Se connecter / S'enregistrer
Votre question

Avis pour rapport Hjackthis (RESOLU)

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
26 Août 2008 21:57:38

Bonsoir,

Suite à une infection par : trojan-gen other et autres et après avoir exécuter ccleaner, avg et bidefender, quelqu'un peut-il me donner son avis sur le rapport HJ suivant :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:18, on 26/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system32\dwwnw64r.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\system32\mcntktdl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.0.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: radbanner browser enhancer - {749e1af1-92d9-8ea8-446f-32d6907e23f7} - C:\WINDOWS\system32\tkpnugjshmogw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)
O2 - BHO: mysidesearch search enhancer - {ca251543-dc53-6cd4-48ea-f7ae76d03075} - C:\WINDOWS\system32\sivlhitrpfe.dll
O2 - BHO: agadoo browser optimizer - {f6f66722-d894-638b-f832-b2b751fbae22} - C:\WINDOWS\system32\pqjkqirhaodwaebi.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{45-5F-FC-C4-DW}] C:\windows\system32\dwwnw64r.exe DWram03FF
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{2820bc19-9d45-0af2-652f-c719b89da33d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\tkpnugjshmogw.dll" DllStart
O4 - HKLM\..\Run: [{e9b3a022-c457-c875-cc45-1087b14d15fb}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\pqjkqirhaodwaebi.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\mcntktdl.exe DWram03FF
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\mcntktdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 11199 bytes :love: 

Autres pages sur : avis rapport hjackthis resolu

26 Août 2008 22:48:52

bonsoir
il en reste... beaucoup :) 

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM


    27 Août 2008 09:48:05

    Bonjour Sam,

    Réponse un peu tardive mais j'ai fait une pose hier... pour mieux repartir auj.

    J'ai entre temps fait qqs manip avec d'autres utilitaires antivir/bidef/avg...

    Je peux te faire un rapport HJ ce midi ( au taf en ce moment) pour avis et j'attends ta réponse avant de lancer malwarebytes ?

    Merci



    Contenus similaires
    27 Août 2008 14:03:00

    Comme convenu voici le rapport sans analyse de malwarebytes.
    PS :la ligne 04 en rouge est, je pense, suspect ce programme se met dans démarrage et est signalé par avg...

    En te remerciant...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:59:32, on 27/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\windows\system32\rownw64j.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.0.1:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)
    O2 - BHO: mysidesearch search enhancer - {ca251543-dc53-6cd4-48ea-f7ae76d03075} - C:\WINDOWS\system32\sivlhitrpfe.dll
    O2 - BHO: (no name) - {f6f66722-d894-638b-f832-b2b751fbae22} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
    O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [{45-5F-FC-C4-DW}] C:\windows\system32\rownw64j.exe DWram03FF
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rownw64j.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

    --
    End of file - 11385 bytes
    27 Août 2008 22:01:17

    Bonsoir, comme convenu ci-joint rapports, malwarebytes et HJ
    En vous remerciant et bonne maintenance...

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1089
    Windows 5.1.2600 Service Pack 3

    21:56:31 27/08/2008
    mbam-log-08-27-2008 (21-56-31).txt

    Type de recherche: Examen complet (C:\|F:\|H:\|)
    Eléments examinés: 140681
    Temps écoulé: 34 minute(s), 11 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 6

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca251543-dc53-6cd4-48ea-f7ae76d03075} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ca251543-dc53-6cd4-48ea-f7ae76d03075} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sivlhitrpfe.dll (Adware.BHO) -> Quarantined and deleted successfully.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:57:48, on 27/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.0.1:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {ADECBED6-0366-4377-A739-E69DFBA04663} - (no file)
    O2 - BHO: (no name) - {f6f66722-d894-638b-f832-b2b751fbae22} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
    O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [{45-5F-FC-C4-DW}] C:\WINDOWS\system32\rownw64j.exe DWram03FF
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rownw64j.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

    --
    End of file - 9678 bytes
    28 Août 2008 21:23:06

    bonsoir

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    28 Août 2008 22:09:28

    Hi Sam, content de te revoir !

    Voici les rapports :

    ComboFix 08-08-28.03 - t 2008-08-28 22:01:20.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.570 [GMT 2:00]
    Endroit: C:\Documents and Settings\t\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Nathalie\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\Documents and Settings\Simon\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\Documents and Settings\t\Application Data\inst.exe
    C:\Documents and Settings\t\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    C:\Program Files\outlook
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\bszip.dll
    C:\WINDOWS\system32\dwwnw64r.exe
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\rownw64j.exe
    C:\WINDOWS\system32\rownw64r.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-28 19:20 . 2008-08-28 19:23 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-08-28 19:20 . 2008-08-28 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-28 00:31 . 2008-08-28 00:33 <REP> d-------- C:\Program Files\NMapWin
    2008-08-27 20:32 . 2008-08-27 20:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-27 20:32 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-27 20:32 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-27 17:49 . 2008-08-27 17:52 <REP> d-------- C:\Program Files\RegCleaner
    2008-08-27 00:54 . 2008-08-28 21:57 <REP> d--h----- C:\$AVG8.VAULT$
    2008-08-27 00:42 . 2008-08-28 18:37 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-08-27 00:42 . 2008-08-27 00:58 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-27 00:42 . 2008-08-27 00:58 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-08-27 00:42 . 2008-08-27 00:58 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-08-27 00:42 . 2008-08-27 00:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-08-27 00:41 . 2008-08-27 00:41 <REP> d-------- C:\Program Files\AVG
    2008-08-27 00:41 . 2008-08-27 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-27 00:41 . 2008-08-27 00:58 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
    2008-08-27 00:41 . 2008-08-27 00:58 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
    2008-08-26 23:33 . 2008-08-26 23:33 <REP> d-------- C:\Program Files\Softwin
    2008-08-26 23:16 . 2008-08-26 23:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-08-26 23:10 . 2008-08-26 23:33 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-08-26 22:07 . 2008-08-26 22:07 <REP> d-------- C:\Documents and Settings\t\Application Data\Malwarebytes
    2008-08-26 22:07 . 2008-08-26 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-26 20:52 . 2008-08-26 21:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-08-26 19:15 . 2008-08-26 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-26 18:49 . 2008-08-26 18:49 153,404 --a------ C:\WINDOWS\system32\g95.exe
    2008-08-26 18:19 . 2008-08-26 18:19 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-26 14:24 . 2008-08-27 20:33 90,921 --a------ C:\WINDOWS\system32\sivlhitrpfe.dll-uninst.exe
    2008-08-25 21:02 . 2008-08-25 21:02 153,425 --a------ C:\WINDOWS\system32\g14.exe
    2008-08-25 21:02 . 2008-08-28 09:43 64,859 --a------ C:\WINDOWS\system32\cnxjzfyvoihwtsu.exe
    2008-08-25 20:57 . 2008-08-25 20:57 <REP> d-------- C:\WINDOWS\system32\si
    2008-08-25 20:57 . 2008-08-25 20:57 <REP> d-------- C:\WINDOWS\system32\pm3
    2008-08-25 20:57 . 2008-08-26 20:45 <REP> d-------- C:\WINDOWS\system32\it1
    2008-08-25 20:57 . 2008-08-26 21:29 <REP> d-------- C:\WINDOWS\system32\eMaxt02
    2008-08-25 20:57 . 2008-08-25 20:57 <REP> d-------- C:\temp\bbc2
    2008-08-25 20:57 . 2008-08-25 20:57 64,896 --a------ C:\WINDOWS\system32\crnoirxtbjctjzv.exe
    2008-08-25 20:56 . 2008-08-27 18:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-25 20:50 . 2008-08-25 20:50 <REP> d-------- C:\Documents and Settings\Philippe\LimeWire
    2008-08-25 20:49 . 2008-08-25 20:57 <REP> d-------- C:\Documents and Settings\t\Application Data\LimeWire
    2008-08-25 00:04 . 2008-08-25 00:04 <REP> d-------- C:\Documents and Settings\Philippe\Updater5
    2008-08-24 20:37 . 2008-08-24 20:37 <REP> d-------- C:\NP
    2008-08-24 20:28 . 2008-08-24 20:28 <REP> d-------- C:\Program Files\PowerQuest
    2008-08-24 18:38 . 2008-07-25 15:51 13,576 --a------ C:\WINDOWS\system32\wnaspi32.dll
    2008-08-24 15:52 . 2007-04-27 17:54 40,960 --a------ C:\WINDOWS\exitwx.exe
    2008-08-24 15:46 . 2008-08-24 15:46 80,750,592 -r-h----- C:\WINDOWS\dcdisk0_0
    2008-08-24 15:46 . 2008-08-24 15:46 4,204,544 -r-h----- C:\WINDOWS\dclog.bin
    2008-08-24 15:46 . 2008-08-24 15:46 0 --a------ C:\WINDOWS\dclock.dc
    2008-08-24 15:07 . 2008-08-24 15:10 <REP> d-------- C:\Program Files\Runtime Software
    2008-08-23 22:42 . 2008-08-23 22:42 15,397 --a------ C:\Program Files\settings.dat
    2008-08-23 22:35 . 2008-08-23 22:35 <REP> d-------- C:\Documents and Settings\Philippe\AdobeStockPhotos
    2008-08-23 22:35 . 2008-08-23 22:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-21 23:15 . 2008-08-21 23:15 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Tor
    2008-08-21 23:00 . 2008-08-21 23:00 43,276 --a------ C:\plist.dat
    2008-08-21 22:52 . 2000-09-29 18:00 8,784 --a------ C:\WINDOWS\F_France.gpl
    2008-08-21 01:03 . 2008-08-21 01:03 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Windows Desktop Search
    2008-08-21 01:02 . 2008-08-21 01:17 <REP> d-------- C:\Program Files\Windows Desktop Search
    2008-08-21 00:58 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-08-21 00:26 . 2008-08-25 21:22 <REP> d-------- C:\Documents and Settings\Simon\Contacts
    2008-08-21 00:01 . 2008-08-21 00:01 0 --a------ C:\WINDOWS\system32\FOXIT_PDF
    2008-08-20 23:46 . 2008-08-20 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-08-20 23:41 . 2008-08-25 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-08-20 23:39 . 2008-08-25 22:27 <REP> d-------- C:\Documents and Settings\t\Mes documents
    2008-08-20 23:37 . 2008-08-23 23:22 <REP> d-------- C:\Program Files\NOS
    2008-08-20 23:37 . 2008-08-23 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-08-20 23:00 . 2008-08-20 23:00 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
    2008-08-20 22:58 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\dopdf6.ctm
    2008-08-19 16:47 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-08-19 16:47 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-08-19 02:38 . 2008-08-26 01:25 <REP> d-------- C:\Documents and Settings\Simon\Application Data\LimeWire
    2008-08-18 22:01 . 2008-08-18 22:11 <REP> d-------- C:\Program Files\Windows Live
    2008-08-18 19:14 . 2008-08-18 19:14 <REP> d-------- C:\Program Files\iPod
    2008-08-07 19:59 . 2008-08-07 19:59 <REP> d-------- C:\Program Files\Inventel

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-28 17:15 --------- d-----w C:\Documents and Settings\t\Application Data\OpenOffice.org2
    2008-08-27 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-26 16:40 --------- d-----w C:\Program Files\CCleaner
    2008-08-24 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-21 20:56 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-08-18 23:16 --------- d-----w C:\Program Files\Uplink
    2008-08-18 20:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-18 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-18 17:21 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-18 17:14 --------- d-----w C:\Program Files\iTunes
    2008-08-18 17:13 --------- d-----w C:\Program Files\QuickTime
    2008-07-21 22:00 --------- d-----w C:\Program Files\Windows Privacy Tools
    2008-07-21 21:09 --------- d-----w C:\Documents and Settings\Simon\Application Data\GnuPG
    2008-07-21 20:40 --------- d-----w C:\Program Files\S2SaTstrat
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-08 20:18 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-07-08 18:58 --------- d-----w C:\Documents and Settings\Simon\Application Data\Allume Systems
    2008-07-08 11:40 --------- d-----w C:\Program Files\FLV Player
    2008-07-08 11:34 --------- d-----w C:\Program Files\Smart Projects
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-06 22:07 --------- d-----w C:\Program Files\@stake
    2008-07-06 21:32 13,192 ----a-w C:\WINDOWS\system32\drivers\ndis3pkt.sys
    2008-07-05 22:54 --------- d-----w C:\Program Files\Yahoo!
    2008-07-05 22:38 --------- d-----w C:\Documents and Settings\Simon\Application Data\mIRC
    2008-07-05 21:28 --------- d-----w C:\Documents and Settings\Simon\Application Data\.wyzo
    2008-07-04 22:40 --------- d-----w C:\Program Files\xchat
    2008-07-04 22:40 --------- d-----w C:\Documents and Settings\Simon\Application Data\X-Chat 2
    2008-07-02 20:13 --------- d-----w C:\Program Files\Acunetix
    2008-07-01 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-01 07:13 68,224 ----a-w C:\WINDOWS\system32\WanPacket.dll
    2008-06-01 07:13 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll
    2008-06-01 07:13 240,248 ----a-w C:\WINDOWS\system32\wpcap.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-23 18:00 47,360 ----a-w C:\Documents and Settings\t\Application Data\pcouffin.sys
    2008-02-02 18:45 22 ----a-w C:\Documents and Settings\Simon\zipnew.dat
    2008-02-02 18:45 20 ----a-w C:\Documents and Settings\Simon\rarnew.dat
    2007-09-20 17:35 99,840 ----a-w C:\Documents and Settings\Simon\Uninstall.exe
    2007-09-20 17:34 936,960 ----a-w C:\Documents and Settings\Simon\WinRAR.exe
    2007-09-20 17:34 317,952 ----a-w C:\Documents and Settings\Simon\Rar.exe
    2007-09-20 17:34 203,776 ----a-w C:\Documents and Settings\Simon\UnRAR.exe
    2007-09-20 17:34 129,024 ----a-w C:\Documents and Settings\Simon\RarExt.dll
    2006-12-23 16:37 44,032 ----a-w C:\Documents and Settings\Simon\RarExtLoader.exe
    2006-12-11 01:14 43,008 ----a-w C:\Documents and Settings\Simon\RarExt64.dll
    2005-01-26 11:55 1,703,936 ----a-r C:\Documents and Settings\Simon\GdiPlus.dll
    2005-01-26 11:54 499,712 ----a-r C:\Documents and Settings\Simon\msvcp71.dll
    2005-01-26 11:54 348,160 ----a-r C:\Documents and Settings\Simon\msvcr71.dll
    2001-08-23 15:47 92,672 ----a-w C:\Documents and Settings\Simon\oeimprt.dll
    2001-08-23 15:47 24,576 ----a-w C:\Documents and Settings\Simon\_perfos.dll
    1998-07-12 22:00 82,944 ----a-w C:\Documents and Settings\VB98\ADDSCCFR.DLL
    1998-07-12 22:00 802,816 ----a-w C:\Documents and Settings\VB98\VISDATA.EXE
    1998-07-12 22:00 540,672 ----a-w C:\Documents and Settings\VB98\DATAVIEW.DLL
    1998-07-12 22:00 33,040 ----a-w C:\Documents and Settings\VB98\REPVBRC.DLL
    1998-07-12 22:00 1,127,184 ----a-w C:\Documents and Settings\VB98\VB6IDE.DLL
    1998-06-25 22:00 462,901 ----a-w C:\Documents and Settings\VB98\LINK.EXE
    1998-06-24 22:00 1,880,064 ----a-w C:\Documents and Settings\VB98\VB6.EXE
    1998-06-19 22:00 1,701,648 ----a-w C:\Documents and Settings\VB98\VBA6.DLL
    1998-06-17 22:00 81,979 ----a-w C:\Documents and Settings\VB98\CVPACK.EXE
    1998-06-17 22:00 31,504 ----a-w C:\Documents and Settings\VB98\VB6DEBUG.DLL
    1998-06-16 22:00 667,648 ----a-w C:\Documents and Settings\VB98\C2.EXE
    1998-06-16 22:00 180,276 ----a-w C:\Documents and Settings\VB98\MSPDB60.DLL
    1998-06-12 22:00 286,480 ----a-w C:\Documents and Settings\VB98\REPVB.DLL
    1998-06-10 22:00 22,800 ----a-w C:\Documents and Settings\VB98\REPVBTIM.DLL
    1998-05-21 22:00 77,312 ----a-w C:\Documents and Settings\VB98\ADDSCCUS.DLL
    1998-05-21 22:00 277,504 ----a-w C:\Documents and Settings\VB98\VBSCC.DLL
    1998-05-06 22:00 159,798 ----a-w C:\Documents and Settings\VB98\MSDIS110.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
    "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-03-15 08:44 163840]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-05-22 06:20 122940]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 11:46 196608]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088]
    "DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 15:25 393944]
    "DLUPDR"="C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 00:38 140184]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-27 00:58 1235736]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 12:00 15360]

    C:\Documents and Settings\t\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^t^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
    path=C:\Documents and Settings\t\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
    backup=C:\WINDOWS\pss\DW_Start.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Simon\\Tools\\APE\\AEMANAGR.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Valve Lan\\hl.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Documents and Settings\\VB98\\VB6.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\Simon\\Mes documents\\Informatique\\Tor\\tor.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
    "LogSuccessfulConnections"= 0 (0x0)
    "LogDroppedPackets"= 0 (0x0)
    "LogFileSize"= 0 (0x0)
    "LogFilePath"=

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-27 00:58]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-27 00:58]
    R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-09-23 22:45]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 00:58]
    R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-27 00:58]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 00:58]
    R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 16:52]
    R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 15:22]
    R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-27 00:58]
    S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-27 00:58]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-05-25 20:20]
    S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 15:06]
    S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 11:43]
    S3 NDIS3Pkt;NDIS 3.0 Packet Driver;C:\WINDOWS\system32\drivers\ndis3pkt.sys [2008-07-06 23:32]
    S3 packet_2.1;Packet Driver v2.1;C:\WINDOWS\system32\drivers\packet.sys [2001-03-20 08:40]
    S3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys []

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-{45-5F-FC-C4-DW} - c:\windows\system32\rownw64j.exe
    HKU-Default-Run-SSS6_Suite - C:\Program Files\Steganos Security Suite 6\sss.exe
    HKU-Default-Run-SSS6_SAFE - C:\Program Files\Steganos Security Suite 6\safe.exe
    HKU-Default-Run-SSS6_SPM - C:\Program Files\Steganos Security Suite 6\spm.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\t\Application Data\Mozilla\Firefox\Profiles\9fg5fbzk.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://orange.fr
    FF -: plugin - C:\Documents and Settings\Simon\Mes documents\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-28 22:04:18
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    C:\DOCUME~1\t\LOCALS~1\Temp\RGI6E.tmp

    Scan terminé avec succès
    Les fichiers cachés: 1

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-28 22:05:26
    ComboFix-quarantined-files.txt 2008-08-28 20:05:22

    Pre-Run: 68,388,700,160 octets libres
    Post-Run: 68,413,497,344 octets libres

    298 --- E O F --- 2008-08-27 12:09:38


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:07:25, on 28/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.0.1:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
    O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

    --
    End of file - 10564 bytes


    29 Août 2008 22:01:42

    bonsoir

    Copie (Ctrl+C) le texte ci-dessous :
    File::
    C:\WINDOWS\system32\g14.exe
    C:\WINDOWS\system32\cnxjzfyvoihwtsu.exe
    C:\WINDOWS\system32\crnoirxtbjctjzv.exe
    C:\DOCUME~1\t\LOCALS~1\Temp\RGI6E.tmp

    Folder::
    C:\WINDOWS\system32\si
    C:\WINDOWS\system32\pm3
    C:\WINDOWS\system32\it1
    C:\WINDOWS\system32\eMaxt02
    C:\temp\bbc2



    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt



    ++++++++++++++++


    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\g95.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    29 Août 2008 22:39:01

    Bonsoir Sham,

    Je ne trouve pas le fichier demandé après recherche manuel et par Windows. Pour info je n'ai pas de fichier système32, mais système et twain_32.

    Voici le rapport combo :

    ComboFix 08-08-28.03 - t 2008-08-29 22:20:38.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.627 [GMT 2:00]
    Endroit: C:\Documents and Settings\t\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\t\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\DOCUME~1\t\LOCALS~1\Temp\RGI6E.tmp
    C:\WINDOWS\system32\cnxjzfyvoihwtsu.exe
    C:\WINDOWS\system32\crnoirxtbjctjzv.exe
    C:\WINDOWS\system32\g14.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\temp\bbc2
    C:\temp\bbc2\i5dB.log
    C:\WINDOWS\system32\cnxjzfyvoihwtsu.exe
    C:\WINDOWS\system32\crnoirxtbjctjzv.exe
    C:\WINDOWS\system32\eMaxt02
    C:\WINDOWS\system32\it1
    C:\WINDOWS\system32\pm3
    C:\WINDOWS\system32\pm3\kgrem084.exe
    C:\WINDOWS\system32\si
    C:\WINDOWS\system32\si\COz34d11.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-29 22:08 . 2008-08-29 22:08 <REP> d-------- C:\Program Files\ma-config.com
    2008-08-29 22:08 . 2008-08-29 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-08-28 19:20 . 2008-08-28 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-28 00:31 . 2008-08-28 00:33 <REP> d-------- C:\Program Files\NMapWin
    2008-08-27 17:49 . 2008-08-27 17:52 <REP> d-------- C:\Program Files\RegCleaner
    2008-08-27 00:54 . 2008-08-29 19:31 <REP> d--h----- C:\$AVG8.VAULT$
    2008-08-27 00:42 . 2008-08-29 13:01 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-08-27 00:42 . 2008-08-27 00:58 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-27 00:42 . 2008-08-27 00:58 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-08-27 00:42 . 2008-08-27 00:58 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-08-27 00:42 . 2008-08-27 00:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-08-27 00:41 . 2008-08-27 00:41 <REP> d-------- C:\Program Files\AVG
    2008-08-27 00:41 . 2008-08-27 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-27 00:41 . 2008-08-27 00:58 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
    2008-08-27 00:41 . 2008-08-27 00:58 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
    2008-08-26 23:16 . 2008-08-26 23:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-08-26 23:10 . 2008-08-26 23:33 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-08-26 22:07 . 2008-08-26 22:07 <REP> d-------- C:\Documents and Settings\t\Application Data\Malwarebytes
    2008-08-26 22:07 . 2008-08-26 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-26 20:52 . 2008-08-26 21:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-08-26 19:15 . 2008-08-26 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-26 18:19 . 2008-08-26 18:19 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-26 14:24 . 2008-08-27 20:33 90,921 --a------ C:\WINDOWS\system32\sivlhitrpfe.dll-uninst.exe
    2008-08-25 20:56 . 2008-08-27 18:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-25 20:50 . 2008-08-25 20:50 <REP> d-------- C:\Documents and Settings\Philippe\LimeWire
    2008-08-25 20:49 . 2008-08-25 20:57 <REP> d-------- C:\Documents and Settings\t\Application Data\LimeWire
    2008-08-25 00:04 . 2008-08-25 00:04 <REP> d-------- C:\Documents and Settings\Philippe\Updater5
    2008-08-24 20:37 . 2008-08-24 20:37 <REP> d-------- C:\NP
    2008-08-24 20:28 . 2008-08-24 20:28 <REP> d-------- C:\Program Files\PowerQuest
    2008-08-24 18:38 . 2008-07-25 15:51 13,576 --a------ C:\WINDOWS\system32\wnaspi32.dll
    2008-08-24 15:52 . 2007-04-27 17:54 40,960 --a------ C:\WINDOWS\exitwx.exe
    2008-08-24 15:46 . 2008-08-24 15:46 80,750,592 -r-h----- C:\WINDOWS\dcdisk0_0
    2008-08-24 15:46 . 2008-08-24 15:46 4,204,544 -r-h----- C:\WINDOWS\dclog.bin
    2008-08-24 15:46 . 2008-08-24 15:46 0 --a------ C:\WINDOWS\dclock.dc
    2008-08-24 15:07 . 2008-08-24 15:10 <REP> d-------- C:\Program Files\Runtime Software
    2008-08-23 22:42 . 2008-08-23 22:42 15,397 --a------ C:\Program Files\settings.dat
    2008-08-23 22:35 . 2008-08-23 22:35 <REP> d-------- C:\Documents and Settings\Philippe\AdobeStockPhotos
    2008-08-23 22:35 . 2008-08-23 22:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-21 23:15 . 2008-08-21 23:15 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Tor
    2008-08-21 23:00 . 2008-08-21 23:00 43,276 --a------ C:\plist.dat
    2008-08-21 22:52 . 2000-09-29 18:00 8,784 --a------ C:\WINDOWS\F_France.gpl
    2008-08-21 01:03 . 2008-08-21 01:03 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Windows Desktop Search
    2008-08-21 01:02 . 2008-08-21 01:17 <REP> d-------- C:\Program Files\Windows Desktop Search
    2008-08-21 00:58 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-08-21 00:26 . 2008-08-25 21:22 <REP> d-------- C:\Documents and Settings\Simon\Contacts
    2008-08-21 00:01 . 2008-08-21 00:01 0 --a------ C:\WINDOWS\system32\FOXIT_PDF
    2008-08-20 23:46 . 2008-08-20 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-08-20 23:41 . 2008-08-25 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-08-20 23:39 . 2008-08-25 22:27 <REP> d-------- C:\Documents and Settings\t\Mes documents
    2008-08-20 23:37 . 2008-08-23 23:22 <REP> d-------- C:\Program Files\NOS
    2008-08-20 23:37 . 2008-08-23 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-08-20 23:00 . 2008-08-20 23:00 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
    2008-08-20 22:58 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\dopdf6.ctm
    2008-08-19 16:47 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-08-19 16:47 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-08-19 02:38 . 2008-08-29 14:27 <REP> d-------- C:\Documents and Settings\Simon\Application Data\LimeWire
    2008-08-18 22:01 . 2008-08-18 22:11 <REP> d-------- C:\Program Files\Windows Live
    2008-08-18 19:14 . 2008-08-18 19:14 <REP> d-------- C:\Program Files\iPod
    2008-08-07 19:59 . 2008-08-07 19:59 <REP> d-------- C:\Program Files\Inventel

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-28 20:23 --------- d-----w C:\Documents and Settings\t\Application Data\OpenOffice.org2
    2008-08-27 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-26 16:40 --------- d-----w C:\Program Files\CCleaner
    2008-08-24 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-21 20:56 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-08-18 23:16 --------- d-----w C:\Program Files\Uplink
    2008-08-18 20:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-18 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-18 17:21 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-18 17:14 --------- d-----w C:\Program Files\iTunes
    2008-08-18 17:13 --------- d-----w C:\Program Files\QuickTime
    2008-07-21 22:00 --------- d-----w C:\Program Files\Windows Privacy Tools
    2008-07-21 21:09 --------- d-----w C:\Documents and Settings\Simon\Application Data\GnuPG
    2008-07-21 20:40 --------- d-----w C:\Program Files\S2SaTstrat
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-08 20:18 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-07-08 18:58 --------- d-----w C:\Documents and Settings\Simon\Application Data\Allume Systems
    2008-07-08 11:40 --------- d-----w C:\Program Files\FLV Player
    2008-07-08 11:34 --------- d-----w C:\Program Files\Smart Projects
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-06 22:07 --------- d-----w C:\Program Files\@stake
    2008-07-06 21:32 13,192 ----a-w C:\WINDOWS\system32\drivers\ndis3pkt.sys
    2008-07-05 22:54 --------- d-----w C:\Program Files\Yahoo!
    2008-07-05 22:38 --------- d-----w C:\Documents and Settings\Simon\Application Data\mIRC
    2008-07-05 21:28 --------- d-----w C:\Documents and Settings\Simon\Application Data\.wyzo
    2008-07-04 22:40 --------- d-----w C:\Program Files\xchat
    2008-07-04 22:40 --------- d-----w C:\Documents and Settings\Simon\Application Data\X-Chat 2
    2008-07-02 20:13 --------- d-----w C:\Program Files\Acunetix
    2008-07-01 11:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-01 07:13 68,224 ----a-w C:\WINDOWS\system32\WanPacket.dll
    2008-06-01 07:13 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll
    2008-06-01 07:13 240,248 ----a-w C:\WINDOWS\system32\wpcap.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-23 18:00 47,360 ----a-w C:\Documents and Settings\t\Application Data\pcouffin.sys
    2008-02-02 18:45 22 ----a-w C:\Documents and Settings\Simon\zipnew.dat
    2008-02-02 18:45 20 ----a-w C:\Documents and Settings\Simon\rarnew.dat
    2007-09-20 17:35 99,840 ----a-w C:\Documents and Settings\Simon\Uninstall.exe
    2007-09-20 17:34 936,960 ----a-w C:\Documents and Settings\Simon\WinRAR.exe
    2007-09-20 17:34 317,952 ----a-w C:\Documents and Settings\Simon\Rar.exe
    2007-09-20 17:34 203,776 ----a-w C:\Documents and Settings\Simon\UnRAR.exe
    2007-09-20 17:34 129,024 ----a-w C:\Documents and Settings\Simon\RarExt.dll
    2006-12-23 16:37 44,032 ----a-w C:\Documents and Settings\Simon\RarExtLoader.exe
    2006-12-11 01:14 43,008 ----a-w C:\Documents and Settings\Simon\RarExt64.dll
    2005-01-26 11:55 1,703,936 ----a-r C:\Documents and Settings\Simon\GdiPlus.dll
    2005-01-26 11:54 499,712 ----a-r C:\Documents and Settings\Simon\msvcp71.dll
    2005-01-26 11:54 348,160 ----a-r C:\Documents and Settings\Simon\msvcr71.dll
    2001-08-23 15:47 92,672 ----a-w C:\Documents and Settings\Simon\oeimprt.dll
    2001-08-23 15:47 24,576 ----a-w C:\Documents and Settings\Simon\_perfos.dll
    1998-07-12 22:00 82,944 ----a-w C:\Documents and Settings\VB98\ADDSCCFR.DLL
    1998-07-12 22:00 802,816 ----a-w C:\Documents and Settings\VB98\VISDATA.EXE
    1998-07-12 22:00 540,672 ----a-w C:\Documents and Settings\VB98\DATAVIEW.DLL
    1998-07-12 22:00 33,040 ----a-w C:\Documents and Settings\VB98\REPVBRC.DLL
    1998-07-12 22:00 1,127,184 ----a-w C:\Documents and Settings\VB98\VB6IDE.DLL
    1998-06-25 22:00 462,901 ----a-w C:\Documents and Settings\VB98\LINK.EXE
    1998-06-24 22:00 1,880,064 ----a-w C:\Documents and Settings\VB98\VB6.EXE
    1998-06-19 22:00 1,701,648 ----a-w C:\Documents and Settings\VB98\VBA6.DLL
    1998-06-17 22:00 81,979 ----a-w C:\Documents and Settings\VB98\CVPACK.EXE
    1998-06-17 22:00 31,504 ----a-w C:\Documents and Settings\VB98\VB6DEBUG.DLL
    1998-06-16 22:00 667,648 ----a-w C:\Documents and Settings\VB98\C2.EXE
    1998-06-16 22:00 180,276 ----a-w C:\Documents and Settings\VB98\MSPDB60.DLL
    1998-06-12 22:00 286,480 ----a-w C:\Documents and Settings\VB98\REPVB.DLL
    1998-06-10 22:00 22,800 ----a-w C:\Documents and Settings\VB98\REPVBTIM.DLL
    1998-05-21 22:00 77,312 ----a-w C:\Documents and Settings\VB98\ADDSCCUS.DLL
    1998-05-21 22:00 277,504 ----a-w C:\Documents and Settings\VB98\VBSCC.DLL
    1998-05-06 22:00 159,798 ----a-w C:\Documents and Settings\VB98\MSDIS110.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
    "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-03-15 08:44 163840]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-05-22 06:20 122940]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 11:46 196608]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088]
    "DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 15:25 393944]
    "DLUPDR"="C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 00:38 140184]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-27 00:58 1235736]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 12:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Simon\\Tools\\APE\\AEMANAGR.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Valve Lan\\hl.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Documents and Settings\\VB98\\VB6.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\Simon\\Mes documents\\Informatique\\Tor\\tor.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "C:\\Documents and Settings\\Simon\\Mes documents\\Limewire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
    "LogSuccessfulConnections"= 0 (0x0)
    "LogDroppedPackets"= 0 (0x0)
    "LogFileSize"= 0 (0x0)
    "LogFilePath"=

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-27 00:58]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-27 00:58]
    R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-09-23 22:45]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 00:58]
    R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-27 00:58]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 00:58]
    R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 16:52]
    R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 15:22]
    R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-27 00:58]
    S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-27 00:58]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-05-25 20:20]
    S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 15:06]
    S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 11:43]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]
    S3 NDIS3Pkt;NDIS 3.0 Packet Driver;C:\WINDOWS\system32\drivers\ndis3pkt.sys [2008-07-06 23:32]
    S3 packet_2.1;Packet Driver v2.1;C:\WINDOWS\system32\drivers\packet.sys [2001-03-20 08:40]
    S3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys []

    *Newly Created Service* - DRIVERHARDWAREV2
    *Newly Created Service* - MACONFSERVICE
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-29 22:23:39
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-29 22:24:44
    ComboFix-quarantined-files.txt 2008-08-29 20:24:37
    ComboFix2.txt 2008-08-28 21:45:55

    Pre-Run: 68,471,148,544 octets libres
    Post-Run: 68,530,954,240 octets libres

    269 --- E O F --- 2008-08-27 12:09:38
    30 Août 2008 22:00:53

    bonsoir
    reposte un log hijackthis stp
    comment se comporte ton pc?
    30 Août 2008 22:42:07

    Hi Sham,
    Mon pc va plutôt bien, remarque qu'il c'est plutôt bien comporter depuis la découverte de l'infection...

    J'ai fait un nettoyage de disque + antivir en mode sans échec...

    Mon antivir AVG me signale à l'ouverture un cheval de trois au jolie nom de : Généric11.ADC je ne savais que les trojans portait des noms de médoc ! et les moi cher en plus !!! :pt1cable: 
    je me détends.... :p 

    Voici son emplacement d'après AVG :
    c:\système Volume Information\_restore {8A1EF756-6737-4B92-B70B-B95C32DB308}-RP135\A0031542.exe

    Je t'ai refait un rapport CFX et HJ

    Comme tu le remarqueras dans le rapport HJ, j'ai surligné des lignes que je voudrais effacées, t'es ok, j'ai désinstallé ces programmes,car je n'y arrive pas (échec ou normal), elle reviennent au prochain rapport HJ

    En te remerciant de nouveau.


    RAPPORT COMBO :

    ComboFix 08-08-30.01 - t 2008-08-30 21:35:05.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.631 [GMT 2:00]
    Endroit: C:\Documents and Settings\t\Bureau\ComboFix.exe
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-29 22:08 . 2008-08-30 00:06 <REP> d-------- C:\Program Files\ma-config.com
    2008-08-29 22:08 . 2008-08-30 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-08-28 19:20 . 2008-08-28 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-28 00:31 . 2008-08-28 00:33 <REP> d-------- C:\Program Files\NMapWin
    2008-08-27 17:49 . 2008-08-27 17:52 <REP> d-------- C:\Program Files\RegCleaner
    2008-08-27 00:54 . 2008-08-30 21:30 <REP> d--h----- C:\$AVG8.VAULT$
    2008-08-27 00:42 . 2008-08-30 21:08 <REP> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-08-27 00:42 . 2008-08-27 00:58 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-27 00:42 . 2008-08-27 00:58 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-08-27 00:42 . 2008-08-27 00:58 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-08-27 00:42 . 2008-08-27 00:58 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-08-27 00:41 . 2008-08-27 00:41 <REP> d-------- C:\Program Files\AVG
    2008-08-27 00:41 . 2008-08-27 00:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-27 00:41 . 2008-08-27 00:58 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
    2008-08-27 00:41 . 2008-08-27 00:58 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
    2008-08-26 23:16 . 2008-08-26 23:35 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-08-26 22:07 . 2008-08-26 22:07 <REP> d-------- C:\Documents and Settings\t\Application Data\Malwarebytes
    2008-08-26 22:07 . 2008-08-26 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-26 20:52 . 2008-08-26 21:33 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-08-26 19:15 . 2008-08-30 18:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-08-26 18:19 . 2008-08-26 18:19 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-25 20:56 . 2008-08-27 18:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-25 20:50 . 2008-08-25 20:50 <REP> d-------- C:\Documents and Settings\Philippe\LimeWire
    2008-08-25 20:49 . 2008-08-25 20:57 <REP> d-------- C:\Documents and Settings\t\Application Data\LimeWire
    2008-08-25 00:04 . 2008-08-25 00:04 <REP> d-------- C:\Documents and Settings\Philippe\Updater5
    2008-08-24 20:37 . 2008-08-24 20:37 <REP> d-------- C:\NP
    2008-08-24 18:38 . 2008-07-25 15:51 13,576 --a------ C:\WINDOWS\system32\wnaspi32.dll
    2008-08-24 15:52 . 2007-04-27 17:54 40,960 --a------ C:\WINDOWS\exitwx.exe
    2008-08-24 15:46 . 2008-08-24 15:46 80,750,592 -r-h----- C:\WINDOWS\dcdisk0_0
    2008-08-24 15:46 . 2008-08-24 15:46 4,204,544 -r-h----- C:\WINDOWS\dclog.bin
    2008-08-24 15:46 . 2008-08-24 15:46 0 --a------ C:\WINDOWS\dclock.dc
    2008-08-24 15:07 . 2008-08-24 15:10 <REP> d-------- C:\Program Files\Runtime Software
    2008-08-23 22:42 . 2008-08-23 22:42 15,397 --a------ C:\Program Files\settings.dat
    2008-08-23 22:35 . 2008-08-23 22:35 <REP> d-------- C:\Documents and Settings\Philippe\AdobeStockPhotos
    2008-08-23 22:35 . 2008-08-23 22:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-08-21 23:15 . 2008-08-21 23:15 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Tor
    2008-08-21 23:00 . 2008-08-21 23:00 43,276 --a------ C:\plist.dat
    2008-08-21 22:52 . 2000-09-29 18:00 8,784 --a------ C:\WINDOWS\F_France.gpl
    2008-08-21 01:03 . 2008-08-21 01:03 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Windows Desktop Search
    2008-08-21 01:02 . 2008-08-21 01:17 <REP> d-------- C:\Program Files\Windows Desktop Search
    2008-08-21 00:58 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-08-21 00:26 . 2008-08-25 21:22 <REP> d-------- C:\Documents and Settings\Simon\Contacts
    2008-08-21 00:01 . 2008-08-21 00:01 0 --a------ C:\WINDOWS\system32\FOXIT_PDF
    2008-08-20 23:46 . 2008-08-20 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-08-20 23:41 . 2008-08-25 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-08-20 23:39 . 2008-08-25 22:27 <REP> d-------- C:\Documents and Settings\t\Mes documents
    2008-08-20 23:37 . 2008-08-23 23:22 <REP> d-------- C:\Program Files\NOS
    2008-08-20 23:37 . 2008-08-23 23:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-08-20 23:00 . 2008-08-20 23:00 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Softland
    2008-08-20 22:58 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\dopdf6.ctm
    2008-08-19 16:47 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-08-19 16:47 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-08-19 02:38 . 2008-08-29 14:27 <REP> d-------- C:\Documents and Settings\Simon\Application Data\LimeWire
    2008-08-18 22:01 . 2008-08-18 22:11 <REP> d-------- C:\Program Files\Windows Live
    2008-08-18 19:14 . 2008-08-18 19:14 <REP> d-------- C:\Program Files\iPod
    2008-08-07 19:59 . 2008-08-07 19:59 <REP> d-------- C:\Program Files\Inventel
    2008-07-21 23:04 . 2008-07-22 00:00 <REP> d-------- C:\Program Files\Windows Privacy Tools
    2008-07-21 23:04 . 2008-07-21 23:09 <REP> d-------- C:\Documents and Settings\Simon\Application Data\GnuPG
    2008-07-15 21:56 . 2008-08-24 22:16 <REP> d-------- C:\Documents and Settings\Philippe\Travail
    2008-07-15 21:55 . 2008-07-15 21:56 <REP> d-------- C:\Documents and Settings\Philippe\Perso
    2008-07-15 21:54 . 2008-07-15 21:54 <REP> d-------- C:\Documents and Settings\Philippe\Archives XL
    2008-07-15 21:54 . 2008-07-15 21:54 <REP> d-------- C:\Documents and Settings\Philippe\Archives PB
    2008-07-08 22:28 . 2008-08-19 01:16 <REP> d-------- C:\Program Files\Uplink
    2008-07-08 22:20 . 2008-08-28 22:23 <REP> d-------- C:\Documents and Settings\t\Application Data\OpenOffice.org2
    2008-07-08 22:18 . 2008-07-08 22:18 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
    2008-07-08 20:58 . 2008-07-08 20:58 <REP> d-------- C:\Documents and Settings\Simon\Application Data\Allume Systems
    2008-07-08 13:40 . 2008-07-08 13:40 <REP> d-------- C:\Program Files\FLV Player
    2008-07-08 13:34 . 2008-07-08 13:34 <REP> d-------- C:\Program Files\Smart Projects
    2008-07-07 00:07 . 2008-07-07 00:07 <REP> d-------- C:\Program Files\@stake
    2008-07-06 23:32 . 2008-07-06 23:32 13,192 --a------ C:\WINDOWS\system32\drivers\ndis3pkt.sys
    2008-07-06 00:50 . 2008-08-26 18:40 <REP> d-------- C:\Program Files\CCleaner
    2008-07-05 23:28 . 2008-07-05 23:28 <REP> d-------- C:\Documents and Settings\Simon\Application Data\.wyzo
    2008-07-05 00:12 . 2008-07-05 00:40 <REP> d-------- C:\Program Files\xchat
    2008-07-05 00:12 . 2008-07-05 00:40 <REP> d-------- C:\Documents and Settings\Simon\Application Data\X-Chat 2
    2008-07-04 23:59 . 2008-07-06 00:38 <REP> d-------- C:\Documents and Settings\Simon\Application Data\mIRC
    2008-07-04 10:38 . 2001-03-20 08:40 11,235 --a------ C:\WINDOWS\system32\drivers\packet.sys
    2008-07-01 13:19 . 2008-07-01 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-30 17:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-24 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-08-21 20:56 796,672 ----a-w C:\WINDOWS\GPInstall.exe
    2008-08-18 20:10 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-08-18 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-08-18 17:21 --------- d-----w C:\Program Files\Apple Software Update
    2008-08-18 17:14 --------- d-----w C:\Program Files\iTunes
    2008-08-18 17:13 --------- d-----w C:\Program Files\QuickTime
    2008-07-21 20:40 --------- d-----w C:\Program Files\S2SaTstrat
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-05 22:54 --------- d-----w C:\Program Files\Yahoo!
    2008-07-02 20:13 --------- d-----w C:\Program Files\Acunetix
    2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-01 07:13 68,224 ----a-w C:\WINDOWS\system32\WanPacket.dll
    2008-06-01 07:13 53,299 ----a-w C:\WINDOWS\system32\pthreadVC.dll
    2008-06-01 07:13 240,248 ----a-w C:\WINDOWS\system32\wpcap.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\PxAFS.DLL
    2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
    2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
    2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
    2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
    2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
    2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
    2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-03-23 18:00 47,360 ----a-w C:\Documents and Settings\t\Application Data\pcouffin.sys
    2008-02-02 18:45 22 ----a-w C:\Documents and Settings\Simon\zipnew.dat
    2008-02-02 18:45 20 ----a-w C:\Documents and Settings\Simon\rarnew.dat
    2007-09-20 17:35 99,840 ----a-w C:\Documents and Settings\Simon\Uninstall.exe
    2007-09-20 17:34 936,960 ----a-w C:\Documents and Settings\Simon\WinRAR.exe
    2007-09-20 17:34 317,952 ----a-w C:\Documents and Settings\Simon\Rar.exe
    2007-09-20 17:34 203,776 ----a-w C:\Documents and Settings\Simon\UnRAR.exe
    2007-09-20 17:34 129,024 ----a-w C:\Documents and Settings\Simon\RarExt.dll
    2006-12-23 16:37 44,032 ----a-w C:\Documents and Settings\Simon\RarExtLoader.exe
    2006-12-11 01:14 43,008 ----a-w C:\Documents and Settings\Simon\RarExt64.dll
    2005-01-26 11:55 1,703,936 ----a-r C:\Documents and Settings\Simon\GdiPlus.dll
    2005-01-26 11:54 499,712 ----a-r C:\Documents and Settings\Simon\msvcp71.dll
    2005-01-26 11:54 348,160 ----a-r C:\Documents and Settings\Simon\msvcr71.dll
    2001-08-23 15:47 92,672 ----a-w C:\Documents and Settings\Simon\oeimprt.dll
    2001-08-23 15:47 24,576 ----a-w C:\Documents and Settings\Simon\_perfos.dll
    1998-07-12 22:00 82,944 ----a-w C:\Documents and Settings\VB98\ADDSCCFR.DLL
    1998-07-12 22:00 802,816 ----a-w C:\Documents and Settings\VB98\VISDATA.EXE
    1998-07-12 22:00 540,672 ----a-w C:\Documents and Settings\VB98\DATAVIEW.DLL
    1998-07-12 22:00 33,040 ----a-w C:\Documents and Settings\VB98\REPVBRC.DLL
    1998-07-12 22:00 1,127,184 ----a-w C:\Documents and Settings\VB98\VB6IDE.DLL
    1998-06-25 22:00 462,901 ----a-w C:\Documents and Settings\VB98\LINK.EXE
    1998-06-24 22:00 1,880,064 ----a-w C:\Documents and Settings\VB98\VB6.EXE
    1998-06-19 22:00 1,701,648 ----a-w C:\Documents and Settings\VB98\VBA6.DLL
    1998-06-17 22:00 81,979 ----a-w C:\Documents and Settings\VB98\CVPACK.EXE
    1998-06-17 22:00 31,504 ----a-w C:\Documents and Settings\VB98\VB6DEBUG.DLL
    1998-06-16 22:00 667,648 ----a-w C:\Documents and Settings\VB98\C2.EXE
    1998-06-16 22:00 180,276 ----a-w C:\Documents and Settings\VB98\MSPDB60.DLL
    1998-06-12 22:00 286,480 ----a-w C:\Documents and Settings\VB98\REPVB.DLL
    1998-06-10 22:00 22,800 ----a-w C:\Documents and Settings\VB98\REPVBTIM.DLL
    1998-05-21 22:00 77,312 ----a-w C:\Documents and Settings\VB98\ADDSCCUS.DLL
    1998-05-21 22:00 277,504 ----a-w C:\Documents and Settings\VB98\VBSCC.DLL
    1998-05-06 22:00 159,798 ----a-w C:\Documents and Settings\VB98\MSDIS110.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
    "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-03-15 08:44 163840]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-05-22 06:20 122940]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 11:46 196608]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 01:26 217088]
    "DLPSP"="C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2007-07-25 15:25 393944]
    "DLUPDR"="C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2007-02-22 00:38 140184]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-27 00:58 1235736]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 12:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\java.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Documents and Settings\\Simon\\Tools\\APE\\AEMANAGR.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Valve Lan\\hl.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Documents and Settings\\VB98\\VB6.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Documents and Settings\\Simon\\Mes documents\\Informatique\\Tor\\tor.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Logging]
    "LogSuccessfulConnections"= 0 (0x0)
    "LogDroppedPackets"= 0 (0x0)
    "LogFileSize"= 0 (0x0)
    "LogFilePath"=

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-27 00:58]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-27 00:58]
    R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-09-23 22:45]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 00:58]
    R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-27 00:58]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-27 00:58]
    R2 DLSDB;Dell Printer Status Database;C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 16:52]
    R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 15:22]
    R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-27 00:58]
    S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-27 00:58]
    S3 HDJCtrl;Hercules DJ Control MP3 Service;C:\WINDOWS\system32\Drivers\HDJCtrl.sys [2005-07-29 15:06]
    S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2005-08-15 11:43]
    S3 NDIS3Pkt;NDIS 3.0 Packet Driver;C:\WINDOWS\system32\drivers\ndis3pkt.sys [2008-07-06 23:32]
    S3 packet_2.1;Packet Driver v2.1;C:\WINDOWS\system32\drivers\packet.sys [2001-03-20 08:40]
    S3 RT80x86;Ralink 802.11n Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2860.sys []
    S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

    2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\t\Application Data\Mozilla\Firefox\Profiles\le2s3chx.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://orange.fr
    FF -: plugin - C:\Documents and Settings\Simon\Mes documents\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-30 21:37:27
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...


    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-30 21:38:39
    ComboFix-quarantined-files.txt 2008-08-30 19:38:28
    ComboFix2.txt 2008-08-29 20:24:46
    ComboFix3.txt 2008-08-28 21:45:55

    Pre-Run: 72,928,759,808 octets libres
    Post-Run: 72,913,399,808 octets libres

    276 --- E O F --- 2008-08-27 12:09:38

    RAPPORT HJ :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:21:21, on 30/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.0.1:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
    O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflo...
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?11907876...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?11972125...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflas...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)

    --
    End of file - 9630 bytes
    31 Août 2008 21:36:22

    bonsoir


    Citation :
    Voici son emplacement d'après AVG :
    c:\système Volume Information\_restore {8A1EF756-6737-4B92-B70B-B95C32DB308}-RP135\A0031542.exe

    ce n'est rien, la detection est dans la restauration de xp: le seul risque serait si tu choisis de restaurer ton pc à une date antérieure à la désinfection. (on s'en chargera après)

    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe (file missing)




    Clique sur Fix checked (en bas à gauche)


    Etape 2


    Lance Hijackthis, choisir Open the Misc.Tools section
    la fenêtre "Configuration va s'ouvrir
    clique sur Delete a NT service...
    la fenêtre "Delete a Windows NT service" va s'ouvrir
    Entre dans la zone de dialogue :

    LIVESRV



    Note : assure-toi de ne pas mettre d'espace, ni avant, ni après !
    clique OK

    Une autre fenêtre devrait s'ouvrir, donnant des informations sur le service et demandant si tu souhaites re-démarrer.
    Clique NO

    tu fais la même chose avec:
    sdAuxService
    sdCoreService
    VSSERV



    Etape 3

    Ensuite tu n'a plus qu'à supprimer les dossiers.




    ~Supprime les dossiers en gras :

    C:\Program Files\Spyware Doctor
    C:\Program Files\Softwin\BitDefender10
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service


    Note :
    Citation :
    Pour afficher les dossiers et fichiers cachés du système :
    Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

    Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.


    ++++++++++++++++

    on vérifie:
    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.


    1 Septembre 2008 20:29:15

    Hi Sham,

    Désolé pour la réponse tardive.

    Concernant les lignes j'ai réussi à les supprimer grâce à l'intervention d'un ami qui ma fait faire, à qqs chose prêt, les actions que tu préconise.

    Concernant le scan du PC il ma aussi dit de faire comme tu le dit mais avec Panda.

    Je pense avoir résolu mon problème, mais j'aimerai avoir , si tu le veux bien, confirmation de ta part.
    Voici donc le dernier rapport HJ.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:22:44, on 01/09/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.0.1:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
    O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_Suite] "C:\Program Files\Steganos Security Suite 6\sss.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SAFE] "C:\Program Files\Steganos Security Suite 6\safe.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [SSS6_SPM] "C:\Program Files\Steganos Security Suite 6\spm.exe" /booting (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Ra...
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie....
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
    O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

    --
    End of file - 9196 bytes
    1 Septembre 2008 21:38:53

    bonsoir
    c'est ok
    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    2 Septembre 2008 10:14:34

    Ok Sham, merci pour le coup de main. Je prends en compte tes conseils.
    2 Septembre 2008 20:44:48

    de rien
    bon surf
    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS