Se connecter / S'enregistrer
Votre question

Pakes.csg probleme !!!

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Mai 2008 23:00:10

Bonjour a tous, voila, cet apres midi en allumant mon pc je me sui rendu compte que j'avais un virus car mon pc ramait enormement rien ne se lancait et en plus des insectes mangeaient mon ecran :ouch:  signe evident d'un virus ^^ apres une petite recherhce il m'a paru evident que j'etait infecter par le virus pakes.csg, j'ai fait un scan avec ad aware qui a trouver qqchose que j'ai supprimer mais les problemes persistes, j'ai reussi a faire un scan avec hijackthis, je colle le log ici merci d'avance pour toutes vos reponses ;) 



Logfile of HijackThis v1.99.1
Scan saved at 22:45:37, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
K:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4647C2C7-9F3D-4220-87D9-43E617F67478} - C:\WINDOWS\system32\geBtRJCv.dll
O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: atfxqogp - {23649E36-60C6-4433-880A-9DF59FC27342} - C:\WINDOWS\atfxqogp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [xldpagc] c:\documents and settings\hp_administrateur\local settings\application data\xldpagc.exe xldpagc
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: geBtRJCv - C:\WINDOWS\SYSTEM32\geBtRJCv.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: vltdfabw - {12C83331-0D39-4A1D-832B-C65E1DB675A2} - C:\WINDOWS\vltdfabw.dll (file missing)
O21 - SSODL: vregfwlx - {1C52F1CE-C0F7-4E56-91F2-AFC3B48D2648} - C:\WINDOWS\vregfwlx.dll
O21 - SSODL: AvpStat - {590c34ee-e107-47f3-a125-4bfaf819d9a0} - C:\WINDOWS\Resources\AvpStat.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

Autres pages sur : pakes csg probleme

a b 8 Sécurité
1 Juin 2008 11:48:00

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    1 Juin 2008 18:18:33

    Merci de ta reponse, voila le rapport combofix

    P.S: j'ai du lancer deux fois combofix car le premier scan s'est arreter en plein milieu .


    ComboFix 08-05-29.1 - HP_Administrateur 2008-06-01 18:05:11.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.479 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
    C:\Documents and Settings\HP_Administrateur\Application Data\hidires
    c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc.dat
    c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc_nav.dat
    c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\xldpagc_navps.dat
    C:\Program Files\tmp0.exe
    C:\Program Files\tmp1.exe
    C:\Program Files\tmp2.exe
    C:\WINDOWS\resources\AvpStat.dll
    .
    ---- Previous Run -------
    .
    C:\Program Files\antiviirus.exe
    C:\Program Files\messengerskinner
    C:\Program Files\messengerskinner\download\defaultPack.cab
    C:\Program Files\messengerskinner\MessengerSkinner.exe
    C:\Program Files\messengerskinner\resources\appconfig.xml
    C:\Program Files\messengerskinner\resources\btn.rgn
    C:\Program Files\messengerskinner\resources\btnBnr.rgn
    C:\Program Files\messengerskinner\resources\btnIn.rgn
    C:\Program Files\messengerskinner\resources\btnInNormal.bmp
    C:\Program Files\messengerskinner\resources\btnInOver.bmp
    C:\Program Files\messengerskinner\resources\btnNormal.bmp
    C:\Program Files\messengerskinner\resources\btnNormal.gif
    C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
    C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
    C:\Program Files\messengerskinner\resources\btnOver.bmp
    C:\Program Files\messengerskinner\resources\btnOver.gif
    C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
    C:\Program Files\messengerskinner\resources\btnOverBnr.gif
    C:\Program Files\messengerskinner\resources\languages_v2.xml
    C:\Program Files\messengerskinner\uninst.exe
    C:\WINDOWS\atfxqogp.dll
    C:\WINDOWS\exefld
    C:\WINDOWS\exefld\102703.exe
    C:\WINDOWS\exefld\109781.exe
    C:\WINDOWS\exefld\88703.exe
    C:\WINDOWS\system32\818646
    C:\WINDOWS\system32\818646\818646.dll
    C:\WINDOWS\system32\ctfmona.exe
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\WinCtrl32.dl_
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\vregfwlx.dll
    C:\WINDOWS\xmpstean.exe
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
    2008-05-31 17:33 . 2008-05-31 17:34 <REP> d-------- C:\Program Files\AXPDefender
    2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-05-30 20:43 . 2008-05-30 20:43 33,920 --a------ C:\WINDOWS\system32\jkkhigFV.dll
    2008-05-30 20:41 . 2008-05-30 20:41 33,920 --a------ C:\WINDOWS\system32\geBtRJCv.dll
    2008-05-30 20:39 . 2008-06-01 17:37 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
    2008-05-30 20:39 . 2008-05-30 05:59 163,840 --a------ C:\WINDOWS\embd.exe
    2008-05-30 20:39 . 2008-06-01 17:37 160,256 --a------ C:\WINDOWS\system32\blackster.scr
    2008-05-30 20:03 . 2008-05-30 20:03 <REP> d-------- C:\Program Files\Fake Webcam
    2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
    2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
    2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
    2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
    2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
    2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-01 15:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
    2008-06-01 15:56 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
    2008-06-01 15:54 --------- d-----w C:\Program Files\Steam
    2008-05-31 15:40 --------- d-s---w C:\Program Files\Xfire
    2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
    2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
    2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
    2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
    2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
    2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
    2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
    2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
    2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
    2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
    2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
    2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
    2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
    .

    ------- Sigcheck -------

    2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
    2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
    2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
    2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
    2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
    2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
    2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
    2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
    2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
    2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
    2008-05-30 20:41 33920 --a------ C:\WINDOWS\system32\geBtRJCv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{23649E36-60C6-4433-880A-9DF59FC27342}"= "C:\WINDOWS\atfxqogp.dll" [ ]

    [HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
    [HKEY_CLASSES_ROOT\atfxqogp.1]
    [HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
    [HKEY_CLASSES_ROOT\atfxqogp]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
    "TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
    "Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
    "DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]

    C:\Documents and Settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 110592]
    OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
    RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02 630784]
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 03:29:28 3007824]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 110592]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-07 12:14:03 450560]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-07 11:24:42 528384]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\geBtRJCv.dll [2008-05-30 20:41 33920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
    geBtRJCv.dll 2008-05-30 20:41 33920 C:\WINDOWS\system32\geBtRJCv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "vidc.yv12"= yv12vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
    "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
    "C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
    R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
    S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
    S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
    S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
    S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 18:13:06
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\geBtRJCv.dll
    .
    Temps d'accomplissement: 2008-06-01 18:15:47
    ComboFix-quarantined-files.txt 2008-06-01 16:15:40

    Pre-Run: 81,374,498,816 octets libres
    Post-Run: 82,503,880,704 octets libres

    282
    Contenus similaires
    2 Juin 2008 13:59:16

    Euh je me permet de faire un petit up :(  jpe pa utiliser mon pc donc j'ai vraiment besoind 'aide ^^ merci
    a b 8 Sécurité
    2 Juin 2008 14:19:14

    Bonjour,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    3 Juin 2008 20:52:08

    Voila j'ai fait comme tu m'a dit

    P.S: J'ai fait "supprimmer la selection apres avoir enregistrer le rapport c'est pour ca qui y a ecrit no action taken :D 


    Malwarebytes' Anti-Malware 1.14
    Version de la base de données: 815

    20:40:56 03/06/2008
    mbam-log-6-3-2008 (20-40-41).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 216618
    Temps écoulé: 1 hour(s), 46 minute(s), 29 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 19
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 29

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\geBtRJCv.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqQjJBR.dll (Trojan.Vundo) -> No action taken.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebtrjcv (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{f5abb34f-676e-4763-8ee5-5fb41f1837a3} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5abb34f-676e-4763-8ee5-5fb41f1837a3} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{c1d0b9f7-f3c6-443a-af61-ad47771ace27} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{aaa0a546-2b51-4aed-b1e2-c14f38c73165} (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\e405.e405mgr.1 (Trojan.BHO) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\atfxqogp.bxpr (Trojan.FakeAlert) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4647c2c7-9f3d-4220-87d9-43e617f67478} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4ccdf25c (Trojan.Vundo) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjjbr -> No action taken.

    Dossier(s) infecté(s):
    C:\Program Files\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\geBtRJCv.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\system32\urqQjJBR.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000001.scr (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000002.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0001011.scr (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0002010.scr (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0003009.dll (Trojan.Vundo) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0004039.scr (Trojan.Agent) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005081.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005082.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005083.exe (Trojan.FakeAlert) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP2\A0005084.dll (Trojan.Clicker) -> No action taken.
    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP5\A0007233.dll (Trojan.Vundo) -> No action taken.
    C:\WINDOWS\embd.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> No action taken.
    C:\WINDOWS\system32\jkkhigFV.dll (Trojan.Vundo) -> No action taken.
    C:\Program Files\AXPDefender\AXPDefender.exe.local (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\database.dat (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\license.txt (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Program Files\AXPDefender\Uninstall.exe (Rogue.AdvancedXPDefender) -> No action taken.
    C:\WINDOWS\system32\mpdaqhnh.dll (Trojan.Vundo) -> No action taken.
    C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> No action taken.
    C:\Documents and Settings\All Users\Bureau\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> No action taken.
    4 Juin 2008 13:02:11

    Est ce que maintenant que malwarebyte a supprimer quelques trucs le probleme est reglé ou subsiste-il quelques traces a enlever de ce virus ?
    a b 8 Sécurité
    4 Juin 2008 14:04:39

    Refais un scan Combofix :) 
    4 Juin 2008 19:03:39

    voila je poste le log


    ComboFix 08-05-29.1 - HP_Administrateur 2008-06-04 18:31:31.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.565 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\avjeifvk.ini
    C:\WINDOWS\system32\hnhqadpm.ini
    C:\WINDOWS\system32\pjljakri.ini
    C:\WINDOWS\system32\RBJjQqru.ini
    C:\WINDOWS\system32\RBJjQqru.ini2
    C:\WINDOWS\system32\rkliorgw.ini
    C:\WINDOWS\system32\vuunmnfx.ini
    C:\WINDOWS\system32\wacMnUvw.ini
    C:\WINDOWS\system32\wacMnUvw.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-04 12:29 . 2008-06-04 12:29 95,232 --a------ C:\WINDOWS\system32\irkajljp.dll
    2008-06-04 10:34 . 2008-06-04 10:34 324,352 --a------ C:\WINDOWS\system32\wvUnMcaw.dll
    2008-06-02 19:22 . 2008-06-02 19:22 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
    2008-06-02 19:21 . 2008-06-02 19:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-02 19:21 . 2008-06-02 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-02 19:21 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-02 19:21 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-01 21:19 . 2008-06-01 21:19 324,864 --------- C:\WINDOWS\system32\urqQjJBR.dll
    2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Program Files\Avira
    2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
    2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-05-30 20:41 . 2008-05-30 20:41 33,920 --------- C:\WINDOWS\system32\geBtRJCv.dll
    2008-05-30 20:03 . 2008-06-03 21:51 <REP> d-------- C:\Program Files\Fake Webcam
    2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
    2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
    2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
    2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
    2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
    2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-04 16:47 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
    2008-06-04 16:45 --------- d-----w C:\Program Files\Steam
    2008-06-04 10:00 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
    2008-06-02 11:56 --------- d-s---w C:\Program Files\Xfire
    2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
    2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
    2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
    2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
    2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
    2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
    2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
    2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
    2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-03-07 18:51 219,648 ----a-w C:\WINDOWS\system32\dllcache\uxtheme.dll
    2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
    2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
    2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
    2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
    .

    ------- Sigcheck -------

    2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
    2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
    2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
    2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
    2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
    2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
    2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
    2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
    2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
    2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-06-01_18.14.36.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-01 15:52:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-04 16:43:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
    2008-05-30 20:41 33920 --------- C:\WINDOWS\system32\geBtRJCv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C969D2D-2199-4A29-8483-BD417A1EF167}]
    2008-06-04 18:49 324352 --a------ C:\WINDOWS\system32\nnnnLddc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D70A167-9D75-49D7-9F4C-DD7E79AE7A64}]
    2008-06-01 21:19 324864 --------- C:\WINDOWS\system32\urqQjJBR.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{877D76C4-BE5B-43D9-9AF9-0E693A84ECBB}]
    2008-06-04 10:34 324352 --a------ C:\WINDOWS\system32\wvUnMcaw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{23649E36-60C6-4433-880A-9DF59FC27342}"= "C:\WINDOWS\atfxqogp.dll" [ ]

    [HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
    [HKEY_CLASSES_ROOT\atfxqogp.1]
    [HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
    [HKEY_CLASSES_ROOT\atfxqogp]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
    "TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
    "Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
    "DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "4ccdf25c"="C:\WINDOWS\system32\xjuxxtlw.dll" [2008-06-04 18:51 95232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4647C2C7-9F3D-4220-87D9-43E617F67478}"= C:\WINDOWS\system32\geBtRJCv.dll [2008-05-30 20:41 33920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
    geBtRJCv.dll 2008-05-30 20:41 33920 C:\WINDOWS\system32\geBtRJCv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "vidc.yv12"= yv12vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\nnnnLddc

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
    "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
    "C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
    R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
    S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
    S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
    S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
    S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-04 18:46:00
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\geBtRJCv.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\system32\nview.dll
    -> C:\WINDOWS\system32\xjuxxtlw.dll
    -> C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparencyHook.dll
    -> C:\WINDOWS\system32\nnnnLddc.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\hp\KBD\kbd.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-04 18:55:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-04 16:54:56
    ComboFix2.txt 2008-06-01 16:15:49

    Pre-Run: 82,978,988,032 octets libres
    Post-Run: 82,879,619,072 octets libres

    292
    a b 8 Sécurité
    5 Juin 2008 13:22:47

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\irkajljp.dll
    C:\WINDOWS\system32\wvUnMcaw.dll
    C:\WINDOWS\system32\urqQjJBR.dll
    C:\WINDOWS\system32\geBtRJCv.dll
    C:\WINDOWS\system32\nnnnLddc.dll
    C:\WINDOWS\atfxqogp.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4647C2C7-9F3D-4220-87D9-43E617F67478}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C969D2D-2199-4A29-8483-BD417A1EF167}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D70A167-9D75-49D7-9F4C-DD7E79AE7A64}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{877D76C4-BE5B-43D9-9AF9-0E693A84ECBB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{23649E36-60C6-4433-880A-9DF59FC27342}"=-
    [-HKEY_CLASSES_ROOT\clsid\{23649e36-60c6-4433-880a-9df59fc27342}]
    [-HKEY_CLASSES_ROOT\atfxqogp.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{AAA0A546-2B51-4AED-B1E2-C14F38C73165}]
    [-HKEY_CLASSES_ROOT\atfxqogp]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "4ccdf25c"=-
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{4647C2C7-9F3D-4220-87D9-43E617F67478}"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    5 Juin 2008 19:29:10

    voila le log combofix


    ComboFix 08-05-29.1 - HP_Administrateur 2008-06-05 19:07:17.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.280 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\atfxqogp.dll
    C:\WINDOWS\system32\geBtRJCv.dll
    C:\WINDOWS\system32\irkajljp.dll
    C:\WINDOWS\system32\nnnnLddc.dll
    C:\WINDOWS\system32\urqQjJBR.dll
    C:\WINDOWS\system32\wvUnMcaw.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\evpbrxxt.ini
    C:\WINDOWS\system32\geBtRJCv.dll
    C:\WINDOWS\system32\letbsrol.ini
    C:\WINDOWS\system32\urqQjJBR.dll
    C:\WINDOWS\system32\wacMnUvw.ini
    C:\WINDOWS\system32\wacMnUvw.ini2
    C:\WINDOWS\system32\wltxxujx.ini
    C:\WINDOWS\system32\wvUnMcaw.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-05 10:51 . 2008-06-05 10:51 <REP> d--hs---- C:\Documents and Settings\All Users\DRM
    2008-06-05 10:51 . 2008-06-05 10:51 95,232 --a------ C:\WINDOWS\system32\txxrbpve.dll
    2008-06-02 19:22 . 2008-06-02 19:22 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
    2008-06-02 19:21 . 2008-06-02 19:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-02 19:21 . 2008-06-02 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-02 19:21 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-02 19:21 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Program Files\Avira
    2008-06-01 20:21 . 2008-06-01 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-06-01 15:14 . 2008-06-01 15:14 <REP> d--hs---- C:\found.001
    2008-05-30 21:06 . 2008-05-30 21:07 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-05-30 20:03 . 2008-06-03 21:51 <REP> d-------- C:\Program Files\Fake Webcam
    2008-05-30 19:51 . 2008-05-30 19:51 <REP> d-------- C:\Program Files\CamStudio
    2008-05-21 15:00 . 2008-05-21 15:00 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\IDS_COMPANY
    2008-05-14 03:29 . 2008-05-14 03:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-05-13 19:02 . 2008-05-13 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-05-10 22:05 . 2008-05-10 22:05 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
    2008-05-10 22:05 . 2001-10-26 23:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
    2008-05-10 22:03 . 2008-05-10 22:03 <REP> d-------- C:\WINDOWS\Adobe Illustrator CS
    2008-05-08 10:55 . 2008-05-08 10:55 <REP> d--hs---- C:\found.000

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-05 17:18 --------- d-----w C:\Program Files\Steam
    2008-06-05 08:23 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Xfire
    2008-06-05 08:21 --------- d-s---w C:\Program Files\Xfire
    2008-06-05 08:20 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\OpenOffice.org2
    2008-05-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\foobar2000
    2008-05-29 17:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-05-24 12:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\BitTorrent
    2008-05-14 12:55 --------- d-----w C:\Program Files\World of Warcraft
    2008-05-13 17:02 --------- d-----w C:\Program Files\Lavasoft
    2008-05-13 17:02 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-10 20:05 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-10 20:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-09 18:54 --------- d-----w C:\Program Files\SupraASCIIArt
    2008-04-30 07:48 318,904 ----a-w C:\Documents and Settings\HP_Administrateur\wmpfirefoxplugin.exe
    2008-04-30 07:33 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-14 20:24 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\teamspeak2
    2008-03-21 15:20 3,159 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\SAS7_000.DAT
    2008-03-07 21:46 70,537 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-03-07 21:46 5,347 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2007-12-08 18:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-09-22 15:33 357 ----a-w C:\Documents and Settings\HP_Administrateur\.cb_layout.bin
    2007-08-08 16:54 52,438,399 ----a-w C:\Documents and Settings\HP_Administrateur\WoW-2.1.3.6898-to-0.2.0.6932-frFR-patch.exe
    2007-05-30 17:32 38 ----a-w C:\Documents and Settings\HP_Administrateur\dell.bat
    2007-08-16 10:53 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
    2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
    .

    ------- Sigcheck -------

    2006-01-10 03:02 666112 5404e2ead19d7e2a5c4086015062343c C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
    2004-08-10 13:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB912945$\wininet.dll
    2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
    2007-01-04 16:02 669184 114342601ac7ea73b0d2a0ed8505b8b9 C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
    2006-03-04 13:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
    2007-04-18 14:44 669696 a3bf56a786b277e881fd9137f55f0b4b C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
    2007-06-26 16:36 669696 19058fbdc72f7bae085369c6d0a7d074 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
    2007-08-22 14:57 669696 4f6a45b54d26708e2c2bf2c43d83edea C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
    2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
    2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
    2007-12-07 02:47 704512 456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
    2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-10 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((( snapshot@2008-06-01_18.14.36.40 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-06-01 15:52:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-06-05 17:16:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-01-21 16:12:56 41,792 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 19:37 68856]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-28 13:44 1271032]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 01:01 43008]
    "TrueTransparency"="C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe" [2007-10-20 16:10 132608]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
    "ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 01:56 16261632 C:\WINDOWS\RTHDCPL.EXE]
    "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
    "Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-07-25 13:25 57344]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
    "DNS7reminder"="C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 09:20 259624]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46 200069]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 13:10 267048]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13 29744]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "AXPDefender"="C:\Program Files\AXPDefender\AXPDefender.exe" [ ]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtRJCv]
    geBtRJCv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "vidc.yv12"= yv12vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\eoW87.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hqX18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\isA07.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\jsA07.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsA18.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Documents and Settings\\HP_Administrateur\\Bureau\\eMule\\emule.exe"=
    "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\half-life 2 deathmatch\\hl2.exe"=
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
    "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
    "C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Metin2_France\\metin2.bin"=
    "C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\dedicated server\\hlds.exe"=
    "C:\\Documents and Settings\\HP_Administrateur\\Mes documents\\LanSchool v6.0 + Crack\\teste\\teacher.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\counter-strike source\\hl2.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\azertypoiu\\day of defeat source\\hl2.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
    R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]
    S0 eoW87;eoW87;C:\WINDOWS\system32\Drivers\eoW87.sys []
    S0 hqX18;hqX18;C:\WINDOWS\system32\Drivers\hqX18.sys []
    S0 isA07;isA07;C:\WINDOWS\system32\Drivers\isA07.sys []
    S0 jsA07;jsA07;C:\WINDOWS\system32\Drivers\jsA07.sys []
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-08 00:13]
    S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-31 19:41:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-05 19:17:05
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\system32\nview.dll
    -> C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparencyHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\ehome\ehrecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\hp\KBD\kbd.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-05 19:27:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-05 17:27:26
    ComboFix2.txt 2008-06-04 16:55:20
    ComboFix3.txt 2008-06-01 16:15:49

    Pre-Run: 82,820,182,016 octets libres
    Post-Run: 82,753,007,616 octets libres

    268
    5 Juin 2008 19:30:08

    et le log hijackthis :) 


    Logfile of HijackThis v1.99.1
    Scan saved at 19:29:35, on 05/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\ARPWRMSG.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Ideazon\ZEngine\Zboard.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\windows\system\hpsysdrv.exe
    K:\WormingFight\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AXPDefender] C:\Program Files\AXPDefender\AXPDefender.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [TrueTransparency] "C:\Documents and Settings\HP_Administrateur\Mes documents\Apps\TrueTransparency\TrueTransparency.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
    O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: geBtRJCv - geBtRJCv.dll (file missing)
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

    a b 8 Sécurité
    6 Juin 2008 13:35:48

    Supprime ce fichier :
    C:\WINDOWS\system32\txxrbpve.dll
    6 Juin 2008 18:37:01

    Manuellement ou en le fixant avec hijackthis ?
    a b 8 Sécurité
    6 Juin 2008 20:48:54

    Manuellement. On ne peut pas fixer un fichier avec Hijackthis ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS