Votre question

[Résolu] problem avec trojan-downloader.win32.agent.bq

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Août 2008 15:47:13

Bonjour,

voila j'ai un bleme je ne sais pas comment me debarasser de troja notamment:
trojan-spy.win32.keylogger.aa
trojan-downloader.win32.agent.bq

j'ai essayé cette facon mais rien:
http://www.infos-du-net.com/forum/278396-11-tuto-malwar...

merci de votre aide


Voila un rapport HijackThis::::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:23, on 30.08.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\ATKKBService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\eHome\ehRecvr.exe
I:\WINDOWS\eHome\ehSched.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\dllhost.exe
I:\Program Files\Analog Devices\Core\smax4pnp.exe
I:\Program Files\Analog Devices\SoundMAX\Smax4.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\system32\RunDLL32.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\RocketDock\RocketDock.exe
I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
I:\WINDOWS\system32\kfcfsdgj.exe
I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
I:\Program Files\Opera\opera.exe
I:\Program Files\uTorrent\uTorrent.exe
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I:\WINDOWS\system32\kfcfsdgj.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "I:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessLive Auto Update] G:\Logiciel\MessLivePatch.exe -a_update
O4 - HKCU\..\Run: [strapl] I:\WINDOWS\system32\kfcfsdgj.exe
O4 - HKLM\..\Policies\Explorer\Run: [zblsluTn5Z] I:\Documents and Settings\Vincent Villy\Bureau\AdobeFlashPlayerHD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
O4 - Global Startup: PayPen.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
O21 - SSODL: MsgCfgUi - {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6497 bytes

Autres pages sur : resolu problem trojan downloader win32 agent

a b 8 Sécurité
30 Août 2008 17:39:36

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    30 Août 2008 18:04:01

    je peine un max
    avec la console de recuperation


    EDIT : Je n'arrive pas a installecet P: de console de recup.....
    j'ai essayé 2X sans succes
    Contenus similaires
    a b 8 Sécurité
    30 Août 2008 19:18:24

    Et le scan ne se fait pas ?
    30 Août 2008 19:22:18

    dans le tuto que tu m'as linké ils dise de metre la consolle de .... pour recuperer si il y a un bleme
    mais je vais tenter le scan
    30 Août 2008 19:45:14

    ComboFix 08-08-29.02 - Vincent Villy 2008-08-30 19:27:52.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1601 [GMT 2:00]
    Endroit: I:\Documents and Settings\Vincent Villy\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp1.tmp
    I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp2.tmp
    I:\Program Files\akl
    I:\Program Files\akl\akl.dll
    I:\Program Files\akl\akl.exe
    I:\Program Files\akl\uninstall.exe
    I:\Program Files\akl\unsetup.exe
    I:\WINDOWS\a.bat
    I:\WINDOWS\base64.tmp
    I:\WINDOWS\bdn.com
    I:\WINDOWS\FVProtect.exe
    I:\WINDOWS\iTunesMusic.exe
    I:\WINDOWS\mslagent
    I:\WINDOWS\mslagent\2_mslagent.dll
    I:\WINDOWS\mslagent\mslagent.exe
    I:\WINDOWS\mslagent\uninstall.exe
    I:\WINDOWS\mssecu.exe
    I:\WINDOWS\system32\akttzn.exe
    I:\WINDOWS\system32\anticipator.dll
    I:\WINDOWS\system32\awtoolb.dll
    I:\WINDOWS\system32\bdn.com
    I:\WINDOWS\system32\bsva-egihsg52.exe
    I:\WINDOWS\system32\dpcproxy.exe
    I:\WINDOWS\system32\h@tkeysh@@k.dll
    I:\WINDOWS\system32\hoproxy.dll
    I:\WINDOWS\system32\hxiwlgpm.dat
    I:\WINDOWS\system32\hxiwlgpm.exe
    I:\WINDOWS\system32\msgp.exe
    I:\WINDOWS\system32\msnbho.dll
    I:\WINDOWS\system32\mssecu.exe
    I:\WINDOWS\system32\msvchost.exe
    I:\WINDOWS\system32\mtr2.exe
    I:\WINDOWS\system32\mwin32.exe
    I:\WINDOWS\system32\netode.exe
    I:\WINDOWS\system32\newsd32.exe
    I:\WINDOWS\system32\ps1.exe
    I:\WINDOWS\system32\psof1.exe
    I:\WINDOWS\system32\psoft1.exe
    I:\WINDOWS\system32\regc64.dll
    I:\WINDOWS\system32\regm64.dll
    I:\WINDOWS\system32\Rundl1.exe
    I:\WINDOWS\system32\smp
    I:\WINDOWS\system32\smp\msrc.exe
    I:\WINDOWS\system32\sncntr.exe
    I:\WINDOWS\system32\ssurf022.dll
    I:\WINDOWS\system32\ssvchost.com
    I:\WINDOWS\system32\ssvchost.exe
    I:\WINDOWS\system32\sysreq.exe
    I:\WINDOWS\system32\taack.dat
    I:\WINDOWS\system32\taack.exe
    I:\WINDOWS\system32\temp#01.exe
    I:\WINDOWS\system32\thun.dll
    I:\WINDOWS\system32\thun32.dll
    I:\WINDOWS\system32\VBIEWER.OCX
    I:\WINDOWS\system32\vbsys2.dll
    I:\WINDOWS\system32\vcatchpi.dll
    I:\WINDOWS\system32\vsdatant.sys
    I:\WINDOWS\system32\winlogonpc.exe
    I:\WINDOWS\system32\winsystem.exe
    I:\WINDOWS\system32\WINWGPX.EXE
    I:\WINDOWS\userconfig9x.dll
    I:\WINDOWS\winsystem.exe
    I:\WINDOWS\zip1.tmp
    I:\WINDOWS\zip2.tmp
    I:\WINDOWS\zip3.tmp
    I:\WINDOWS\zipped.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_VSDATANT
    -------\Service_vsdatant


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-30 16:56 . 2008-08-30 16:56 <REP> d-------- I:\Program Files\VirtualDub-1.6.18
    2008-08-30 15:45 . 2008-08-30 15:45 <REP> d-------- I:\Program Files\Trend Micro
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Malwarebytes
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-30 13:03 . 2008-08-17 15:01 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-30 13:03 . 2008-08-17 15:01 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
    2008-08-30 12:57 . 2008-08-30 13:02 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-30 10:15 . 2008-08-30 19:31 682,016 --ahs---- I:\WINDOWS\system32\drivers\fidbox.dat
    2008-08-30 10:15 . 2008-08-30 19:30 10,088 --ahs---- I:\WINDOWS\system32\drivers\fidbox.idx
    2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Program Files\Zone Labs
    2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-08-30 10:10 . 2008-08-30 17:41 <REP> d-------- I:\WINDOWS\Internet Logs
    2008-08-30 09:55 . 2008-08-30 09:55 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Jetico Personal Firewall
    2008-08-30 02:13 . 2008-08-30 02:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytohqzuh
    2008-08-29 15:06 . 2008-08-29 15:06 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Program Files\avbjzde
    2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytefapsl
    2008-08-29 14:13 . 2008-08-29 14:13 98,304 --a------ I:\WINDOWS\system32\kfcfsdgj.exe
    2008-08-29 14:13 . 2008-08-29 14:13 66,048 --a------ I:\WINDOWS\system32\yhwfwfsj.exe
    2008-08-25 23:30 . 2008-08-25 23:30 <REP> d-------- I:\Program Files\CDisplay
    2008-08-20 17:13 . 2008-08-20 17:13 <REP> d-------- I:\Program Files\SHARP
    2008-08-18 22:07 . 2008-08-18 22:08 <REP> d-------- I:\Documents and Settings\Vincent Villy\Logitech
    2008-08-18 22:06 . 2008-08-18 22:06 <REP> d-------- I:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-08-17 11:31 . 2004-03-29 17:23 90,112 --a------ I:\WINDOWS\unvise32.exe
    2008-08-17 10:43 . 2008-08-17 10:43 <REP> d-------- I:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-17 10:39 . 2008-08-17 10:39 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ALM
    2008-08-17 10:33 . 2008-08-30 17:57 <REP> d-------- I:\Program Files\Bonjour
    2008-08-17 10:30 . 2008-08-17 10:30 <REP> d-------- I:\Program Files\Fichiers communs\Macrovision Shared
    2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- I:\Program Files\Yahoo!
    2008-08-14 13:52 . 2008-08-14 13:52 <REP> d-------- I:\Program Files\MSECache
    2008-08-13 22:48 . 2008-05-01 16:36 331,776 -----c--- I:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-11 18:04 . 2008-08-11 18:04 <REP> d-------- I:\Program Files\InfraRecorder
    2008-08-11 18:04 . 2008-08-11 18:24 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\InfraRecorder
    2008-08-05 19:14 . 2008-08-17 08:10 <REP> d-------- I:\Program Files\MediaCoder
    2008-08-04 12:21 . 2008-08-04 16:27 <REP> d-------- I:\Program Files\Gabest
    2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Real Alternative
    2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Haali
    2008-08-04 12:08 . 2008-08-04 12:08 <REP> d-------- I:\Program Files\ffdshow
    2008-08-04 12:08 . 2007-01-01 00:00 60,273 --a------ I:\WINDOWS\system32\pthreadGC2.dll
    2008-08-04 12:08 . 2007-12-15 16:11 7,680 --a------ I:\WINDOWS\system32\ff_vfw.dll
    2008-08-04 12:08 . 2007-12-15 16:11 6,144 --a------ I:\WINDOWS\system32\ff_acm.acm
    2008-08-04 12:08 . 2007-01-01 00:00 547 --a------ I:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-08-02 17:04 . 2008-08-08 17:36 <REP> d-------- I:\Program Files\musikCube_1.0
    2008-08-02 17:03 . 2008-08-30 10:36 <REP> d-------- I:\Documents and Settings\Vincent Villy\.musikproject
    2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
    2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a--c--- I:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
    2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a--c--- I:\WINDOWS\system32\dllcache\kbd106.dll
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr-fr
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\bits
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\l2schemas
    2008-08-01 06:58 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
    2008-07-31 12:23 . 2008-07-31 12:23 <REP> d-------- I:\Program Files\Exact Audio Copy
    2008-07-31 12:23 . 2008-07-31 13:28 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\AccurateRip
    2008-07-31 12:16 . 2008-07-31 12:16 9,557 --a------ I:\WINDOWS\EAC.CFG
    2008-07-31 11:55 . 2008-07-31 11:55 164,112 --a------ I:\WINDOWS\system32\wnaspi32.dll
    2008-07-27 17:41 . 2008-07-27 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Media Player Classic
    2008-07-27 09:19 . 2008-08-30 15:38 <REP> d-------- I:\Program Files\Mozilla Thunderbird
    2008-07-27 09:19 . 2008-07-27 09:19 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Thunderbird
    2008-07-26 11:03 . 2008-07-26 11:03 <REP> d--h----- I:\WINDOWS\PIF
    2008-07-26 09:47 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brownie
    2008-07-26 09:46 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brother
    2008-07-26 09:46 . 2004-10-12 01:24 188,416 --a------ I:\WINDOWS\system32\Pdrvinst.dll
    2008-07-26 09:46 . 2002-10-31 01:09 81,920 --a------ I:\WINDOWS\system32\BrWebIns.dll
    2008-07-26 09:46 . 2003-07-03 01:08 65,536 --a------ I:\WINDOWS\system32\BRWEBUP.EXE
    2008-07-26 09:46 . 2008-04-13 20:47 25,856 --------- I:\WINDOWS\system32\drivers\usbprint.sys
    2008-07-26 09:46 . 2008-07-26 09:46 425 --a------ I:\WINDOWS\BRWMARK.INI
    2008-07-26 09:46 . 2008-07-26 09:46 34 --a------ I:\WINDOWS\system32\BD2030.DAT
    2008-07-25 15:17 . 2008-08-17 10:41 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
    2008-07-25 13:07 . 2008-07-25 13:07 <REP> d-------- I:\Program Files\CCleaner
    2008-07-25 12:20 . 2008-07-25 12:20 <REP> d-------- I:\Program Files\Lavasoft
    2008-07-25 12:20 . 2008-07-25 12:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-25 12:19 . 2008-07-25 12:19 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-25 12:06 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
    2008-07-25 12:06 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
    2008-07-25 12:06 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
    2008-07-24 20:32 . 2008-07-24 20:35 1,143 --a------ I:\WINDOWS\mozver.dat
    2008-07-24 17:54 . 2008-07-25 12:57 <REP> d-------- I:\Documents and Settings\All Users\Application Data\part dead amok eggs
    2008-07-24 17:41 . 2008-07-24 17:53 <REP> d-------- I:\Documents and Settings\Vincent Villy\Contacts
    2008-07-24 17:34 . 2008-08-18 22:06 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
    2008-07-24 17:28 . 2008-07-25 12:56 <REP> d-------- I:\Program Files\Windows Live
    2008-07-24 17:28 . 2008-07-24 17:34 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-07-24 17:28 . 2008-07-24 17:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-24 16:52 . 2008-07-24 16:52 <REP> d---s---- I:\Documents and Settings\Vincent Villy\UserData
    2008-07-24 16:30 . 2008-07-24 16:30 <REP> d-------- I:\Program Files\MSXML 4.0
    2008-07-24 15:23 . 2008-07-24 15:23 <REP> d-------- I:\Program Files\Enregistrer sous
    2008-07-24 14:34 . 2008-07-24 19:11 <REP> dr------- I:\WINDOWS\system32\000 - Icones
    2008-07-24 13:26 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
    2008-07-24 13:26 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-24 13:25 . 2008-05-08 16:02 203,136 -----c--- I:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-24 13:21 . 2008-07-24 13:21 <REP> d-------- I:\Program Files\RocketDock
    2008-07-23 20:42 . 2003-06-25 16:05 266,360 --a------ I:\WINDOWS\system32\TweakUI.exe
    2008-07-23 20:42 . 2002-06-21 15:09 160,217 --a------ I:\WINDOWS\system32\PowerToysLicense.rtf
    2008-07-23 19:27 . 2008-07-23 19:27 228 --a------ I:\WINDOWS\CCPen200.ini
    2008-07-23 19:25 . 2008-07-23 19:25 <REP> d-------- I:\WINDOWS\system32\URTTEMP
    2008-07-23 19:07 . 2005-02-14 15:27 32,408 --------- I:\WINDOWS\system32\drivers\pendfu.sys
    2008-07-23 18:51 . 2008-07-24 13:59 <REP> d-------- I:\Program Files\uTorrent
    2008-07-23 18:51 . 2008-08-30 17:52 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\uTorrent
    2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Program Files\QuickTime Alternative
    2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-07-23 18:45 . 2008-05-27 10:50 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
    2008-07-23 18:45 . 2008-05-27 10:50 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
    2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Program Files\Team MediaPortal
    2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Team MediaPortal
    2008-07-23 18:14 . 2008-07-23 18:14 0 --a------ I:\WINDOWS\ccwinpay.INI
    2008-07-23 18:08 . 2008-07-23 18:08 <REP> d-------- I:\Program Files\Microsoft WSE
    2008-07-23 18:08 . 2008-08-22 17:13 <REP> d-------- I:\Program Files\Fichiers communs\C-CHANNEL
    2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Program Files\C-CHANNEL
    2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\C-CHANNEL
    2008-07-23 17:41 . 2008-07-23 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\IrfanView
    2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Program Files\VideoLAN
    2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\vlc
    2008-07-23 17:10 . 2008-07-23 17:12 <REP> d-------- I:\WINDOWS\SHELLNEW
    2008-07-23 17:10 . 2008-08-29 07:22 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-23 17:09 . 2008-07-23 17:09 <REP> dr-h----- I:\MSOCache
    2008-07-23 16:19 . 2008-07-23 16:20 <REP> d-------- I:\Program Files\MozBackup
    2008-07-23 16:07 . 2008-07-23 16:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-07-23 16:03 . 2008-07-23 16:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-07-23 16:01 . 2008-07-23 16:01 <REP> d-------- I:\Program Files\My Company Name
    2008-07-23 16:00 . 2008-07-23 16:03 <REP> d-------- I:\WINDOWS\nview
    2008-07-23 16:00 . 2006-06-01 11:22 208,896 --a------ I:\WINDOWS\system32\nvudisp.exe
    2008-07-23 16:00 . 2008-08-30 19:31 63,804 --a------ I:\WINDOWS\system32\nvapps.xml
    2008-07-23 16:00 . 2006-06-01 11:22 16,960 --a------ I:\WINDOWS\system32\nvdisp.nvu

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-23 11:03 --------- d-----w I:\Program Files\Realtek
    2008-07-23 09:37 --------- d-----w I:\Program Files\microsoft frontpage
    2008-07-23 09:35 --------- d-----w I:\Program Files\Services en ligne
    2008-07-23 09:29 --------- d-----w I:\Program Files\Windows Plus
    2008-07-09 07:05 75,248 ----a-w I:\WINDOWS\zllsputility.exe
    2008-07-09 07:05 42,384 ----a-w I:\WINDOWS\zllsputility_loc040c.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="I:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
    "MediaPortal Shell"="I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [2006-09-22 08:57 200704]
    "MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "strapl"="I:\WINDOWS\system32\kfcfsdgj.exe" [2008-08-29 14:13 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="I:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
    "SoundMAXPnP"="I:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
    "JMB36X Configure"="I:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
    "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
    "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
    "ZoneAlarm Client"="I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
    "nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 I:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 I:\WINDOWS\system32\nvmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= I:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "MsgCfgUi"= {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll [2008-08-29 14:13 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "I:\\Program Files\\Messenger\\msmsgs.exe"=
    "I:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R3 PayPen;PayPen;I:\WINDOWS\system32\Drivers\PayPen.sys [2005-02-16 08:53]
    R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
    S3 pendfu;PenDfu (pendfu.sys);I:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 15:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3180ad7-58a3-11dd-bb0a-806d6172696f}]
    \Shell\AutoRun\command - G:\ASUSACPI.exe
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-MessLive Auto Update - G:\Logiciel\MessLivePatch.exe
    HKLM-Explorer_Run-zblsluTn5Z - I:\Documents and Settings\Vincent Villy\Bureau\AdobeFlashPlayerHD.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - I:\Documents and Settings\Vincent Villy\Application Data\Mozilla\Firefox\Profiles\e3z9n9p8.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.karloff.ch/wd110awp/wd110awp.exe/connect/EKARLOFF
    FF -: plugin - I:\Program Files\Opera\program\plugins\NPOFF12.DLL
    FF -: plugin - I:\Program Files\Opera\program\plugins\nppl3260.dll
    FF -: plugin - I:\Program Files\Opera\program\plugins\nprpjplug.dll
    FF -: plugin - I:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-30 19:31:37
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\WINDOWS\ATKKBService.exe
    I:\WINDOWS\ehome\ehRecvr.exe
    I:\WINDOWS\ehome\ehSched.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    I:\WINDOWS\system32\dllhost.exe
    I:\WINDOWS\ehome\ehmsas.exe
    I:\WINDOWS\system32\rundll32.exe
    I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-30 19:33:41 - machine was rebooted [Vincent Villy]
    ComboFix-quarantined-files.txt 2008-08-30 17:33:37

    Pre-Run: 38,207,086,592 octets libres
    Post-Run: 38,590,668,800 octets libres

    313 --- E O F --- 2008-08-29 05:22:15
    a b 8 Sécurité
    30 Août 2008 20:42:36

    Reposte un rapport Hijackthis.
    30 Août 2008 20:49:59

    J'ai toujours les problemes avec ces trojan

    voici le rapport:::

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:48:23, on 30.08.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    I:\Program Files\Alwil Software\Avast4\ashServ.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\Analog Devices\Core\smax4pnp.exe
    I:\WINDOWS\system32\RunDLL32.exe
    I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    I:\Program Files\RocketDock\RocketDock.exe
    I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    I:\WINDOWS\system32\kfcfsdgj.exe
    I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\WINDOWS\ATKKBService.exe
    I:\WINDOWS\eHome\ehRecvr.exe
    I:\WINDOWS\eHome\ehSched.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    I:\WINDOWS\system32\dllhost.exe
    I:\Program Files\Opera\opera.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [strapl] I:\WINDOWS\system32\kfcfsdgj.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
    O4 - Global Startup: PayPen.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
    O21 - SSODL: MsgCfgUi - {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - I:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5843 bytes
    30 Août 2008 23:08:50

    j'ai fait plusieur scan

    1er:


    Avira AntiVir Personal
    Report file date: samedi, 30. août 2008 21:05

    Scanning for 1583963 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: HOME-2EAE655111

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 19:05:00
    ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 30/08/2008 19:05:01
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 19:05:04
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 19:05:04
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 19:05:03
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 19:05:02
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 19:05:01
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: G:, I:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi, 30. août 2008 21:05

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
    Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'CPenDesk.exe' - '1' Module(s) have been scanned
    Scan process 'CPenOCR.exe' - '1' Module(s) have been scanned
    Scan process 'PayPen.exe' - '1' Module(s) have been scanned
    Scan process 'kfcfsdgj.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'mptray.exe' - '1' Module(s) have been scanned
    Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
    Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    37 processes with 37 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'G:\'
    [INFO] No virus was found!
    Boot sector 'I:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '53' files ).


    Starting the file scan:

    Begin scan in 'G:\' <Mon Bureau>
    G:\Logiciel\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar
    [0] Archive type: RAR
    --> Crack et Keygen\KeyGen Adobe.PhotoShop.CS2.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
    [WARNING] The file was ignored!
    G:\Logiciel\Adobe.CS3.Design.Premium.FRENCH\Adobe.CS3.Design.Premium.FRENCH\crack\Keygen\Adobe CS3 Design Premium Keygen.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.578 back-door program
    [NOTE] The file was deleted!
    G:\System Volume Information\_restore{2D01212A-8F87-47E9-A13B-C6F1BF24E1EA}\RP71\A0017687.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.581 back-door program
    [NOTE] The file was deleted!
    G:\System Volume Information\_restore{2D01212A-8F87-47E9-A13B-C6F1BF24E1EA}\RP74\A0018663.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.578 back-door program
    [NOTE] The file was deleted!
    Begin scan in 'I:\' <Disque Local>
    I:\pagefile.sys
    [WARNING] The file could not be opened!


    End of the scan: samedi, 30. août 2008 21:51
    Used time: 45:33 Minute(s)

    The scan has been done completely.

    7844 Scanning directories
    537886 Files were scanned
    4 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    3 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    537881 Files not concerned
    6890 Archives were scanned
    6 Warnings
    3 Notes

    a b 8 Sécurité
    30 Août 2008 23:10:01

    Reposte un rapport Hijackthis.
    30 Août 2008 23:11:29

    2eme



    Avira AntiVir Personal
    Report file date: samedi, 30. août 2008 21:57

    Scanning for 1583963 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Save mode
    Username: Vincent Villy
    Computer name: HOME-2EAE655111

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 19:05:00
    ANTIVIR3.VDF : 7.0.6.93 209920 Bytes 30/08/2008 19:05:01
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 19:05:04
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 19:05:04
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 19:05:03
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 19:05:02
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 19:05:01
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Local Drives
    Configuration file...............: i:\program files\avira\antivir personaledition classic\alldrives.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: G:, I:, A:, H:, J:, K:, L:, D:, E:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi, 30. août 2008 21:57

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    12 processes with 12 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'G:\'
    [INFO] No virus was found!
    Boot sector 'I:\'
    [INFO] No virus was found!
    Boot sector 'A:\'
    [INFO] In the drive 'A:\' no data medium is inserted!
    Boot sector 'H:\'
    [INFO] In the drive 'H:\' no data medium is inserted!
    Boot sector 'J:\'
    [INFO] In the drive 'J:\' no data medium is inserted!
    Boot sector 'K:\'
    [INFO] In the drive 'K:\' no data medium is inserted!
    Boot sector 'L:\'
    [INFO] In the drive 'L:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '53' files ).


    Starting the file scan:

    Begin scan in 'G:\' <Mon Bureau>


    End of the scan: samedi, 30. août 2008 23:01
    Used time: 1:03:21 Hour(s)

    The scan has been canceled!

    366 Scanning directories
    19520 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    19520 Files not concerned
    3253 Archives were scanned
    4 Warnings
    0 Notes

    a b 8 Sécurité
    30 Août 2008 23:24:03

    Hijackthis :) 
    30 Août 2008 23:35:17

    Voilou
    mais j'ai toujour ces pop up de trojan

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:34:15, on 30.08.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\Analog Devices\Core\smax4pnp.exe
    I:\WINDOWS\system32\RunDLL32.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    I:\Program Files\RocketDock\RocketDock.exe
    I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    I:\WINDOWS\system32\kfcfsdgj.exe
    I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    I:\WINDOWS\ATKKBService.exe
    I:\WINDOWS\eHome\ehRecvr.exe
    I:\WINDOWS\eHome\ehSched.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\dllhost.exe
    I:\Program Files\Opera\opera.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    i:\program files\avira\antivir personaledition classic\avcenter.exe
    I:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    I:\WINDOWS\system32\kfcfsdgj.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [strapl] I:\WINDOWS\system32\kfcfsdgj.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
    O4 - Global Startup: PayPen.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
    O21 - SSODL: MsgCfgUi - {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - I:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5823 bytes
    31 Août 2008 08:55:43

    je croyai les trojan parti mais non
    j'ai toujours ces fenetres qui s'ouvre pour m'avertir que j'ai un trojan et aller sur ce site acheter un antivirus
    a b 8 Sécurité
    31 Août 2008 14:32:18

    Refais un scan Combofix :) 
    31 Août 2008 14:52:29

    Voila :::::

    ComboFix 08-08-30.03 - Vincent Villy 2008-08-31 14:46:12.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1606 [GMT 2:00]
    Endroit: I:\Documents and Settings\Vincent Villy\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp1.tmp
    I:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\tmp2.tmp

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Program Files\Avira
    2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Avira
    2008-08-30 16:56 . 2008-08-30 16:56 <REP> d-------- I:\Program Files\VirtualDub-1.6.18
    2008-08-30 15:45 . 2008-08-30 15:45 <REP> d-------- I:\Program Files\Trend Micro
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Malwarebytes
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-30 13:03 . 2008-08-17 15:01 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-30 13:03 . 2008-08-17 15:01 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
    2008-08-30 12:57 . 2008-08-30 13:02 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-30 10:11 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\system32\ZoneLabs
    2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-08-30 10:11 . 2004-04-27 04:40 11,264 --a------ I:\WINDOWS\system32\SpOrder.dll
    2008-08-30 10:11 . 2008-08-30 10:13 4,212 ---h----- I:\WINDOWS\system32\zllictbl.dat
    2008-08-30 10:11 . 2008-08-30 20:39 335 --a------ I:\WINDOWS\system32\vsconfig.xml
    2008-08-30 10:10 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\Internet Logs
    2008-08-30 09:55 . 2008-08-30 09:55 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Jetico Personal Firewall
    2008-08-30 02:13 . 2008-08-30 02:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytohqzuh
    2008-08-29 15:06 . 2008-08-29 15:06 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Program Files\avbjzde
    2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytefapsl
    2008-08-29 14:13 . 2008-08-29 14:13 98,304 --a------ I:\WINDOWS\system32\kfcfsdgj.exe
    2008-08-29 14:13 . 2008-08-29 14:13 66,048 --a------ I:\WINDOWS\system32\yhwfwfsj.exe
    2008-08-25 23:30 . 2008-08-31 11:05 <REP> d-------- I:\Program Files\CDisplay
    2008-08-20 17:13 . 2008-08-20 17:13 <REP> d-------- I:\Program Files\SHARP
    2008-08-18 22:07 . 2008-08-18 22:08 <REP> d-------- I:\Documents and Settings\Vincent Villy\Logitech
    2008-08-18 22:06 . 2008-08-18 22:06 <REP> d-------- I:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-08-17 11:31 . 2004-03-29 17:23 90,112 --a------ I:\WINDOWS\unvise32.exe
    2008-08-17 10:43 . 2008-08-17 10:43 <REP> d-------- I:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-17 10:39 . 2008-08-17 10:39 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ALM
    2008-08-17 10:33 . 2008-08-30 17:57 <REP> d-------- I:\Program Files\Bonjour
    2008-08-17 10:30 . 2008-08-17 10:30 <REP> d-------- I:\Program Files\Fichiers communs\Macrovision Shared
    2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- I:\Program Files\Yahoo!
    2008-08-14 13:52 . 2008-08-14 13:52 <REP> d-------- I:\Program Files\MSECache
    2008-08-13 22:48 . 2008-05-01 16:36 331,776 -----c--- I:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-11 18:04 . 2008-08-11 18:04 <REP> d-------- I:\Program Files\InfraRecorder
    2008-08-11 18:04 . 2008-08-11 18:24 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\InfraRecorder
    2008-08-05 19:14 . 2008-08-17 08:10 <REP> d-------- I:\Program Files\MediaCoder
    2008-08-04 12:21 . 2008-08-04 16:27 <REP> d-------- I:\Program Files\Gabest
    2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Real Alternative
    2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Haali
    2008-08-04 12:08 . 2008-08-04 12:08 <REP> d-------- I:\Program Files\ffdshow
    2008-08-04 12:08 . 2007-01-01 00:00 60,273 --a------ I:\WINDOWS\system32\pthreadGC2.dll
    2008-08-04 12:08 . 2007-12-15 16:11 7,680 --a------ I:\WINDOWS\system32\ff_vfw.dll
    2008-08-04 12:08 . 2007-12-15 16:11 6,144 --a------ I:\WINDOWS\system32\ff_acm.acm
    2008-08-04 12:08 . 2007-01-01 00:00 547 --a------ I:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-08-02 17:04 . 2008-08-08 17:36 <REP> d-------- I:\Program Files\musikCube_1.0
    2008-08-02 17:03 . 2008-08-30 10:36 <REP> d-------- I:\Documents and Settings\Vincent Villy\.musikproject
    2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
    2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a--c--- I:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
    2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a--c--- I:\WINDOWS\system32\dllcache\kbd106.dll
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr-fr
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\bits
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\l2schemas
    2008-08-01 06:58 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
    2008-07-31 12:23 . 2008-07-31 12:23 <REP> d-------- I:\Program Files\Exact Audio Copy
    2008-07-31 12:23 . 2008-07-31 13:28 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\AccurateRip
    2008-07-31 12:16 . 2008-07-31 12:16 9,557 --a------ I:\WINDOWS\EAC.CFG
    2008-07-31 11:55 . 2008-07-31 11:55 164,112 --a------ I:\WINDOWS\system32\wnaspi32.dll
    2008-07-27 17:41 . 2008-07-27 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Media Player Classic
    2008-07-27 09:19 . 2008-08-31 14:00 <REP> d-------- I:\Program Files\Mozilla Thunderbird
    2008-07-27 09:19 . 2008-07-27 09:19 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Thunderbird
    2008-07-26 11:03 . 2008-07-26 11:03 <REP> d--h----- I:\WINDOWS\PIF
    2008-07-26 09:47 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brownie
    2008-07-26 09:46 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brother
    2008-07-26 09:46 . 2004-10-12 01:24 188,416 --a------ I:\WINDOWS\system32\Pdrvinst.dll
    2008-07-26 09:46 . 2002-10-31 01:09 81,920 --a------ I:\WINDOWS\system32\BrWebIns.dll
    2008-07-26 09:46 . 2003-07-03 01:08 65,536 --a------ I:\WINDOWS\system32\BRWEBUP.EXE
    2008-07-26 09:46 . 2008-04-13 20:47 25,856 --------- I:\WINDOWS\system32\drivers\usbprint.sys
    2008-07-26 09:46 . 2008-07-26 09:46 425 --a------ I:\WINDOWS\BRWMARK.INI
    2008-07-26 09:46 . 2008-07-26 09:46 34 --a------ I:\WINDOWS\system32\BD2030.DAT
    2008-07-25 15:17 . 2008-08-17 10:41 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
    2008-07-25 13:07 . 2008-07-25 13:07 <REP> d-------- I:\Program Files\CCleaner
    2008-07-25 12:20 . 2008-07-25 12:20 <REP> d-------- I:\Program Files\Lavasoft
    2008-07-25 12:20 . 2008-07-25 12:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-25 12:19 . 2008-07-25 12:19 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-25 12:06 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
    2008-07-25 12:06 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
    2008-07-25 12:06 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
    2008-07-24 20:32 . 2008-07-24 20:35 1,143 --a------ I:\WINDOWS\mozver.dat
    2008-07-24 17:54 . 2008-07-25 12:57 <REP> d-------- I:\Documents and Settings\All Users\Application Data\part dead amok eggs
    2008-07-24 17:41 . 2008-07-24 17:53 <REP> d-------- I:\Documents and Settings\Vincent Villy\Contacts
    2008-07-24 17:34 . 2008-08-18 22:06 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
    2008-07-24 17:28 . 2008-07-25 12:56 <REP> d-------- I:\Program Files\Windows Live
    2008-07-24 17:28 . 2008-07-24 17:34 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-07-24 17:28 . 2008-07-24 17:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-24 16:52 . 2008-07-24 16:52 <REP> d---s---- I:\Documents and Settings\Vincent Villy\UserData
    2008-07-24 16:30 . 2008-07-24 16:30 <REP> d-------- I:\Program Files\MSXML 4.0
    2008-07-24 15:23 . 2008-07-24 15:23 <REP> d-------- I:\Program Files\Enregistrer sous
    2008-07-24 14:34 . 2008-07-24 19:11 <REP> dr------- I:\WINDOWS\system32\000 - Icones
    2008-07-24 13:26 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
    2008-07-24 13:26 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-24 13:25 . 2008-05-08 16:02 203,136 -----c--- I:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-24 13:21 . 2008-07-24 13:21 <REP> d-------- I:\Program Files\RocketDock
    2008-07-23 20:42 . 2003-06-25 16:05 266,360 --a------ I:\WINDOWS\system32\TweakUI.exe
    2008-07-23 20:42 . 2002-06-21 15:09 160,217 --a------ I:\WINDOWS\system32\PowerToysLicense.rtf
    2008-07-23 19:27 . 2008-07-23 19:27 228 --a------ I:\WINDOWS\CCPen200.ini
    2008-07-23 19:25 . 2008-07-23 19:25 <REP> d-------- I:\WINDOWS\system32\URTTEMP
    2008-07-23 19:07 . 2005-02-14 15:27 32,408 --------- I:\WINDOWS\system32\drivers\pendfu.sys
    2008-07-23 18:51 . 2008-07-24 13:59 <REP> d-------- I:\Program Files\uTorrent
    2008-07-23 18:51 . 2008-08-31 14:44 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\uTorrent
    2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Program Files\QuickTime Alternative
    2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-07-23 18:45 . 2008-05-27 10:50 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
    2008-07-23 18:45 . 2008-05-27 10:50 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
    2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Program Files\Team MediaPortal
    2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Team MediaPortal
    2008-07-23 18:14 . 2008-07-23 18:14 0 --a------ I:\WINDOWS\ccwinpay.INI
    2008-07-23 18:08 . 2008-07-23 18:08 <REP> d-------- I:\Program Files\Microsoft WSE
    2008-07-23 18:08 . 2008-08-22 17:13 <REP> d-------- I:\Program Files\Fichiers communs\C-CHANNEL
    2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Program Files\C-CHANNEL
    2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\C-CHANNEL
    2008-07-23 17:41 . 2008-07-23 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\IrfanView
    2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Program Files\VideoLAN
    2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\vlc
    2008-07-23 17:10 . 2008-07-23 17:12 <REP> d-------- I:\WINDOWS\SHELLNEW
    2008-07-23 17:10 . 2008-08-29 07:22 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-23 17:09 . 2008-07-23 17:09 <REP> dr-h----- I:\MSOCache
    2008-07-23 16:19 . 2008-07-23 16:20 <REP> d-------- I:\Program Files\MozBackup
    2008-07-23 16:07 . 2008-07-23 16:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-07-23 16:03 . 2008-07-23 16:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-07-23 16:01 . 2008-07-23 16:01 <REP> d-------- I:\Program Files\My Company Name
    2008-07-23 16:00 . 2008-07-23 16:03 <REP> d-------- I:\WINDOWS\nview

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-23 11:03 --------- d-----w I:\Program Files\Realtek
    2008-07-23 09:37 --------- d-----w I:\Program Files\microsoft frontpage
    2008-07-23 09:35 --------- d-----w I:\Program Files\Services en ligne
    2008-07-23 09:29 --------- d-----w I:\Program Files\Windows Plus
    2008-07-07 20:28 253,952 ----a-w I:\WINDOWS\system32\es.dll
    2008-06-24 16:44 74,240 ----a-w I:\WINDOWS\system32\mscms.dll
    2008-06-20 17:47 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
    2008-05-16 09:58 12,632 ----a-w I:\WINDOWS\system32\lsdelete.exe
    2008-05-09 10:55 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w I:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w I:\WINDOWS\system32\cscript.exe
    2008-05-07 05:11 1,294,336 ------w I:\WINDOWS\system32\quartz.dll
    2006-06-23 06:48 32,768 ----a-r I:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-30_19.33.19.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-30 18:00:31 262,144 ----a-w I:\WINDOWS\system32\config\systemprofile\NtUser.dat
    + 2008-05-09 11:15:51 45,376 ----a-w I:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w I:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-06-27 13:03:55 75,072 ----a-w I:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w I:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="I:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
    "MediaPortal Shell"="I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [2006-09-22 08:57 200704]
    "MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "strapl"="I:\WINDOWS\system32\kfcfsdgj.exe" [2008-08-29 14:13 98304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="I:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
    "SoundMAXPnP"="I:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
    "JMB36X Configure"="I:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
    "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
    "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
    "avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
    "nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 I:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 I:\WINDOWS\system32\nvmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    C-CHANNEL OnlineUpdate.lnk - I:\Program Files\C-CHANNEL\OnlineUpdate\PeOnlineUpdate.exe [2008-07-23 18:08:58 993096]
    PayPen.lnk - I:\Program Files\C-CHANNEL\PayPen\PayPen.exe [2006-08-18 10:16:24 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= I:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "MsgCfgUi"= {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - I:\Program Files\avbjzde\MsgCfgUi.dll [2008-08-29 14:13 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "I:\\Program Files\\Messenger\\msmsgs.exe"=
    "I:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R3 PayPen;PayPen;I:\WINDOWS\system32\Drivers\PayPen.sys [2005-02-16 08:53]
    R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
    S3 pendfu;PenDfu (pendfu.sys);I:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 15:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3180ad7-58a3-11dd-bb0a-806d6172696f}]
    \Shell\AutoRun\command - G:\ASUSACPI.exe

    *Newly Created Service* - CATCHME
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - I:\Documents and Settings\Vincent Villy\Application Data\Mozilla\Firefox\Profiles\e3z9n9p8.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.karloff.ch/wd110awp/wd110awp.exe/connect/EKARLOFF
    FF -: plugin - I:\Program Files\Opera\program\plugins\NPOFF12.DLL
    FF -: plugin - I:\Program Files\Opera\program\plugins\nppl3260.dll
    FF -: plugin - I:\Program Files\Opera\program\plugins\nprpjplug.dll
    FF -: plugin - I:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-31 14:47:37
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-31 14:48:07
    ComboFix-quarantined-files.txt 2008-08-31 12:48:01
    ComboFix2.txt 2008-08-30 17:33:41

    Pre-Run: 38,515,671,040 octets libres
    Post-Run: 38,502,522,880 octets libres

    241 --- E O F --- 2008-08-29 05:22:15
    a b 8 Sécurité
    31 Août 2008 15:11:22

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    I:\WINDOWS\system32\kfcfsdgj.exe
    I:\WINDOWS\system32\yhwfwfsj.exe

    Folder::
    I:\Documents and Settings\All Users\Application Data\ytohqzuh
    I:\Program Files\avbjzde

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "strapl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "MsgCfgUi"=-


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    31 Août 2008 16:02:39

    LE PC n'a pas redemaré Voici le log

    ComboFix 08-08-30.03 - Vincent Villy 2008-08-31 15:57:11.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1573 [GMT 2:00]
    Endroit: I:\Documents and Settings\Vincent Villy\Bureau\ComboFix.exe
    Command switches used :: I:\Documents and Settings\Vincent Villy\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    I:\Documents and Settings\All Users\Application Data\ytohqzuh
    I:\Program Files\avbjzde
    I:\Program Files\avbjzde\MsgCfgUi.dll
    I:\WINDOWS\system32\kfcfsdgj.exe
    I:\WINDOWS\system32\yhwfwfsj.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Program Files\Avira
    2008-08-30 21:04 . 2008-08-30 21:04 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Avira
    2008-08-30 16:56 . 2008-08-30 16:56 <REP> d-------- I:\Program Files\VirtualDub-1.6.18
    2008-08-30 15:45 . 2008-08-30 15:45 <REP> d-------- I:\Program Files\Trend Micro
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Malwarebytes
    2008-08-30 13:03 . 2008-08-30 13:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-30 13:03 . 2008-08-17 15:01 38,472 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-30 13:03 . 2008-08-17 15:01 17,144 --a------ I:\WINDOWS\system32\drivers\mbam.sys
    2008-08-30 12:57 . 2008-08-30 13:02 <REP> d-a------ I:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-30 10:11 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\system32\ZoneLabs
    2008-08-30 10:11 . 2008-08-30 10:11 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-08-30 10:11 . 2004-04-27 04:40 11,264 --a------ I:\WINDOWS\system32\SpOrder.dll
    2008-08-30 10:11 . 2008-08-30 10:13 4,212 ---h----- I:\WINDOWS\system32\zllictbl.dat
    2008-08-30 10:11 . 2008-08-30 20:39 335 --a------ I:\WINDOWS\system32\vsconfig.xml
    2008-08-30 10:10 . 2008-08-30 20:59 <REP> d-------- I:\WINDOWS\Internet Logs
    2008-08-30 09:55 . 2008-08-30 09:55 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Jetico Personal Firewall
    2008-08-29 15:06 . 2008-08-29 15:06 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-08-29 14:13 . 2008-08-29 14:13 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ytefapsl
    2008-08-25 23:30 . 2008-08-31 11:05 <REP> d-------- I:\Program Files\CDisplay
    2008-08-20 17:13 . 2008-08-20 17:13 <REP> d-------- I:\Program Files\SHARP
    2008-08-18 22:07 . 2008-08-18 22:08 <REP> d-------- I:\Documents and Settings\Vincent Villy\Logitech
    2008-08-18 22:06 . 2008-08-18 22:06 <REP> d-------- I:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-08-17 11:31 . 2004-03-29 17:23 90,112 --a------ I:\WINDOWS\unvise32.exe
    2008-08-17 10:43 . 2008-08-17 10:43 <REP> d-------- I:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-17 10:39 . 2008-08-17 10:39 <REP> d-------- I:\Documents and Settings\All Users\Application Data\ALM
    2008-08-17 10:33 . 2008-08-30 17:57 <REP> d-------- I:\Program Files\Bonjour
    2008-08-17 10:30 . 2008-08-17 10:30 <REP> d-------- I:\Program Files\Fichiers communs\Macrovision Shared
    2008-08-14 21:26 . 2008-08-14 21:26 <REP> d-------- I:\Program Files\Yahoo!
    2008-08-14 13:52 . 2008-08-14 13:52 <REP> d-------- I:\Program Files\MSECache
    2008-08-13 22:48 . 2008-05-01 16:36 331,776 -----c--- I:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-11 18:04 . 2008-08-11 18:04 <REP> d-------- I:\Program Files\InfraRecorder
    2008-08-11 18:04 . 2008-08-11 18:24 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\InfraRecorder
    2008-08-05 19:14 . 2008-08-17 08:10 <REP> d-------- I:\Program Files\MediaCoder
    2008-08-04 12:21 . 2008-08-04 16:27 <REP> d-------- I:\Program Files\Gabest
    2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Real Alternative
    2008-08-04 12:09 . 2008-08-04 12:09 <REP> d-------- I:\Program Files\Haali
    2008-08-04 12:08 . 2008-08-04 12:08 <REP> d-------- I:\Program Files\ffdshow
    2008-08-04 12:08 . 2007-01-01 00:00 60,273 --a------ I:\WINDOWS\system32\pthreadGC2.dll
    2008-08-04 12:08 . 2007-12-15 16:11 7,680 --a------ I:\WINDOWS\system32\ff_vfw.dll
    2008-08-04 12:08 . 2007-12-15 16:11 6,144 --a------ I:\WINDOWS\system32\ff_acm.acm
    2008-08-04 12:08 . 2007-01-01 00:00 547 --a------ I:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-08-02 17:04 . 2008-08-08 17:36 <REP> d-------- I:\Program Files\musikCube_1.0
    2008-08-02 17:03 . 2008-08-30 10:36 <REP> d-------- I:\Documents and Settings\Vincent Villy\.musikproject
    2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a------ I:\WINDOWS\system32\kbdjpn.dll
    2008-08-01 07:06 . 2001-08-23 17:47 8,704 --a--c--- I:\WINDOWS\system32\dllcache\kbdjpn.dll
    2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a------ I:\WINDOWS\system32\kbd106.dll
    2008-08-01 07:06 . 2008-04-14 04:31 6,144 --a--c--- I:\WINDOWS\system32\dllcache\kbd106.dll
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr-fr
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\fr
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\system32\bits
    2008-08-01 06:59 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\l2schemas
    2008-08-01 06:58 . 2008-08-01 06:59 <REP> d-------- I:\WINDOWS\ServicePackFiles
    2008-07-31 12:23 . 2008-07-31 12:23 <REP> d-------- I:\Program Files\Exact Audio Copy
    2008-07-31 12:23 . 2008-07-31 13:28 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\AccurateRip
    2008-07-31 12:16 . 2008-07-31 12:16 9,557 --a------ I:\WINDOWS\EAC.CFG
    2008-07-31 11:55 . 2008-07-31 11:55 164,112 --a------ I:\WINDOWS\system32\wnaspi32.dll
    2008-07-27 17:41 . 2008-07-27 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Media Player Classic
    2008-07-27 09:19 . 2008-08-31 14:00 <REP> d-------- I:\Program Files\Mozilla Thunderbird
    2008-07-27 09:19 . 2008-07-27 09:19 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\Thunderbird
    2008-07-26 11:03 . 2008-07-26 11:03 <REP> d--h----- I:\WINDOWS\PIF
    2008-07-26 09:47 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brownie
    2008-07-26 09:46 . 2008-07-26 09:47 <REP> d-------- I:\Program Files\Brother
    2008-07-26 09:46 . 2004-10-12 01:24 188,416 --a------ I:\WINDOWS\system32\Pdrvinst.dll
    2008-07-26 09:46 . 2002-10-31 01:09 81,920 --a------ I:\WINDOWS\system32\BrWebIns.dll
    2008-07-26 09:46 . 2003-07-03 01:08 65,536 --a------ I:\WINDOWS\system32\BRWEBUP.EXE
    2008-07-26 09:46 . 2008-04-13 20:47 25,856 --------- I:\WINDOWS\system32\drivers\usbprint.sys
    2008-07-26 09:46 . 2008-07-26 09:46 425 --a------ I:\WINDOWS\BRWMARK.INI
    2008-07-26 09:46 . 2008-07-26 09:46 34 --a------ I:\WINDOWS\system32\BD2030.DAT
    2008-07-25 15:17 . 2008-08-17 10:41 <REP> d-------- I:\Program Files\Fichiers communs\Adobe
    2008-07-25 13:07 . 2008-07-25 13:07 <REP> d-------- I:\Program Files\CCleaner
    2008-07-25 12:20 . 2008-07-25 12:20 <REP> d-------- I:\Program Files\Lavasoft
    2008-07-25 12:20 . 2008-07-25 12:21 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-25 12:19 . 2008-07-25 12:19 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-25 12:06 . 2007-07-30 19:19 271,224 --a------ I:\WINDOWS\system32\mucltui.dll
    2008-07-25 12:06 . 2007-07-30 19:19 207,736 --a------ I:\WINDOWS\system32\muweb.dll
    2008-07-25 12:06 . 2007-07-30 19:18 30,072 --a------ I:\WINDOWS\system32\mucltui.dll.mui
    2008-07-24 20:32 . 2008-07-24 20:35 1,143 --a------ I:\WINDOWS\mozver.dat
    2008-07-24 17:54 . 2008-07-25 12:57 <REP> d-------- I:\Documents and Settings\All Users\Application Data\part dead amok eggs
    2008-07-24 17:41 . 2008-07-24 17:53 <REP> d-------- I:\Documents and Settings\Vincent Villy\Contacts
    2008-07-24 17:34 . 2008-08-18 22:06 <REP> d----c--- I:\WINDOWS\system32\DRVSTORE
    2008-07-24 17:28 . 2008-07-25 12:56 <REP> d-------- I:\Program Files\Windows Live
    2008-07-24 17:28 . 2008-07-24 17:34 <REP> d--hsc--- I:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-07-24 17:28 . 2008-07-24 17:28 <REP> d-------- I:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-07-24 16:52 . 2008-07-24 16:52 <REP> d---s---- I:\Documents and Settings\Vincent Villy\UserData
    2008-07-24 16:30 . 2008-07-24 16:30 <REP> d-------- I:\Program Files\MSXML 4.0
    2008-07-24 15:23 . 2008-07-24 15:23 <REP> d-------- I:\Program Files\Enregistrer sous
    2008-07-24 14:34 . 2008-07-24 19:11 <REP> dr------- I:\WINDOWS\system32\000 - Icones
    2008-07-24 13:26 . 2008-06-14 19:33 272,768 --------- I:\WINDOWS\system32\drivers\bthport.sys
    2008-07-24 13:26 . 2008-06-14 19:33 272,768 -----c--- I:\WINDOWS\system32\dllcache\bthport.sys
    2008-07-24 13:25 . 2008-05-08 16:02 203,136 -----c--- I:\WINDOWS\system32\dllcache\rmcast.sys
    2008-07-24 13:21 . 2008-07-24 13:21 <REP> d-------- I:\Program Files\RocketDock
    2008-07-23 20:42 . 2003-06-25 16:05 266,360 --a------ I:\WINDOWS\system32\TweakUI.exe
    2008-07-23 20:42 . 2002-06-21 15:09 160,217 --a------ I:\WINDOWS\system32\PowerToysLicense.rtf
    2008-07-23 19:27 . 2008-07-23 19:27 228 --a------ I:\WINDOWS\CCPen200.ini
    2008-07-23 19:25 . 2008-07-23 19:25 <REP> d-------- I:\WINDOWS\system32\URTTEMP
    2008-07-23 19:07 . 2005-02-14 15:27 32,408 --------- I:\WINDOWS\system32\drivers\pendfu.sys
    2008-07-23 18:51 . 2008-07-24 13:59 <REP> d-------- I:\Program Files\uTorrent
    2008-07-23 18:51 . 2008-08-31 15:56 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\uTorrent
    2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Program Files\QuickTime Alternative
    2008-07-23 18:45 . 2008-07-23 18:45 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-07-23 18:45 . 2008-05-27 10:50 90,112 --a------ I:\WINDOWS\system32\QuickTimeVR.qtx
    2008-07-23 18:45 . 2008-05-27 10:50 57,344 --a------ I:\WINDOWS\system32\QuickTime.qts
    2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Program Files\Team MediaPortal
    2008-07-23 18:34 . 2008-07-23 18:34 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Team MediaPortal
    2008-07-23 18:14 . 2008-07-23 18:14 0 --a------ I:\WINDOWS\ccwinpay.INI
    2008-07-23 18:08 . 2008-07-23 18:08 <REP> d-------- I:\Program Files\Microsoft WSE
    2008-07-23 18:08 . 2008-08-22 17:13 <REP> d-------- I:\Program Files\Fichiers communs\C-CHANNEL
    2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Program Files\C-CHANNEL
    2008-07-23 18:08 . 2008-07-23 19:27 <REP> d-------- I:\Documents and Settings\All Users\Application Data\C-CHANNEL
    2008-07-23 17:41 . 2008-07-23 17:41 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\IrfanView
    2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Program Files\VideoLAN
    2008-07-23 17:16 . 2008-07-23 17:16 <REP> d-------- I:\Documents and Settings\Vincent Villy\Application Data\vlc
    2008-07-23 17:10 . 2008-07-23 17:12 <REP> d-------- I:\WINDOWS\SHELLNEW
    2008-07-23 17:10 . 2008-08-29 07:22 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-23 17:09 . 2008-07-23 17:09 <REP> dr-h----- I:\MSOCache
    2008-07-23 16:19 . 2008-07-23 16:20 <REP> d-------- I:\Program Files\MozBackup
    2008-07-23 16:07 . 2008-07-23 16:07 <REP> d-------- I:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-07-23 16:03 . 2008-07-23 16:03 <REP> d-------- I:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-07-23 16:01 . 2008-07-23 16:01 <REP> d-------- I:\Program Files\My Company Name
    2008-07-23 16:00 . 2008-07-23 16:03 <REP> d-------- I:\WINDOWS\nview
    2008-07-23 16:00 . 2006-06-01 11:22 208,896 --a------ I:\WINDOWS\system32\nvudisp.exe
    2008-07-23 16:00 . 2008-08-31 07:29 63,804 --a------ I:\WINDOWS\system32\nvapps.xml
    2008-07-23 16:00 . 2006-06-01 11:22 16,960 --a------ I:\WINDOWS\system32\nvdisp.nvu
    2008-07-23 15:57 . 2006-06-01 19:09 208,896 --a------ I:\WINDOWS\system32\NVUNINST.EXE

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-23 11:03 --------- d-----w I:\Program Files\Realtek
    2008-07-23 09:37 --------- d-----w I:\Program Files\microsoft frontpage
    2008-07-23 09:35 --------- d-----w I:\Program Files\Services en ligne
    2008-07-23 09:29 --------- d-----w I:\Program Files\Windows Plus
    2008-07-07 20:28 253,952 ----a-w I:\WINDOWS\system32\es.dll
    2008-06-24 16:44 74,240 ----a-w I:\WINDOWS\system32\mscms.dll
    2008-06-20 17:47 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
    2008-05-16 09:58 12,632 ----a-w I:\WINDOWS\system32\lsdelete.exe
    2008-05-09 10:55 90,112 ----a-w I:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w I:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w I:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w I:\WINDOWS\system32\scrrun.dll
    2008-05-08 11:24 155,648 ----a-w I:\WINDOWS\system32\wscript.exe
    2008-05-07 09:07 135,168 ----a-w I:\WINDOWS\system32\cscript.exe
    2008-05-07 05:11 1,294,336 ------w I:\WINDOWS\system32\quartz.dll
    2006-06-23 06:48 32,768 ----a-r I:\WINDOWS\inf\UpdateUSB.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-30_19.33.19.28 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-30 18:00:31 262,144 ----a-w I:\WINDOWS\system32\config\systemprofile\NtUser.dat
    + 2008-05-09 11:15:51 45,376 ----a-w I:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w I:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-06-27 13:03:55 75,072 ----a-w I:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w I:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="I:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
    "MediaPortal Shell"="I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe" [2006-09-22 08:57 200704]
    "MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="I:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
    "SoundMAXPnP"="I:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
    "JMB36X Configure"="I:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
    "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
    "Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
    "avgnt"="I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
    "nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 I:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 I:\WINDOWS\system32\nvmctray.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    C-CHANNEL OnlineUpdate.lnk - I:\Program Files\C-CHANNEL\OnlineUpdate\PeOnlineUpdate.exe [2008-07-23 18:08:58 993096]
    PayPen.lnk - I:\Program Files\C-CHANNEL\PayPen\PayPen.exe [2006-08-18 10:16:24 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= I:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ff_acm.acm

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "I:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "I:\\Program Files\\Messenger\\msmsgs.exe"=
    "I:\\Program Files\\uTorrent\\uTorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R3 PayPen;PayPen;I:\WINDOWS\system32\Drivers\PayPen.sys [2005-02-16 08:53]
    R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45]
    S3 pendfu;PenDfu (pendfu.sys);I:\WINDOWS\system32\Drivers\pendfu.sys [2005-02-14 15:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3180ad7-58a3-11dd-bb0a-806d6172696f}]
    \Shell\AutoRun\command - G:\ASUSACPI.exe

    *Newly Created Service* - CATCHME
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-31 15:57:56
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-31 15:58:23
    ComboFix-quarantined-files.txt 2008-08-31 13:58:15
    ComboFix2.txt 2008-08-31 12:48:07
    ComboFix3.txt 2008-08-30 17:33:41

    Pre-Run: 38,492,454,912 octets libres
    Post-Run: 38,480,867,328 octets libres

    233 --- E O F --- 2008-08-29 05:22:15
    a b 8 Sécurité
    31 Août 2008 21:55:35

    Reposte un rapport Hijackthis.
    31 Août 2008 23:17:27

    Je crois que les trojan on disparu car depuis la derniere manip que tu m'as fait faire je n'ai pas eu de fenetre s'ouvrant disant que y avait un trojan patati patata .........

    mais bon j'ai encore un doute Voici mon log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:13:48, on 31.08.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    I:\WINDOWS\Explorer.EXE
    I:\Program Files\Analog Devices\Core\smax4pnp.exe
    I:\WINDOWS\system32\RunDLL32.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    I:\Program Files\RocketDock\RocketDock.exe
    I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    I:\Program Files\C-CHANNEL\PayPen\PayPen.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenOCR.exe
    I:\Program Files\C-CHANNEL\PayPen\CPenDesk.exe
    I:\WINDOWS\system32\spoolsv.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    I:\WINDOWS\ATKKBService.exe
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\system32\dllhost.exe
    I:\Program Files\Windows Live\Messenger\usnsvc.exe
    I:\Program Files\Opera\opera.exe
    I:\Program Files\uTorrent\uTorrent.exe
    I:\WINDOWS\eHome\ehRecvr.exe
    I:\WINDOWS\eHome\ehSched.exe
    I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [JMB36X Configure] I:\WINDOWS\system32\JMRaidTool.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [RocketDock] "I:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [MediaPortal Shell] I:\Program Files\Team MediaPortal\MediaPortal\mptray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: C-CHANNEL OnlineUpdate.lnk = ?
    O4 - Global Startup: PayPen.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - I:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - I:\Program Files\Bonjour\mDNSResponder.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5546 bytes
    a b 8 Sécurité
    1 Septembre 2008 13:02:25

    Tu as encore des soucis ?
    1 Septembre 2008 16:16:22

    non ca a disparu

    merci beaucoup
    1 Septembre 2008 16:28:17

    encore une question
    par rappport a opera aurait tu des conseils pour la securité ????

    encore merci
    a b 8 Sécurité
    1 Septembre 2008 16:56:01

    Nan, je ne connais pas grand chose sur Opera :/ 
    1 Septembre 2008 17:16:01

    ok merci Je met resolu ???
    a b 8 Sécurité
    1 Septembre 2008 17:17:41

    Ouaip ;) 
    1 Septembre 2008 17:38:59

    ok merci Je met resolu ???
    a b 8 Sécurité
    1 Septembre 2008 17:55:43

    Bah oui je t'ai répondu.
    6 Septembre 2008 03:13:03

    j'ai le même problème je me suis débarrassé du fichier trojan-downloader.win32.agent.bq mais me reste ce pop up pour aller acheter en ligne de quoi se désinfecter.
    Que dois je faire pour stopper cela ? La même chose ?

    d'avance merci !
    a b 8 Sécurité
    6 Septembre 2008 12:15:16

    Chacun son sujet.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS