 -
    GData 19 2008.10.02 -
    Ikarus T3.1.1.34.0 2008.10.02 -
    K7AntiVirus 7.10.481 2008.10.02 -
    Kaspersky 7.0.0.125 2008.10.02 -
    McAfee 5396 2008.10.02 -
    Microsoft 1.4005 2008.10.02 -
    NOD32 3490 2008.10.02 -
    Norman 5.80.02 2008.10.02 -
    Panda 9.0.0.4 2008.10.02 -
    PCTools 4.4.2.0 2008.10.02 -
    Prevx1 V2 2008.10.02 -
    Rising 20.63.62.00 2008.09.28 -
    SecureWeb-Gateway 6.7.6 2008.10.02 -
    Sophos 4.34.0 2008.10.02 -
    Sunbelt 3.1.1675.1 2008.09.27 -
    Symantec 10 2008.10.02 -
    TheHacker 6.3.0.9.098 2008.10.01 -
    TrendMicro 8.700.0.1004 2008.10.02 -
    VBA32 3.12.8.6 2008.10.02 -
    ViRobot 2008.10.2.1403 2008.10.02 -
    VirusBuster 4.5.11.0 2008.10.02 -

    Information additionnelle
    File size: 56 bytes
    MD5...: 422bffb47f52bc58b986645f66a02f7a
    SHA1..: 410a7ffa309970e2c7b3c2d24e6b587c201ebe4c
    SHA256: 1a560623ed40f089ca689d90205271bcfb2c3a80cc46658dd3554119b4d44ad5
    SHA512: 165a95c9457a7e1cc05925b1932d984f1f4b9f6293d2ef918c0b79c5e591fd40<BR>d804b5924b81ccd3a4a7260891de5012a5087867a60461f89b2b26b38bb96b32
    PEiD..: -
    TrID..: File type identification<BR>MS Flight Simulator Aircraft Performance Info (100.0%)
    PEInfo: -
    2 Octobre 2008 21:48:14

    ok
    fais le reste de ce que je demandais ci dessus :) 
    3 Octobre 2008 08:28:10

    Avira AntiVir Personal
    Report file date: jeudi 2 octobre 2008 21:50

    Scanning for 1657543 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Save mode
    Username: HP_Propriétaire
    Computer name: NOM-B0A1C0A3909

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:22:01
    ANTIVIR3.VDF : 7.0.6.241 167936 Bytes 02/10/2008 19:22:02
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 02/10/2008 19:22:07
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 02/10/2008 19:22:06
    AEPACK.DLL : 8.1.2.3 364918 Bytes 02/10/2008 19:22:06
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 02/10/2008 19:22:05
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 02/10/2008 19:22:05
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 02/10/2008 19:22:04
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 02/10/2008 19:22:03
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 02/10/2008 19:22:03
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: medium
    Skipped files....................: C:\Audio, C:\Bu Win, C:\Documents and Settings\HP_Propriétaire\Bureau\en cours, C:\Documents and Settings\HP_Propriétaire\Bureau\Incoming, C:\Documents and Settings\HP_Propriétaire\Bureau\Interface stickers4u 2007, C:\Documents and Settings\HP_Propriétaire\Bureau\jaquettes fr et pochettes a faire ou refaire, C:\Documents and Settings\HP_Propriétaire\Bureau\old ftp stickers4u.net, C:\Logs, C:\Sites,

    Start of the scan: jeudi 2 octobre 2008 21:50

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '74' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Divers\sauvegarde tchw\Recovery my files + Crack.rar
    [0] Archive type: RAR
    --> keygen.exe
    [DETECTION] Contains recognition pattern of the WORM/Nuwar.C.1 worm
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervdt3.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '495426e1.qua'!
    C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\Spy.Emergency.2008.v5.0.305.Multilangages.Incl-Keygen.rar
    [0] Archive type: RAR
    --> Keygen\Keygen.exe
    [DETECTION] Is the TR/Agent.44953 Trojan
    [NOTE] The file was deleted!
    C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\Codecs\divx_6_play.zip
    [0] Archive type: ZIP
    --> DivXPlay.exe
    [DETECTION] Is the TR/Zlob.7769008 Trojan
    [NOTE] The file was deleted!
    C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\photoshop\php7fr\Adobephotoshop7keygen.zip
    [0] Archive type: ZIP
    --> keygen.exe
    [DETECTION] Is the TR/Spy.Delf.NCS Trojan
    [WARNING] The file was ignored!
    C:\RECYCLER\S-1-5-21-965552258-2244601395-4113980137-1007\Dc33.exe
    [DETECTION] Contains recognition pattern of the DR/Dldr.Zlob.zto dropper
    [NOTE] The file was deleted!

    End of the scan: vendredi 3 octobre 2008 00:53
    Used time: 3:03:45 Hour(s)

    The scan has been canceled!

    8604 Scanning directories
    531581 Files were scanned
    5 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    4 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    531574 Files not concerned
    15157 Archives were scanned
    6 Warnings
    5 Notes

    3 Octobre 2008 23:30:58

    re
    vire tes merdouilles de cracks
    genre:
    C:\Documents and Settings\HP_Propriétaire\Bureau\Logs portable\photoshop\php7fr\Adobephotoshop7keygen.zip

    Télécharge Toolbar S&D de la Team IDN sur ton bureau.

  • Double-clique dessus pour lancer l'installation.
  • Accepte le contrat de licence.
  • Puis double-clique sur le raccourci Toolbar S&D présent sur ton bureau.
  • Sélectionne la langue souhaitée et valide par la touche entrée.
  • Choisis l'option 1 ( Recherche ).
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré. ( C:\TB.txt )
    4 Octobre 2008 19:23:55

    Les merdouilles sont dégagés. J'avais oublié que j'avais ce truc-là. Je fais ce que tu me demandes :) 
    4 Octobre 2008 19:32:32

    Voilà le rapport


    -----------\\ ToolBar S&D 1.2.1 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
    BIOS : BIOS Date: 02/16/05 16:07:13 Ver: 08.00.10
    USER : HP_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
    C:\ (Local Disk) - NTFS - Total : 144 Go Free : 21 Go
    D:\ (Local Disk) - FAT32 - Total : 4 Go Free : 0 Go
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)

    "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
    Option : [1] ( 04/10/2008|19:29 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\WINDOWS\iun6002.exe
    4 Octobre 2008 21:14:10

    re

    Relance Toolbar S&D

  • Choisis cette fois-ci l'option 2. ( Suppression )
    Ton bureau va disparaitre, c'est normal. Laisse l'outil travailler.
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré. ( C:\TB.txt )

    +++++++++++++++

    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    4 Octobre 2008 21:40:15

    ok ! Merci
    4 Octobre 2008 21:45:46

    Voilà le rapport ToolBar S&D


    -----------\\ ToolBar S&D 1.2.1 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
    BIOS : BIOS Date: 02/16/05 16:07:13 Ver: 08.00.10
    USER : HP_Propriétaire ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
    C:\ (Local Disk) - NTFS - Total : 144 Go Free : 21 Go
    D:\ (Local Disk) - FAT32 - Total : 4 Go Free : 0 Go
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
    L:\ (USB) - FAT - Total : 1952 Mo Free : 0 Go

    "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
    Option : [2] ( 04/10/2008|21:41 )

    -----------\\ SUPPRESSION

    Supprime! - C:\WINDOWS\iun6002.exe

    -----------\\ Recherche de Fichiers / Dossiers ...


    je lance le scan...
    5 Octobre 2008 12:21:15

    Bonjour Sham_Rock

    Voilà le résultat du scan KAV

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Sunday, October 5, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Saturday, October 04, 2008 19:56:55
    Records in database: 1289890
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\

    Scan statistics:
    Files scanned: 218432
    Threat name: 3
    Infected objects: 3
    Suspicious objects: 0
    Duration of the scan: 08:28:36


    File name / Threat name / Threats count
    C:\Logs\protection pc\anti virus\installer-65806-33fr-Avira-AntiVir-PersonalEdition-Classic-French.exe Infected: not-a-virus:AdWare.Win32.FakeInstaller.a 1
    C:\qoobox\Quarantine\C\Program Files\ygmppu\ActCmd.dll.vir Infected: Trojan.Win32.Obfuscated.gx 1
    C:\sqllhf\sqllhf\SQLLHF.EXE Infected: not-a-virus:p SWTool.Perl.SQLLhf.31 1

    The selected area was scanned.
    5 Octobre 2008 16:59:43

    bonjour

    supprime:
    C:\sqllhf
    C:\qoobox

    d'autres soucis?
    5 Octobre 2008 20:31:52

    Aucun souci, gâce à toi j'ai un ordi tout propre :pt1cable: 
    Merci pour ta patience :) 
    6 Octobre 2008 20:02:52

    bonsoir

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS