Votre question

trojan, your privacy is in danger !!

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Septembre 2008 11:52:18

bonjour a toutes et a tous.. comme vous pouvez le constater je suis ici pour demande de l'aide afin d'enlever ce maudit trojan!

j'aimerai un reel coup de main car actuellement a la recherche d'un emplois j'ai deseperement besoin de mon pc.. merci d'avance !!

Autres pages sur : trojan your privacy danger

a b 8 Sécurité
10 Septembre 2008 12:34:34

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

&

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
10 Septembre 2008 12:40:01

bon bah puisque personne ne veux me repondre je vais faire des scans et envoyer les rapport ici.

le premier par smirtfraud fix:

SmitFraudFix v2.346

Rapport fait à 12:25:37,54, 10/09/2008
Executé à partir de C:\Documents and Settings\Mr Bakowski\Mes documents\Nouveau dossier\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
C:\Documents and Settings\Mr Bakowski\Mes documents\Nouveau dossier\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mr Bakowski


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mr Bakowski\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MRBAKO~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: gksraemq.dll
Toolbar: gksraemq - {EB95B22A-E37E-4EFF-9A9D-4E3D3BADD9E6}
TypeLib: {269D7EDD-ABBC-4A90-B6D9-312867114A94}
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="uqdlgc.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{68B97728-BF2D-4D1E-888E-B8EB2473A69B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B0A3C9BE-8AFE-4D35-8B2A-B03B08EC7170}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68B97728-BF2D-4D1E-888E-B8EB2473A69B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B0A3C9BE-8AFE-4D35-8B2A-B03B08EC7170}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{68B97728-BF2D-4D1E-888E-B8EB2473A69B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B0A3C9BE-8AFE-4D35-8B2A-B03B08EC7170}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Contenus similaires
10 Septembre 2008 12:43:38

merci d'avoir repondu ^^

et bien j'ai deja poster le rapport smirtfraud voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:46, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: gksraemq - {EB95B22A-E37E-4EFF-9A9D-4E3D3BADD9E6} - C:\WINDOWS\gksraemq.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [d4b55dfc] rundll32.exe "C:\WINDOWS\system32\yduftxwe.dll",b
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR_XP...
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O20 - AppInit_DLLs: uqdlgc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 7252 bytes
a b 8 Sécurité
10 Septembre 2008 12:47:04

Re,

Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste les rapports Hijackthis et SmitfraudFix.
10 Septembre 2008 13:09:02

SmitFraudFix v2.346

Rapport fait à 12:59:36,42, 10/09/2008
Executé à partir de C:\Documents and Settings\Mr Bakowski\Mes documents\Nouveau dossier\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix



»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{68B97728-BF2D-4D1E-888E-B8EB2473A69B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B0A3C9BE-8AFE-4D35-8B2A-B03B08EC7170}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{68B97728-BF2D-4D1E-888E-B8EB2473A69B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B0A3C9BE-8AFE-4D35-8B2A-B03B08EC7170}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{68B97728-BF2D-4D1E-888E-B8EB2473A69B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B0A3C9BE-8AFE-4D35-8B2A-B03B08EC7170}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

10 Septembre 2008 13:11:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:00, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
C:\Program Files\Mio Technology\MioSync\mioSync.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: gksraemq - {EB95B22A-E37E-4EFF-9A9D-4E3D3BADD9E6} - C:\WINDOWS\gksraemq.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [d4b55dfc] rundll32.exe "C:\WINDOWS\system32\yduftxwe.dll",b
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCE...
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR_XP...
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_...
O20 - AppInit_DLLs: uqdlgc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)

--
End of file - 7165 bytes
a b 8 Sécurité
10 Septembre 2008 13:34:33

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    10 Septembre 2008 14:33:32

    ComboFix 08-09-05.14 - Mr Bakowski 2008-09-10 14:16:17.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.338 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mr Bakowski\Mes documents\Nouveau dossier\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\eeka.exe
    C:\WINDOWS\gksraemq.dll
    C:\WINDOWS\SYSTEM32\ayIRsvut.ini
    C:\WINDOWS\SYSTEM32\ayIRsvut.ini2
    C:\WINDOWS\system32\bqngpwsl.dat
    C:\WINDOWS\system32\bqngpwsl_nav.dat
    C:\WINDOWS\system32\bqngpwsl_navps.dat
    C:\WINDOWS\system32\cbayexfr.dat
    C:\WINDOWS\system32\cbayexfr_nav.dat
    C:\WINDOWS\system32\cbayexfr_navps.dat
    C:\WINDOWS\SYSTEM32\ewxtfudy.ini
    C:\WINDOWS\system32\fcccyXqO.dll
    C:\WINDOWS\SYSTEM32\gfacyrar.ini
    C:\WINDOWS\system32\khfGxVPG.dll
    C:\WINDOWS\system32\lhfuhfth.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mlJaBtUo.dll
    C:\WINDOWS\system32\rarycafg.dll
    C:\WINDOWS\SYSTEM32\sAycJRqr.ini
    C:\WINDOWS\SYSTEM32\sAycJRqr.ini2
    C:\WINDOWS\system32\sluqnejf.dll
    C:\WINDOWS\system32\tuvSljjK.dll
    C:\WINDOWS\system32\tuvSmkLC.dll
    C:\WINDOWS\system32\tuvsRIya.dll
    C:\WINDOWS\system32\uqdlgc.dll
    C:\WINDOWS\system32\vojltpyh.dll
    C:\WINDOWS\system32\wicxmjrz.dat
    C:\WINDOWS\system32\wicxmjrz_nav.dat
    C:\WINDOWS\system32\wicxmjrz_navps.dat
    C:\WINDOWS\system32\yduftxwe.dll
    C:\WINDOWS\xrdwbfgn.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Service_6to4


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 12:41 . 2008-09-10 12:41 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Mr Bakowski\SmitfraudFix
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-05 19:44 . 2008-09-05 19:44 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-09-05 19:44 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-05 18:01 . 2008-09-10 12:59 2,168 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-09-05 18:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-09-05 18:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-09-05 18:00 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\SYSTEM32\AntiXPVSTFix.exe
    2008-09-05 18:00 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
    2008-09-05 18:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-09-05 18:00 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
    2008-09-05 18:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
    2008-09-05 18:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
    2008-09-05 18:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-09-05 18:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-09-05 16:38 . 2008-09-05 16:38 <REP> d-------- C:\Program Files\Alwil Software
    2008-09-05 16:31 . 2008-09-05 19:50 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
    2008-09-05 16:25 . 2008-09-05 16:25 23,040 --a------ C:\WINDOWS\SYSTEM32\lpen32x.dll
    2008-09-05 16:24 . 2008-09-05 15:42 86,016 --a------ C:\WINDOWS\sxmaokgf.exe
    2008-09-05 16:24 . 2008-09-05 16:24 23,040 --a------ C:\WINDOWS\SYSTEM32\dfax32i.dll
    2008-09-05 16:23 . 2008-09-05 16:23 23,040 --a------ C:\WINDOWS\SYSTEM32\cfax32u.dll
    2008-09-03 12:04 . 2008-09-03 12:04 <REP> d-------- C:\Documents and Settings\Mr Bakowski\Application Data\GrabIt
    2008-09-03 12:02 . 2008-09-03 12:02 <REP> d-------- C:\Program Files\BoontyGames
    2008-09-03 12:02 . 2008-09-03 12:02 <REP> d-------- C:\Program Files\Boonty
    2008-09-03 11:50 . 2008-09-03 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-09-03 11:49 . 2008-09-03 11:49 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-04 15:28 --------- d-----w C:\Program Files\eMule
    2008-08-21 12:43 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    2008-08-21 07:45 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\MSN Pictures Displayer
    2008-07-26 09:46 --------- d-----w C:\Program Files\PokerStars.NET
    2008-07-14 21:58 --------- d-----w C:\Program Files\ScreenshotCaptor
    2008-07-14 15:58 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\DonationCoder
    2008-07-14 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:31 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-06-27 17:30 106,496 ----a-w C:\WINDOWS\SYSTEM32\ATL71.DLL
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
    2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
    2008-06-23 15:39 1,056,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
    2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
    2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
    2008-06-18 19:05 29,480 ----a-w C:\WINDOWS\SYSTEM32\msxml3a.dll
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
    2006-03-09 20:28 5,632 -csha-w C:\Program Files\Thumbs.db
    2005-01-26 21:45 104 -csh--r C:\WINDOWS\SYSTEM32\ADEAF19D67.sys
    2005-05-09 21:49 952 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Netlog Music Tool"="C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" [2008-07-01 1638400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispSettingPage"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=uqdlgc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:D isabled:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 11776]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24 41456]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
    S3 AR5523;USB Dongle;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-02-17 283904]
    S3 ATHFMWDL;Wireless predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-09-11 43264]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-09-03 69120]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ]
    S3 DCamUSBDigitalCamera;DC C500;C:\WINDOWS\system32\Drivers\mpixvid.sys [2005-04-26 104593]
    S3 oflpydin;oflpydin;C:\DOCUME~1\MRBAKO~1\LOCALS~1\Temp\oflpydin.sys [ ]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8410fb66-7178-11db-a001-0015569ff966}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db9db489-bff5-11db-a074-0015569ff966}]
    \Shell\Auto\command - sxs.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{06f8d39e-064d-4cc4-8a24-205c00a17cb3} - C:\WINDOWS\system32\uqdlgc.dll
    BHO-{35F91513-E1F2-6195-C234-B5C4121A3120} - (no file)
    BHO-{CD6666FD-4A3F-F80D-B104-240402617C62} - (no file)
    BHO-{E07D22E1-CE3A-487F-B754-8044DBEDB049} - C:\WINDOWS\system32\byXRIcAQ.dll
    BHO-{E69BA7C7-B736-4825-8B59-CBBDFC5CE487} - C:\WINDOWS\system32\tuvsRIya.dll
    BHO-{FAB5DE7F-CABE-48A8-BDF0-0154DF83081A} - C:\WINDOWS\system32\rqRJcyAs.dll
    Toolbar-{EB95B22A-E37E-4EFF-9A9D-4E3D3BADD9E6} - C:\WINDOWS\gksraemq.dll
    HKLM-Run-d4b55dfc - C:\WINDOWS\system32\yduftxwe.dll
    ShellExecuteHooks-{E07D22E1-CE3A-487F-B754-8044DBEDB049} - C:\WINDOWS\system32\byXRIcAQ.dll
    Notify-byXRIcAQ - byXRIcAQ.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Mr Bakowski\Application Data\Mozilla\Firefox\Profiles\c7s1y6cl.Utilisateur par défaut\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-10 14:21:59
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\SYSTEM32\acs.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\SYSTEM32\LEXBCES.EXE
    C:\WINDOWS\SYSTEM32\LEXPPS.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\SYSTEM32\wdfmgr.exe
    C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\WINDOWS\SYSTEM32\LVComS.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-10 14:30:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-10 12:30:53

    Pre-Run: 30,620,909,568 octets libres
    Post-Run: 30,546,849,792 octets libres

    210 --- E O F --- 2008-08-21 08:48:37







    Que dois je faire ensuite ?
    a b 8 Sécurité
    10 Septembre 2008 14:37:18

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    10 Septembre 2008 15:52:15

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1136
    Windows 5.1.2600 Service Pack 2

    10/09/2008 15:47:01
    mbam-log-2008-09-10 (15-47-01).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 103455
    Temps écoulé: 57 minute(s), 23 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 38

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\gksraemq.bbvt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\WINDOWS\eeka.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fcccyXqO.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\khfGxVPG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lhfuhfth.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mlJaBtUo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rarycafg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sluqnejf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tuvSljjK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tuvSmkLC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tuvsRIya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uqdlgc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vojltpyh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\yduftxwe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1144\A0149401.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1144\A0149402.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1145\A0149596.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1145\A0149597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1146\A0150132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1146\A0150133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1146\A0151238.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1146\A0151250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1146\A0151261.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1146\A0156267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1146\A0156272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156386.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156387.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156388.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156389.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156390.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156391.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156392.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156395.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156396.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP1148\A0156400.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\sxmaokgf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.




    voici le rapport de malwarebyte ( avec fichiers infectés donc , j'ai supprimer la selection )
    a b 8 Sécurité
    10 Septembre 2008 15:58:03

    Refais un scan Combofix.
    10 Septembre 2008 16:08:14

    ComboFix 08-09-05.14 - Mr Bakowski 2008-09-10 15:59:20.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.375 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mr Bakowski\Mes documents\Nouveau dossier\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 14:42 . 2008-09-10 14:42 <REP> d-------- C:\Documents and Settings\Mr Bakowski\Application Data\Malwarebytes
    2008-09-10 14:41 . 2008-09-10 14:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-10 14:41 . 2008-09-10 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-10 14:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-09-10 14:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-09-10 12:41 . 2008-09-10 12:41 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Mr Bakowski\SmitfraudFix
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-05 19:44 . 2008-09-05 19:44 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-09-05 19:44 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-05 18:01 . 2008-09-10 12:59 2,168 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-09-05 18:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-09-05 18:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-09-05 18:00 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\SYSTEM32\AntiXPVSTFix.exe
    2008-09-05 18:00 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
    2008-09-05 18:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-09-05 18:00 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
    2008-09-05 18:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
    2008-09-05 18:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
    2008-09-05 18:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-09-05 18:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-09-05 16:38 . 2008-09-05 16:38 <REP> d-------- C:\Program Files\Alwil Software
    2008-09-05 16:31 . 2008-09-05 19:50 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
    2008-09-05 16:25 . 2008-09-05 16:25 23,040 --a------ C:\WINDOWS\SYSTEM32\lpen32x.dll
    2008-09-05 16:24 . 2008-09-05 16:24 23,040 --a------ C:\WINDOWS\SYSTEM32\dfax32i.dll
    2008-09-05 16:23 . 2008-09-05 16:23 23,040 --a------ C:\WINDOWS\SYSTEM32\cfax32u.dll
    2008-09-03 12:04 . 2008-09-03 12:04 <REP> d-------- C:\Documents and Settings\Mr Bakowski\Application Data\GrabIt
    2008-09-03 12:02 . 2008-09-03 12:02 <REP> d-------- C:\Program Files\BoontyGames
    2008-09-03 12:02 . 2008-09-03 12:02 <REP> d-------- C:\Program Files\Boonty
    2008-09-03 11:50 . 2008-09-03 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
    2008-09-03 11:49 . 2008-09-03 11:49 <REP> d-------- C:\Program Files\Fichiers communs\BOONTY Shared

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-04 15:28 --------- d-----w C:\Program Files\eMule
    2008-08-21 12:43 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    2008-08-21 07:45 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\MSN Pictures Displayer
    2008-07-26 09:46 --------- d-----w C:\Program Files\PokerStars.NET
    2008-07-14 21:58 --------- d-----w C:\Program Files\ScreenshotCaptor
    2008-07-14 15:58 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\DonationCoder
    2008-07-14 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:31 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-06-27 17:30 106,496 ----a-w C:\WINDOWS\SYSTEM32\ATL71.DLL
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
    2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
    2008-06-23 15:39 1,056,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
    2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
    2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
    2008-06-18 19:05 29,480 ----a-w C:\WINDOWS\SYSTEM32\msxml3a.dll
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
    2006-03-09 20:28 5,632 -csha-w C:\Program Files\Thumbs.db
    2005-01-26 21:45 104 -csh--r C:\WINDOWS\SYSTEM32\ADEAF19D67.sys
    2005-05-09 21:49 952 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-10_14.30.30.14 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-09-10 12:21:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat
    + 2008-09-10 13:48:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Netlog Music Tool"="C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" [2008-07-01 1638400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

    C:\Documents and Settings\Mr Bakowski\Menu D‚marrer\Programmes\D‚marrage\
    MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-03-23 4579328]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-08-08 647168]
    Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispSettingPage"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=uqdlgc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:D isabled:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 11776]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24 41456]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
    S3 AR5523;USB Dongle;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-02-17 283904]
    S3 ATHFMWDL;Wireless predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-09-11 43264]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-09-03 69120]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ]
    S3 DCamUSBDigitalCamera;DC C500;C:\WINDOWS\system32\Drivers\mpixvid.sys [2005-04-26 104593]
    S3 oflpydin;oflpydin;C:\DOCUME~1\MRBAKO~1\LOCALS~1\Temp\oflpydin.sys [ ]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8410fb66-7178-11db-a001-0015569ff966}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db9db489-bff5-11db-a074-0015569ff966}]
    \Shell\Auto\command - sxs.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Mr Bakowski\Application Data\Mozilla\Firefox\Profiles\c7s1y6cl.Utilisateur par défaut\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-10 16:02:25
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
    .
    Temps d'accomplissement: 2008-09-10 16:05:43
    ComboFix-quarantined-files.txt 2008-09-10 14:04:39
    ComboFix2.txt 2008-09-10 12:30:59

    Pre-Run: 30,539,886,592 octets libres
    Post-Run: 30,525,157,376 octets libres

    156 --- E O F --- 2008-08-21 08:48:37


    voila le scan
    10 Septembre 2008 16:39:20

    et maintenant ? c'est fini ?

    j'ai effacer les fichier mit en quarrantaine avec avast.
    j'attend de vos nouvelles.
    a b 8 Sécurité
    10 Septembre 2008 16:41:28

    Mbam a fait un bon ménage :) 

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Folder::
    C:\Program Files\BoontyGames
    C:\Program Files\Boonty
    C:\Documents and Settings\All Users\Application Data\BOONTY
    C:\Program Files\Fichiers communs\BOONTY Shared

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    10 Septembre 2008 17:10:31

    ComboFix 08-09-05.14 - Mr Bakowski 2008-09-10 16:59:44.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.384 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mr Bakowski\Mes documents\Nouveau dossier\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mr Bakowski\Bureau\programme pr trojan et rapports\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 14:42 . 2008-09-10 14:42 <REP> d-------- C:\Documents and Settings\Mr Bakowski\Application Data\Malwarebytes
    2008-09-10 14:41 . 2008-09-10 14:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-10 14:41 . 2008-09-10 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-10 14:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-09-10 14:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-09-10 12:41 . 2008-09-10 12:41 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Mr Bakowski\SmitfraudFix
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-05 19:44 . 2008-09-05 19:44 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-09-05 19:44 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-05 18:01 . 2008-09-10 12:59 2,168 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-09-05 18:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-09-05 18:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-09-05 18:00 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\SYSTEM32\AntiXPVSTFix.exe
    2008-09-05 18:00 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
    2008-09-05 18:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-09-05 18:00 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
    2008-09-05 18:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
    2008-09-05 18:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
    2008-09-05 18:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-09-05 18:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-09-05 16:38 . 2008-09-05 16:38 <REP> d-------- C:\Program Files\Alwil Software
    2008-09-05 16:31 . 2008-09-05 19:50 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
    2008-09-05 16:25 . 2008-09-05 16:25 23,040 --a------ C:\WINDOWS\SYSTEM32\lpen32x.dll
    2008-09-05 16:24 . 2008-09-05 16:24 23,040 --a------ C:\WINDOWS\SYSTEM32\dfax32i.dll
    2008-09-05 16:23 . 2008-09-05 16:23 23,040 --a------ C:\WINDOWS\SYSTEM32\cfax32u.dll
    2008-09-03 12:04 . 2008-09-03 12:04 <REP> d-------- C:\Documents and Settings\Mr Bakowski\Application Data\GrabIt

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-04 15:28 --------- d-----w C:\Program Files\eMule
    2008-08-21 12:43 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    2008-08-21 07:45 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\MSN Pictures Displayer
    2008-07-26 09:46 --------- d-----w C:\Program Files\PokerStars.NET
    2008-07-14 21:58 --------- d-----w C:\Program Files\ScreenshotCaptor
    2008-07-14 15:58 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\DonationCoder
    2008-07-14 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:31 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-06-27 17:30 106,496 ----a-w C:\WINDOWS\SYSTEM32\ATL71.DLL
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
    2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
    2008-06-23 15:39 1,056,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
    2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
    2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
    2008-06-18 19:05 29,480 ----a-w C:\WINDOWS\SYSTEM32\msxml3a.dll
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
    2006-03-09 20:28 5,632 -csha-w C:\Program Files\Thumbs.db
    2005-01-26 21:45 104 -csh--r C:\WINDOWS\SYSTEM32\ADEAF19D67.sys
    2005-05-09 21:49 952 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-10_14.30.30.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-10 14:54:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Netlog Music Tool"="C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" [2008-07-01 1638400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

    C:\Documents and Settings\Mr Bakowski\Menu D‚marrer\Programmes\D‚marrage\
    MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-03-23 4579328]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-08-08 647168]
    Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispSettingPage"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:D isabled:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 11776]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24 41456]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
    S3 AR5523;USB Dongle;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-02-17 283904]
    S3 ATHFMWDL;Wireless predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-09-11 43264]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [ ]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ]
    S3 DCamUSBDigitalCamera;DC C500;C:\WINDOWS\system32\Drivers\mpixvid.sys [2005-04-26 104593]
    S3 oflpydin;oflpydin;C:\DOCUME~1\MRBAKO~1\LOCALS~1\Temp\oflpydin.sys [ ]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8410fb66-7178-11db-a001-0015569ff966}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db9db489-bff5-11db-a074-0015569ff966}]
    \Shell\Auto\command - sxs.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-10 17:02:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
    .
    Temps d'accomplissement: 2008-09-10 17:06:04
    ComboFix-quarantined-files.txt 2008-09-10 15:04:59
    ComboFix2.txt 2008-09-10 14:52:17
    ComboFix3.txt 2008-09-10 14:05:44
    ComboFix4.txt 2008-09-10 12:30:59

    Pre-Run: 30,474,153,984 octets libres
    Post-Run: 30,459,437,056 octets libres

    146 --- E O F --- 2008-08-21 08:48:37





    puis le rapports hijackthis...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:07:28, on 10/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)

    --
    End of file - 6788 bytes




    a b 8 Sécurité
    10 Septembre 2008 17:23:25

    Citation :
    C:\Documents and Settings\Mr Bakowski\Bureau\programme pr trojan et rapports\CFScript.txt..txt

    Le fichier doit se nommer CFScript.txt
    10 Septembre 2008 17:38:26

    ComboFix 08-09-05.14 - Mr Bakowski 2008-09-10 17:27:55.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.282 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mr Bakowski\Mes documents\Nouveau dossier\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mr Bakowski\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-10 to 2008-09-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-10 14:42 . 2008-09-10 14:42 <REP> d-------- C:\Documents and Settings\Mr Bakowski\Application Data\Malwarebytes
    2008-09-10 14:41 . 2008-09-10 14:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-10 14:41 . 2008-09-10 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-10 14:41 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2008-09-10 14:41 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
    2008-09-10 12:41 . 2008-09-10 12:41 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Mr Bakowski\SmitfraudFix
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-05 20:35 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-05 19:44 . 2008-09-05 19:44 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-09-05 19:44 . 2008-09-05 20:35 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-05 18:01 . 2008-09-10 12:59 2,168 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
    2008-09-05 18:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
    2008-09-05 18:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
    2008-09-05 18:00 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\SYSTEM32\AntiXPVSTFix.exe
    2008-09-05 18:00 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
    2008-09-05 18:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
    2008-09-05 18:00 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
    2008-09-05 18:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
    2008-09-05 18:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
    2008-09-05 18:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
    2008-09-05 18:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
    2008-09-05 16:38 . 2008-09-05 16:38 <REP> d-------- C:\Program Files\Alwil Software
    2008-09-05 16:31 . 2008-09-05 19:50 664 --a------ C:\WINDOWS\SYSTEM32\d3d9caps.dat
    2008-09-05 16:25 . 2008-09-05 16:25 23,040 --a------ C:\WINDOWS\SYSTEM32\lpen32x.dll
    2008-09-05 16:24 . 2008-09-05 16:24 23,040 --a------ C:\WINDOWS\SYSTEM32\dfax32i.dll
    2008-09-05 16:23 . 2008-09-05 16:23 23,040 --a------ C:\WINDOWS\SYSTEM32\cfax32u.dll
    2008-09-03 12:04 . 2008-09-03 12:04 <REP> d-------- C:\Documents and Settings\Mr Bakowski\Application Data\GrabIt

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-04 15:28 --------- d-----w C:\Program Files\eMule
    2008-08-21 12:43 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    2008-08-21 07:45 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\MSN Pictures Displayer
    2008-07-26 09:46 --------- d-----w C:\Program Files\PokerStars.NET
    2008-07-14 21:58 --------- d-----w C:\Program Files\ScreenshotCaptor
    2008-07-14 15:58 --------- d-----w C:\Documents and Settings\Mr Bakowski\Application Data\DonationCoder
    2008-07-14 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DonationCoder
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
    2008-07-07 20:31 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
    2008-06-27 17:30 106,496 ----a-w C:\WINDOWS\SYSTEM32\ATL71.DLL
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
    2008-06-23 15:39 152,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
    2008-06-23 15:39 1,056,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
    2008-06-23 15:39 1,024,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
    2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
    2008-06-20 17:41 247,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
    2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
    2008-06-18 19:05 29,480 ----a-w C:\WINDOWS\SYSTEM32\msxml3a.dll
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
    2006-03-09 20:28 5,632 -csha-w C:\Program Files\Thumbs.db
    2005-01-26 21:45 104 -csh--r C:\WINDOWS\SYSTEM32\ADEAF19D67.sys
    2005-05-09 21:49 952 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-10_14.30.30.14 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-09-10 14:54:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4b0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Netlog Music Tool"="C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe" [2008-07-01 1638400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 849280]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 15360]

    C:\Documents and Settings\Mr Bakowski\Menu D‚marrer\Programmes\D‚marrage\
    MSN Pictures Displayer.lnk - C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-03-23 4579328]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    MioSync.lnk - C:\Program Files\Mio Technology\MioSync\mioSync.exe [2007-08-08 647168]
    Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispSettingPage"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.enc"= ITIG726.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
    "C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
    "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:D isabled:@xpsp2res.dll,-22009

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 11776]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24 41456]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
    S3 AR5523;USB Dongle;C:\WINDOWS\system32\DRIVERS\ar5523.sys [2005-02-17 283904]
    S3 ATHFMWDL;Wireless predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-09-11 43264]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [ ]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ]
    S3 DCamUSBDigitalCamera;DC C500;C:\WINDOWS\system32\Drivers\mpixvid.sys [2005-04-26 104593]
    S3 oflpydin;oflpydin;C:\DOCUME~1\MRBAKO~1\LOCALS~1\Temp\oflpydin.sys [ ]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 20096]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8410fb66-7178-11db-a001-0015569ff966}]
    \Shell\AutoRun\command - F:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db9db489-bff5-11db-a074-0015569ff966}]
    \Shell\Auto\command - sxs.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-10 17:30:00
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
    .
    Temps d'accomplissement: 2008-09-10 17:33:15
    ComboFix-quarantined-files.txt 2008-09-10 15:32:11
    ComboFix2.txt 2008-09-10 15:06:05
    ComboFix3.txt 2008-09-10 14:52:17
    ComboFix4.txt 2008-09-10 14:05:44
    ComboFix5.txt 2008-09-10 15:27:25

    Pre-Run: 30,428,905,472 octets libres
    Post-Run: 30,414,028,800 octets libres

    147 --- E O F --- 2008-08-21 08:48:37





    hyjacthis ...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:35:40, on 10/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
    C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)

    --
    End of file - 6821 bytes
    10 Septembre 2008 17:55:49

    voila c'est rectifier ^^ excusez moi pour l'erreur
    a b 8 Sécurité
    10 Septembre 2008 17:57:30

    Re,

    On termine.

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    10 Septembre 2008 18:04:34

    voila, j'ai supprimer les lignes...d'après toi, le trojan n'est plus là ?

    si c'est effectivement le cas je te remercie sincerement , voila 5 jours que je galère a le supprimer, merci beaucoup! ^^
    a b 8 Sécurité
    10 Septembre 2008 18:18:10

    Pour moi c'est ok :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS