Votre question

Infection Windows security alert

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Septembre 2008 21:56:49

Bonjour et help,

Je suis infecté par un virus Windows security alert, qui vient toutes les 5 mn afficher une écran alerte virus renvoyant vers un site web de solutions antivirus. Les analyses avec Bit defender ont repéré et éliminé des infecions mais n'ont pu malheureusement me débarrasser de ce virus,...

Ci dessous le rapport hijackthis, que puis je faire? Merci

C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MntChkMon] C:\WINDOWS\system32\lwryzuxu.exe
O4 - HKLM\..\Policies\Explorer\Run: [VWEeqghVql] C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/obji...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O21 - SSODL: UiMntSys - {3261190B-4D6D-E474-7573-0480D3DD6F32} - C:\Program Files\iovsute\UiMntSys.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sango XBMS Server Service (SangoXBMSServerService) - Perso - C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10462 bytes

Autres pages sur : infection windows security alert

a b 8 Sécurité
5 Septembre 2008 18:25:37

Bonjour,

Le rapport n'est pas complet.

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
6 Septembre 2008 12:46:38

Merci bcp,

ci-après le rapport Smitfraudix:

SmitFraudFix v2.346

Rapport fait à 12:40:50,89, 06/09/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\lwryzuxu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\1.ico PRESENT !
C:\WINDOWS\system32\2.ico PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JMC13


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JMC13\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JMC13\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\akl\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Broadcom 802.11g - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C730131-15C4-48E5-8BAC-63B0D3319CF5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C730131-15C4-48E5-8BAC-63B0D3319CF5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C730131-15C4-48E5-8BAC-63B0D3319CF5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

A bientôt pour les prochaines manoeuvres :) 

Contenus similaires
a b 8 Sécurité
6 Septembre 2008 13:31:06

Re,

Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste les rapports Hijackthis et SmitfraudFix.
6 Septembre 2008 14:29:20

Rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:33, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MntChkMon] C:\WINDOWS\system32\lwryzuxu.exe
O4 - HKLM\..\Policies\Explorer\Run: [VWEeqghVql] C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/obji...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O21 - SSODL: UiMntSys - {3261190B-4D6D-E474-7573-0480D3DD6F32} - C:\Program Files\iovsute\UiMntSys.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sango XBMS Server Service (SangoXBMSServerService) - Perso - C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7650 bytes

Rapport Smitfraudi:

SmitFraudFix v2.346

Rapport fait à 14:16:20,87, 06/09/2008
Executé à partir de C:\Documents and Settings\JMC13\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\1.ico supprimé
C:\WINDOWS\system32\2.ico supprimé
C:\Program Files\akl\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6C730131-15C4-48E5-8BAC-63B0D3319CF5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6C730131-15C4-48E5-8BAC-63B0D3319CF5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6C730131-15C4-48E5-8BAC-63B0D3319CF5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

A +
a b 8 Sécurité
6 Septembre 2008 14:37:55

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    6 Septembre 2008 15:11:34

    Rapport Combofi:

    ComboFix 08-09-05.02 - JMC13 2008-09-06 14:57:15.1 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.600 [GMT 2:00]
    Endroit: C:\Documents and Settings\JMC13\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Christel\Cookies\christel@edt02[1].txt
    C:\Documents and Settings\Christel\Cookies\christel@edt02[4].txt
    C:\Documents and Settings\JMC13\Local Settings\Temporary Internet Files\kbase
    C:\Documents and Settings\JMC13\Local Settings\Temporary Internet Files\ktemp
    C:\Program Files\Inet Delivery
    C:\Program Files\Inet Delivery\inetdl.exe
    C:\Program Files\Inet Delivery\intdel.exe
    C:\WINDOWS\a.bat
    C:\WINDOWS\base64.tmp
    C:\WINDOWS\bdn.com
    C:\WINDOWS\FVProtect.exe
    C:\WINDOWS\iTunesMusic.exe
    C:\WINDOWS\mslagent
    C:\WINDOWS\mslagent\2_mslagent.dll
    C:\WINDOWS\mslagent\mslagent.exe
    C:\WINDOWS\mslagent\uninstall.exe
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\system32\_004284_.tmp.dll
    C:\WINDOWS\system32\_004285_.tmp.dll
    C:\WINDOWS\system32\_004286_.tmp.dll
    C:\WINDOWS\system32\_004287_.tmp.dll
    C:\WINDOWS\system32\_004294_.tmp.dll
    C:\WINDOWS\system32\_004295_.tmp.dll
    C:\WINDOWS\system32\_004296_.tmp.dll
    C:\WINDOWS\system32\_004297_.tmp.dll
    C:\WINDOWS\system32\_004299_.tmp.dll
    C:\WINDOWS\system32\_004300_.tmp.dll
    C:\WINDOWS\system32\_004303_.tmp.dll
    C:\WINDOWS\system32\_004304_.tmp.dll
    C:\WINDOWS\system32\_004306_.tmp.dll
    C:\WINDOWS\system32\_004307_.tmp.dll
    C:\WINDOWS\system32\_004308_.tmp.dll
    C:\WINDOWS\system32\_004310_.tmp.dll
    C:\WINDOWS\system32\_004313_.tmp.dll
    C:\WINDOWS\system32\_004314_.tmp.dll
    C:\WINDOWS\system32\_004318_.tmp.dll
    C:\WINDOWS\system32\_004319_.tmp.dll
    C:\WINDOWS\system32\_004321_.tmp.dll
    C:\WINDOWS\system32\_004324_.tmp.dll
    C:\WINDOWS\system32\_004326_.tmp.dll
    C:\WINDOWS\system32\_004327_.tmp.dll
    C:\WINDOWS\system32\_004328_.tmp.dll
    C:\WINDOWS\system32\_004329_.tmp.dll
    C:\WINDOWS\system32\_004330_.tmp.dll
    C:\WINDOWS\system32\_004333_.tmp.dll
    C:\WINDOWS\system32\_004334_.tmp.dll
    C:\WINDOWS\system32\_004335_.tmp.dll
    C:\WINDOWS\system32\_004336_.tmp.dll
    C:\WINDOWS\system32\_004337_.tmp.dll
    C:\WINDOWS\system32\_004342_.tmp.dll
    C:\WINDOWS\system32\akttzn.exe
    C:\WINDOWS\system32\anticipator.dll
    C:\WINDOWS\system32\awtoolb.dll
    C:\WINDOWS\system32\bdn.com
    C:\WINDOWS\system32\bsva-egihsg52.exe
    C:\WINDOWS\system32\dpcproxy.exe
    C:\WINDOWS\system32\emesx.dll
    C:\WINDOWS\system32\h@tkeysh@@k.dll
    C:\WINDOWS\system32\hoproxy.dll
    C:\WINDOWS\system32\hxiwlgpm.dat
    C:\WINDOWS\system32\hxiwlgpm.exe
    C:\WINDOWS\system32\medup012.dll
    C:\WINDOWS\system32\medup020.dll
    C:\WINDOWS\system32\msgp.exe
    C:\WINDOWS\system32\msnbho.dll
    C:\WINDOWS\system32\mssecu.exe
    C:\WINDOWS\system32\msvchost.exe
    C:\WINDOWS\system32\mtr2.exe
    C:\WINDOWS\system32\mwin32.exe
    C:\WINDOWS\system32\netode.exe
    C:\WINDOWS\system32\newsd32.exe
    C:\WINDOWS\system32\ps1.exe
    C:\WINDOWS\system32\psof1.exe
    C:\WINDOWS\system32\psoft1.exe
    C:\WINDOWS\system32\regc64.dll
    C:\WINDOWS\system32\regm64.dll
    C:\WINDOWS\system32\Rundl1.exe
    C:\WINDOWS\system32\smp
    C:\WINDOWS\system32\smp\msrc.exe
    C:\WINDOWS\system32\sncntr.exe
    C:\WINDOWS\system32\ssurf022.dll
    C:\WINDOWS\system32\ssvchost.com
    C:\WINDOWS\system32\ssvchost.exe
    C:\WINDOWS\system32\sysreq.exe
    C:\WINDOWS\system32\taack.dat
    C:\WINDOWS\system32\taack.exe
    C:\WINDOWS\system32\temp#01.exe
    C:\WINDOWS\system32\thun.dll
    C:\WINDOWS\system32\thun32.dll
    C:\WINDOWS\system32\VBIEWER.OCX
    C:\WINDOWS\system32\vbsys2.dll
    C:\WINDOWS\system32\vcatchpi.dll
    C:\WINDOWS\system32\VIE76.exe
    C:\WINDOWS\system32\VIE77.exe
    C:\WINDOWS\system32\VIE79.exe
    C:\WINDOWS\system32\winlogonpc.exe
    C:\WINDOWS\system32\winsystem.exe
    C:\WINDOWS\system32\WINWGPX.EXE
    C:\WINDOWS\userconfig9x.dll
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\zip1.tmp
    C:\WINDOWS\zip2.tmp
    C:\WINDOWS\zip3.tmp
    C:\WINDOWS\zipped.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-06 12:40 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-09-06 12:40 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-09-06 12:40 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-09-06 12:40 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-09-06 12:40 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-09-06 12:40 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-09-06 12:40 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-09-06 12:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-09-06 12:40 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-09-06 12:40 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-09-06 12:40 . 2008-09-06 14:16 3,160 --a------ C:\WINDOWS\system32\tmp.reg
    2008-09-06 09:51 . 2008-09-06 09:51 <REP> d-------- C:\Documents and Settings\JMC13\Application Data\U3
    2008-09-04 21:30 . 2008-09-04 21:30 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-03 08:45 . 2008-09-01 10:41 28,160 --a------ C:\WINDOWS\system32\VIE7A.exe
    2008-09-02 13:54 . 2008-09-02 13:54 <REP> d-------- C:\Program Files\iovsute
    2008-09-02 13:54 . 2008-09-02 13:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vgzwtetq
    2008-09-02 13:54 . 2008-09-02 13:54 94,208 --a------ C:\WINDOWS\system32\lwryzuxu.exe
    2008-09-02 10:55 . 2008-09-02 10:55 <REP> d-------- C:\Program Files\Lavalys
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\fr
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\bits
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\l2schemas
    2008-08-23 15:16 . 2004-08-05 05:00 4,290,048 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
    2008-08-23 15:15 . 2004-08-05 05:00 2,534,400 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
    2008-08-23 15:14 . 2007-10-25 17:56 8,510,976 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
    2008-08-23 15:13 . 2007-02-28 18:02 2,182,400 --------- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-23 15:09 . 2008-08-23 15:10 <REP> d-------- C:\WINDOWS\EHome
    2008-08-22 10:41 . 2008-08-22 10:41 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 13:03 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
    2006-09-27 20:15 62,800 ----a-w C:\Documents and Settings\JMC13\Application Data\GDIPFONTCACHEV1.DAT
    2006-01-15 09:31 6,107,375 ----a-w C:\Program Files\ThunderbirdSetup-1.0.7-fr-FR.exe
    2005-12-13 17:35 117,248 ----a-w C:\Program Files\utorrent.exe
    2004-12-20 05:37 2,331,066 ----a-w C:\Program Files\SangoXTSetup1.3.exe
    2005-09-20 12:42 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
    "MntChkMon"="C:\WINDOWS\system32\lwryzuxu.exe" [2008-09-02 94208]
    "webdscchk"="C:\WINDOWS\system32\hcpejsxo.exe" [2008-09-06 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 81920]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-13 180269]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-24 368640]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "VWEeqghVql"="C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe" [2008-09-02 69632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "UiMntSys"= {3261190B-4D6D-E474-7573-0480D3DD6F32} - C:\Program Files\iovsute\UiMntSys.dll [2008-09-02 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Ashampoo PopUpBlocker"=C:\PROGRA~1\ASHAMPOO\ASHAMP~1\PopUpKiller.exe
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    "PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe"
    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe"
    "SoundMan"=SOUNDMAN.EXE
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"
    "PCMService"="C:\Program Files\Arcade\PCMService.exe"
    "eRecoveryService"=C:\Windows\System32\Check.exe
    "preload"=C:\Windows\RUNXMLPL.exe
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    "BigDogPath"=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
    "C:\\Program Files\\Sango XBMC Toolbox\\Sango XBMC Toolbox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\utorrent.exe"=
    "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\Ahead\\SIPPS\\sipps.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
    R2 SangoXBMSServerService;Sango XBMS Server Service;C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe [2004-12-19 229376]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-24 86792]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
    S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{861e6170-7be8-11dd-bff6-000e9bca7f01}]
    \Shell\AutoRun\command - D:\LaunchU3.exe -a
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-dimsntfy - (no file)


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\JMC13\Application Data\Mozilla\Firefox\Profiles\w31npomk.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gogle.com
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 15:04:51
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> ?:\WINDOWS\system32\ATL.DLL
    -> ?:\WINDOWS\system32\MLANG.dll
    -> ?:\WINDOWS\system32\MLANG.dll
    -> ?:\WINDOWS\system32\MLANG.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
    C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
    C:\ACER\EMANAGER\ANBMSERV.EXE
    C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
    C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
    C:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
    C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2008\VSSERV.EXE
    C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-06 15:09:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-06 13:09:08

    Pre-Run: 2,982,739,968 octets libres
    Post-Run: 3,692,986,368 octets libres

    326 --- E O F --- 2008-08-26 07:41:45
    a b 8 Sécurité
    6 Septembre 2008 15:29:24

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    6 Septembre 2008 16:28:47

    Impossible de mener l'opération à terme en mode sans échec. Le PC s'éteint à chaque fois brusquement pendant le scan de malwarebyte. Puis je le lancer en mode normal?
    a b 8 Sécurité
    6 Septembre 2008 16:42:44

    Oui.
    6 Septembre 2008 18:01:55

    Le rapport malwarebyte,...

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1119
    Windows 5.1.2600 Service Pack 2

    06/09/2008 17:50:07
    mbam-log-2008-09-06 (17-50-07).txt

    Type de recherche: Examen complet (C:\|F:\|J:\|)
    Eléments examinés: 118822
    Temps écoulé: 1 hour(s), 3 minute(s), 24 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 8

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\lwryzuxu.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\iovsute\UiMntSys.dll (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{3261190b-4d6d-e474-7573-0480d3dd6f32} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\abar.abarband (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\abar.abarband.1 (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asearchassist.adefaultsearch (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\asearchassist.adefaultsearch.1 (Adware.Accoona) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Accoona (Adware.Accoona) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\uimntsys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mntchkmon (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\iovsute\UiMntSys.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\lwryzuxu.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Program Files\RegistrySmart\RegistrySmart.exe (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Log\log_2006_12_01_13_33_01.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Log\log_2006_12_01_13_33_02.eklog (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    C:\Program Files\RegistrySmart\Registry Backups\2006-12-01_13-36-39.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    6 Septembre 2008 18:12:36

    Reposte un rapport Hijackthis.
    6 Septembre 2008 18:15:40

    Rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:15:00, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\hcpejsxo.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\TuneUp Utilities 2007\Shredder.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [webdscchk] C:\WINDOWS\system32\hcpejsxo.exe
    O4 - HKCU\..\Run: [HlpCmd] C:\WINDOWS\system32\slsbodgp.exe
    O4 - HKLM\..\Policies\Explorer\Run: [VWEeqghVql] C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/obji...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Sango XBMS Server Service (SangoXBMSServerService) - Perso - C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe (file missing)
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

    --
    End of file - 9833 bytes
    a b 8 Sécurité
    6 Septembre 2008 18:52:55

    Refais un scan Combofix.
    6 Septembre 2008 19:20:33

    Scan combo fi:

    Le virus est toujours là....

    ComboFix 08-09-05.02 - JMC13 2008-09-06 19:12:08.2 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.617 [GMT 2:00]
    Endroit: C:\Documents and Settings\JMC13\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-06 18:44 . 2008-09-06 18:44 <REP> d-------- C:\Program Files\KeyScrambler
    2008-09-06 18:44 . 2008-03-22 23:37 113,896 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
    2008-09-06 18:25 . 2008-09-06 18:25 <REP> d-------- C:\Program Files\ckqhhd
    2008-09-06 18:25 . 2008-09-06 18:25 106,496 --a------ C:\WINDOWS\system32\mzsnwtej.exe
    2008-09-06 17:27 . 2008-09-06 17:27 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-09-06 16:49 . 2008-09-06 16:49 94,208 --a------ C:\WINDOWS\system32\slsbodgp.exe
    2008-09-06 16:41 . 2008-09-06 16:41 <REP> d-------- C:\Program Files\Avira
    2008-09-06 16:41 . 2008-09-06 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Documents and Settings\JMC13\Application Data\Malwarebytes
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-06 15:31 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-06 15:31 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-06 15:05 . 2008-09-06 15:06 94,208 --a------ C:\WINDOWS\system32\hcpejsxo.exe
    2008-09-06 09:51 . 2008-09-06 09:51 <REP> d-------- C:\Documents and Settings\JMC13\Application Data\U3
    2008-09-04 21:30 . 2008-09-04 21:30 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-03 08:45 . 2008-09-01 10:41 28,160 --a------ C:\WINDOWS\system32\VIE7A.exe
    2008-09-02 13:54 . 2008-09-02 13:54 <REP> d-------- C:\Program Files\iovsute
    2008-09-02 13:54 . 2008-09-02 13:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vgzwtetq
    2008-09-02 10:55 . 2008-09-02 10:55 <REP> d-------- C:\Program Files\Lavalys
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\fr
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\bits
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\l2schemas
    2008-08-23 15:16 . 2004-08-05 05:00 4,290,048 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
    2008-08-23 15:15 . 2004-08-05 05:00 2,534,400 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
    2008-08-23 15:14 . 2007-10-25 17:56 8,510,976 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
    2008-08-23 15:13 . 2007-02-28 18:02 2,182,400 --------- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-23 15:09 . 2008-08-23 15:10 <REP> d-------- C:\WINDOWS\EHome
    2008-08-22 10:41 . 2008-08-22 10:41 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 15:51 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-06 12:16 3,160 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-09-02 21:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-09-02 14:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-08-28 20:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
    2006-09-27 20:15 62,800 ----a-w C:\Documents and Settings\JMC13\Application Data\GDIPFONTCACHEV1.DAT
    2006-01-15 09:31 6,107,375 ----a-w C:\Program Files\ThunderbirdSetup-1.0.7-fr-FR.exe
    2005-12-13 17:35 117,248 ----a-w C:\Program Files\utorrent.exe
    2004-12-20 05:37 2,331,066 ----a-w C:\Program Files\SangoXTSetup1.3.exe
    2005-09-20 12:42 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
    "webdscchk"="C:\WINDOWS\system32\hcpejsxo.exe" [2008-09-06 94208]
    "HlpCmd"="C:\WINDOWS\system32\slsbodgp.exe" [2008-09-06 94208]
    "GenInfo"="C:\WINDOWS\system32\mzsnwtej.exe" [2008-09-06 106496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 81920]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-13 180269]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "VWEeqghVql"="C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe" [2008-09-02 69632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "msgcom"= {1C3D7714-8757-E366-DECE-02443418D4A3} - C:\Program Files\ckqhhd\msgcom.dll [2008-09-06 131072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    "PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe"
    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe"
    "SoundMan"=SOUNDMAN.EXE
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"
    "PCMService"="C:\Program Files\Arcade\PCMService.exe"
    "eRecoveryService"=C:\Windows\System32\Check.exe
    "preload"=C:\Windows\RUNXMLPL.exe
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    "BigDogPath"=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
    "C:\\Program Files\\Sango XBMC Toolbox\\Sango XBMC Toolbox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\utorrent.exe"=
    "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\Ahead\\SIPPS\\sipps.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
    R2 SangoXBMSServerService;Sango XBMS Server Service;C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe [2004-12-19 229376]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
    R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 113896]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
    S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\JMC13\Application Data\Mozilla\Firefox\Profiles\w31npomk.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gogle.com
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 19:14:15
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-06 19:15:15
    ComboFix-quarantined-files.txt 2008-09-06 17:15:10
    ComboFix2.txt 2008-09-06 13:09:24

    Pre-Run: 5,446,467,584 octets libres
    Post-Run: 5,439,029,248 octets libres

    187 --- E O F --- 2008-08-26 07:41:45
    a b 8 Sécurité
    6 Septembre 2008 19:29:59

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\mzsnwtej.exe
    C:\WINDOWS\system32\slsbodgp.exe
    C:\WINDOWS\system32\hcpejsxo.exe

    Folder::
    C:\Documents and Settings\All Users\Application Data\vgzwtetq
    C:\Program Files\ckqhhd

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "webdscchk"=-
    "HlpCmd"=-
    "GenInfo"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "VWEeqghVql"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "msgcom"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Septembre 2008 19:41:38

    Scan ComboFi:

    ComboFix 08-09-05.02 - JMC13 2008-09-06 19:36:23.3 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.625 [GMT 2:00]
    Endroit: C:\Documents and Settings\JMC13\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\JMC13\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\vgzwtetq
    C:\Documents and Settings\All Users\Application Data\vgzwtetq\lexorwnk.exe
    C:\Program Files\ckqhhd
    C:\Program Files\ckqhhd\msgcom.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-06 18:44 . 2008-09-06 18:44 <REP> d-------- C:\Program Files\KeyScrambler
    2008-09-06 18:44 . 2008-03-22 23:37 113,896 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
    2008-09-06 18:25 . 2008-09-06 18:25 106,496 --a------ C:\WINDOWS\system32\mzsnwtej.exe
    2008-09-06 17:27 . 2008-09-06 17:27 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-09-06 16:49 . 2008-09-06 16:49 94,208 --a------ C:\WINDOWS\system32\slsbodgp.exe
    2008-09-06 16:41 . 2008-09-06 16:41 <REP> d-------- C:\Program Files\Avira
    2008-09-06 16:41 . 2008-09-06 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Documents and Settings\JMC13\Application Data\Malwarebytes
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-06 15:31 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-06 15:31 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-06 15:05 . 2008-09-06 15:06 94,208 --a------ C:\WINDOWS\system32\hcpejsxo.exe
    2008-09-06 09:51 . 2008-09-06 09:51 <REP> d-------- C:\Documents and Settings\JMC13\Application Data\U3
    2008-09-04 21:30 . 2008-09-04 21:30 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-03 08:45 . 2008-09-01 10:41 28,160 --a------ C:\WINDOWS\system32\VIE7A.exe
    2008-09-02 13:54 . 2008-09-02 13:54 <REP> d-------- C:\Program Files\iovsute
    2008-09-02 10:55 . 2008-09-02 10:55 <REP> d-------- C:\Program Files\Lavalys
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\fr
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\bits
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\l2schemas
    2008-08-23 15:16 . 2004-08-05 05:00 4,290,048 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
    2008-08-23 15:15 . 2004-08-05 05:00 2,534,400 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
    2008-08-23 15:14 . 2007-10-25 17:56 8,510,976 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
    2008-08-23 15:13 . 2007-02-28 18:02 2,182,400 --------- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-23 15:09 . 2008-08-23 15:10 <REP> d-------- C:\WINDOWS\EHome
    2008-08-22 10:41 . 2008-08-22 10:41 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 15:51 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-06 12:16 3,160 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-09-02 21:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-09-02 14:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-08-28 20:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
    2006-09-27 20:15 62,800 ----a-w C:\Documents and Settings\JMC13\Application Data\GDIPFONTCACHEV1.DAT
    2006-01-15 09:31 6,107,375 ----a-w C:\Program Files\ThunderbirdSetup-1.0.7-fr-FR.exe
    2005-12-13 17:35 117,248 ----a-w C:\Program Files\utorrent.exe
    2004-12-20 05:37 2,331,066 ----a-w C:\Program Files\SangoXTSetup1.3.exe
    2005-09-20 12:42 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 81920]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-13 180269]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    "PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe"
    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe"
    "SoundMan"=SOUNDMAN.EXE
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"
    "PCMService"="C:\Program Files\Arcade\PCMService.exe"
    "eRecoveryService"=C:\Windows\System32\Check.exe
    "preload"=C:\Windows\RUNXMLPL.exe
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    "BigDogPath"=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
    "C:\\Program Files\\Sango XBMC Toolbox\\Sango XBMC Toolbox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\utorrent.exe"=
    "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\Ahead\\SIPPS\\sipps.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
    R2 SangoXBMSServerService;Sango XBMS Server Service;C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe [2004-12-19 229376]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
    R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 113896]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
    S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 19:38:15
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-06 19:39:05
    ComboFix-quarantined-files.txt 2008-09-06 17:39:04
    ComboFix3.txt 2008-09-06 13:09:24
    ComboFix2.txt 2008-09-06 17:15:18

    Pre-Run: 5,440,208,896 octets libres
    Post-Run: 5,426,184,192 octets libres

    182 --- E O F --- 2008-08-26 07:41:45


    Scan Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:40:55, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\hcpejsxo.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/obji...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Sango XBMS Server Service (SangoXBMSServerService) - Perso - C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 9414 bytes
    a b 8 Sécurité
    6 Septembre 2008 21:07:36

    Refais un script :

    File::
    C:\WINDOWS\system32\mzsnwtej.exe
    C:\WINDOWS\system32\slsbodgp.exe
    C:\WINDOWS\system32\hcpejsxo.exe

    DirLook::
    C:\Program Files\iovsute
    6 Septembre 2008 21:26:40

    Je l'intègre dans comboscript?
    6 Septembre 2008 23:24:58

    Rapport Comboscript:

    ComboFix 08-09-05.02 - JMC13 2008-09-06 22:55:36.4 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.621 [GMT 2:00]
    Endroit: C:\Documents and Settings\JMC13\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\JMC13\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\hcpejsxo.exe
    C:\WINDOWS\system32\mzsnwtej.exe
    C:\WINDOWS\system32\slsbodgp.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-06 18:44 . 2008-09-06 18:44 <REP> d-------- C:\Program Files\KeyScrambler
    2008-09-06 18:44 . 2008-03-22 23:37 113,896 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
    2008-09-06 17:27 . 2008-09-06 17:27 <REP> d-------- C:\WINDOWS\SxsCaPendDel
    2008-09-06 16:41 . 2008-09-06 16:41 <REP> d-------- C:\Program Files\Avira
    2008-09-06 16:41 . 2008-09-06 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Documents and Settings\JMC13\Application Data\Malwarebytes
    2008-09-06 15:31 . 2008-09-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-06 15:31 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-06 15:31 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-06 09:51 . 2008-09-06 09:51 <REP> d-------- C:\Documents and Settings\JMC13\Application Data\U3
    2008-09-04 21:30 . 2008-09-04 21:30 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-03 08:45 . 2008-09-01 10:41 28,160 --a------ C:\WINDOWS\system32\VIE7A.exe
    2008-09-02 13:54 . 2008-09-02 13:54 <REP> d-------- C:\Program Files\iovsute
    2008-09-02 10:55 . 2008-09-02 10:55 <REP> d-------- C:\Program Files\Lavalys
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\fr
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\system32\bits
    2008-08-23 15:40 . 2008-08-23 15:40 <REP> d-------- C:\WINDOWS\l2schemas
    2008-08-23 15:16 . 2004-08-05 05:00 4,290,048 --a------ C:\WINDOWS\system32\dllcache\wmm2res.dll
    2008-08-23 15:15 . 2004-08-05 05:00 2,534,400 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
    2008-08-23 15:14 . 2007-10-25 17:56 8,510,976 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
    2008-08-23 15:13 . 2007-02-28 18:02 2,182,400 --------- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-23 15:09 . 2008-08-23 15:10 <REP> d-------- C:\WINDOWS\EHome
    2008-08-22 10:41 . 2008-08-22 10:41 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-06 15:51 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-09-06 12:16 3,160 ----a-w C:\WINDOWS\system32\tmp.reg
    2008-09-02 21:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
    2008-09-02 14:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
    2008-08-28 20:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
    2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
    2006-09-27 20:15 62,800 ----a-w C:\Documents and Settings\JMC13\Application Data\GDIPFONTCACHEV1.DAT
    2006-01-15 09:31 6,107,375 ----a-w C:\Program Files\ThunderbirdSetup-1.0.7-fr-FR.exe
    2005-12-13 17:35 117,248 ----a-w C:\Program Files\utorrent.exe
    2004-12-20 05:37 2,331,066 ----a-w C:\Program Files\SangoXTSetup1.3.exe
    2005-09-20 12:42 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Program Files\iovsute ----



    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-05 339968]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-03-30 32768]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2004-10-11 245760]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-04-18 81920]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-13 180269]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 257088]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    "PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe"
    "PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe"
    "SoundMan"=SOUNDMAN.EXE
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe"
    "PCMService"="C:\Program Files\Arcade\PCMService.exe"
    "eRecoveryService"=C:\Windows\System32\Check.exe
    "preload"=C:\Windows\RUNXMLPL.exe
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    "BigDogPath"=C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
    "C:\\Program Files\\Sango XBMC Toolbox\\Sango XBMC Toolbox.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\utorrent.exe"=
    "C:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\Ahead\\SIPPS\\sipps.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
    R2 SangoXBMSServerService;Sango XBMS Server Service;C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe [2004-12-19 229376]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
    R3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys [2008-03-22 113896]
    S3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 69632]
    S3 POWERKEY;POWERKEY;C:\Program Files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
    S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-06 22:57:15
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-06 22:58:07
    ComboFix-quarantined-files.txt 2008-09-06 20:58:06
    ComboFix4.txt 2008-09-06 13:09:24
    ComboFix3.txt 2008-09-06 17:15:18
    ComboFix2.txt 2008-09-06 17:39:08

    Pre-Run: 5,377,556,480 octets libres
    Post-Run: 5,359,861,760 octets libres

    182 --- E O F --- 2008-08-26 07:41:45

    Rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:22:50, on 06/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/obji...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Sango XBMS Server Service (SangoXBMSServerService) - Perso - C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 9334 bytes

    a b 8 Sécurité
    7 Septembre 2008 16:50:43

    Re,

    Supprime ce dossier :
    C:\Program Files\iovsute
    8 Septembre 2008 09:50:10

    Ok supprimé, le dossier était vide. On dirait que c'est propre, je remets un rapport Hijackthis ?

    Merci,
    a b 8 Sécurité
    8 Septembre 2008 16:55:26

    Après avoir fait ça :) 

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
    8 Septembre 2008 19:17:50

    Re,

    Voilà, Fix effectué:

    Rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:15:20, on 08/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/framework/lib/obji...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Sango XBMS Server Service (SangoXBMSServerService) - Perso - C:\Program Files\Sango XBMC Toolbox\Sango XBMS Server.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 9429 bytes
    a b 8 Sécurité
    8 Septembre 2008 20:01:56

    D'autres problème ?
    8 Septembre 2008 20:30:40

    Non tout va bien, problème résolu de manière magistrale.
    Merci pour tout à Angel Dark, en particulier pour sa disponibilité. Je suis vraiment impressionné par les analyses et la méthodologie de la résolution du problème. En plus, au delà de l'infection, de lecture de posts en posts, de liens en liens on apprend à mieux protéger son PC.
    Merci et à bientôt, on circule mieux couvert,

    a b 8 Sécurité
    8 Septembre 2008 20:53:47

    Bonne continuation ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS