Votre question

Suppression fenetre security system warning [résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
11 Mai 2008 15:05:59

Bonjour, j'ai un virus m'ouvrant les pages security system warning et security system warning, je sais que le sujet a deja était traité, mais j'ai suivi les indications (smitfraudfix, combofix,...) et cela n'a pas marcher pour moi, si quelqu'un peu m'aider a supprimer ceci car je commence a devenir fou, merci d'avance.

Voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:10, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jgbsvqhu.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\marc\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: vnbptxlf - {3AB99368-48AF-4A01-B845-2904204948B5} - C:\WINDOWS\vnbptxlf.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdkuianm] C:\WINDOWS\system32\jyvarszc.exe
O4 - HKCU\..\Run: [joyplwqx] C:\WINDOWS\system32\dgzkzsju.exe
O4 - HKCU\..\Run: [tnkefiej] C:\WINDOWS\system32\wpcrenwl.exe
O4 - HKCU\..\Run: [omdyudug] C:\WINDOWS\system32\jgbsvqhu.exe
O4 - HKCU\..\Run: [lowrvjoo] C:\WINDOWS\system32\vcvgtubs.exe
O4 - HKCU\..\Run: [mptuwavn] C:\WINDOWS\system32\wdmvijgh.exe
O4 - HKCU\..\Run: [fihjrzav] C:\WINDOWS\system32\zefengti.exe
O4 - HKLM\..\Policies\Explorer\Run: [KMZNMRO1A0] C:\Documents and Settings\All Users\Application Data\bofivovi\zspejcjc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: SrvChk - {36f207b2-dcfb-43c7-b0e4-5871d353a159} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\marc\Mes documents\Programme\Nouveau dossier\aircrack-ng-0.9-win\bin\wzcook.exe (file missing)

--
End of file - 11087 bytes

Autres pages sur : suppression fenetre security system warning resolu

11 Mai 2008 19:44:13

Salut,

Avant d'attaquer, j'aimerais vérifier quelque chose.

Télécharge Blacklight (de F-Secure) sur ton Bureau.

  • Double-clique sur fsbl.exe et accepte la licence.
  • Clique sur Scan puis sur Next.
  • Ne choisis pas l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe.
  • Poste ici le rapport nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres) qui se trouve sur ton Bureau.
    11 Mai 2008 21:39:09

    XmichouX a dit :
    Salut,

    Avant d'attaquer, j'aimerais vérifier quelque chose.

    Télécharge Blacklight (de F-Secure) sur ton Bureau.

  • Double-clique sur fsbl.exe et accepte la licence.
  • Clique sur Scan puis sur Next.
  • Ne choisis pas l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe.
  • Poste ici le rapport nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres) qui se trouve sur ton Bureau.


  • J'ai effectué de nouvelles manipulation pour supprimer l'infection avec malwarebytes' anti-malware est ba pour l'instant les alertes sont pas revenus, mais bon, c'est pas sur que se soit tout supprimé, donc je vais faire ta manip .

    Voila le rapport :

    05/11/08 21:13:19 [Info]: BlackLight Engine 1.0.70 initialized
    05/11/08 21:13:19 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    05/11/08 21:13:19 [Note]: 7019 4
    05/11/08 21:13:19 [Note]: 7005 0
    05/11/08 21:13:23 [Note]: 7006 0
    05/11/08 21:13:23 [Note]: 7011 3508
    05/11/08 21:13:23 [Note]: 7035 0
    05/11/08 21:13:23 [Note]: 7026 0
    05/11/08 21:13:23 [Note]: 7026 0
    05/11/08 21:13:28 [Note]: FSRAW library version 1.7.1024
    05/11/08 21:37:53 [Note]: 2000 1012
    05/11/08 21:37:53 [Note]: 2000 1012
    05/11/08 21:38:01 [Note]: 7007 0

    Merci beaucoup d'apporter de l'aide aux internautes !
    Contenus similaires
    11 Mai 2008 23:38:03

    On va voir si mbam a fait du nettoyage, poste un nouveau rapport HIjackThis :) 
    12 Mai 2008 00:04:31

    Aparament oui il a fait du nettoyage, depuis plus rien ne s'est ouvert, voila le nouveau rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:17:02, on 12/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
    C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\marc\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: vnbptxlf - {3AB99368-48AF-4A01-B845-2904204948B5} - C:\WINDOWS\vnbptxlf.dll (file missing)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
    O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
    O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [KMZNMRO1A0] C:\Documents and Settings\All Users\Application Data\bofivovi\zspejcjc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\marc\Mes documents\Programme\Nouveau dossier\aircrack-ng-0.9-win\bin\wzcook.exe (file missing)

    --
    End of file - 10646 bytes


    Merci de me dire si il y a des trucs inutiles ou d'autres choses a supprimer, merci
    12 Mai 2008 10:58:25

    Re,

    Il a fait du beau nettoyage, mais il en reste un peu.

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    12 Mai 2008 13:09:57

    Re,

    Oui ca va il a fait du beau nettoyage, par contre maintenant je n'arrive plus a lancer combofix :??:  comme message d'erreur, j'ai : "some installation files are corrupt. Please download a fresh copy". Merci de m'aider
    12 Mai 2008 14:18:49

    Supprime ta version de ComboFix.
    Retélécharge-la et lance l'outil en mode sans échec.
    12 Mai 2008 15:42:20

    En mode sans echec, même probleme ! En plus j'ai un probleme, en mode sans echec, l'ordi s'éteint tout seul et quand j'essaye de le rallumer, il se réteint et se rallume tout seul une 10 ene de fois, voir plus avant de se rallumer, voila, merci !
    12 Mai 2008 16:09:01

    Re,

    Télécharge DiagHelp (de Malekal) sur ton Bureau ()

  • Dézippe le, ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître! )
  • Choisis l’option 1 dans la fenêtre qui s’ouvrira.
    Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..
    ATTENTION : Pendant l'analyse, après le rapport CatchMe, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
  • A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré, le rapport va apparaître sur le Bloc-note.. Poste le ici.

    Ce dernier se trouve ici : C:\resultat.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/
    Comment Uploader ?

    Aide : Comment utiliser DiagHelp.

    12 Mai 2008 18:48:58

    Voici le rapport généré par diagHelp :


    DiagHelp version v1.4 - http://www.malekal.com
    excute le 12/05/2008 à 18:42:17,21


    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->12/05/2008 18:42:13
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->12/05/2008 18:42:06
    C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->12/05/2008 18:41:31
    C:\WINDOWS\prefetch\WINMINE.EXE-0A3838A4.pf -->12/05/2008 18:33:05
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1857459C.pf -->12/05/2008 18:15:15
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->12/05/2008 18:13:35
    C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->12/05/2008 18:12:36
    C:\WINDOWS\prefetch\RUNDLL32.EXE-483E13BB.pf -->12/05/2008 18:07:12
    C:\WINDOWS\prefetch\KPROCCHECK.EXE-10A073F9.pf -->12/05/2008 18:03:45
    C:\WINDOWS\prefetch\CATCHME.EXE-2818BBC1.pf -->12/05/2008 18:03:14

    C:\WINDOWS\System32\drivers\mbamcatchme.sys -->05/05/2008 20:46:36
    C:\WINDOWS\System32\drivers\mbam.sys -->05/05/2008 20:46:32
    C:\WINDOWS\System32\drivers\aswFsBlk.sys -->29/03/2008 19:35:49
    C:\WINDOWS\System32\drivers\aswmon2.sys -->29/03/2008 19:35:21
    C:\WINDOWS\System32\drivers\aswSP.sys -->29/03/2008 19:31:34
    C:\WINDOWS\System32\drivers\aswRdr.sys -->29/03/2008 19:29:08
    C:\WINDOWS\System32\drivers\aswTdi.sys -->29/03/2008 19:27:33

    C:\WINDOWS\System32\wpa.dbl -->12/05/2008 15:34:16
    C:\WINDOWS\System32\nvapps.xml -->12/05/2008 15:33:52
    C:\WINDOWS\System32\tmp.txt -->12/05/2008 14:46:00
    C:\WINDOWS\System32\tmp.reg -->12/05/2008 14:46:00
    C:\WINDOWS\System32\CONFIG.NT -->08/05/2008 19:53:24
    C:\WINDOWS\System32\IEDFix.exe -->28/04/2008 08:03:06
    C:\WINDOWS\System32\404Fix.exe -->28/04/2008 08:03:06
    C:\WINDOWS\System32\VACFix.exe -->24/04/2008 08:10:33
    C:\WINDOWS\System32\PerfStringBackup.INI -->12/04/2008 11:16:41
    C:\WINDOWS\System32\perfh00C.dat -->12/04/2008 11:16:41
    C:\WINDOWS\System32\perfh009.dat -->12/04/2008 11:16:41
    C:\WINDOWS\System32\perfc00C.dat -->12/04/2008 11:16:41
    C:\WINDOWS\System32\perfc009.dat -->12/04/2008 11:16:41
    C:\WINDOWS\System32\FNTCACHE.DAT -->10/04/2008 12:09:00
    C:\WINDOWS\System32\MRT.INI -->09/04/2008 23:30:00
    C:\WINDOWS\System32\MRT.exe -->06/04/2008 07:56:20
    C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->01/04/2008 12:22:49
    C:\WINDOWS\System32\aswBoot.exe -->29/03/2008 19:45:49
    C:\WINDOWS\System32\AvastSS.scr -->29/03/2008 19:23:22
    C:\WINDOWS\System32\QuickTimeVR.qtx -->28/03/2008 23:37:26
    C:\WINDOWS\System32\QuickTime.qts -->28/03/2008 23:37:26
    C:\WINDOWS\System32\win32k.sys -->20/03/2008 10:09:22
    C:\WINDOWS\System32\lvcoinst.log -->01/03/2008 21:38:00
    C:\WINDOWS\System32\mshtml.dll -->01/03/2008 18:28:10
    C:\WINDOWS\System32\wininet.dll -->01/03/2008 14:58:11

    C:\WINDOWS\WindowsUpdate.log -->12/05/2008 18:12:30
    C:\WINDOWS\setupapi.log -->12/05/2008 15:37:57
    C:\WINDOWS\0.log -->12/05/2008 15:33:57
    C:\WINDOWS\wiadebug.log -->12/05/2008 15:33:52
    C:\WINDOWS\wiaservc.log -->12/05/2008 15:33:46
    C:\WINDOWS\bootstat.dat -->12/05/2008 15:33:35
    C:\WINDOWS\ntbtlog.txt -->12/05/2008 15:28:06
    C:\WINDOWS\SchedLgU.Txt -->12/05/2008 15:26:43
    C:\WINDOWS\setupact.log -->12/05/2008 14:46:51
    C:\WINDOWS\wmsetup.log -->11/05/2008 18:22:17
    C:\WINDOWS\system.ini -->11/05/2008 14:40:56
    C:\WINDOWS\NeroDigital.ini -->09/05/2008 13:15:09
    C:\WINDOWS\setuperr.log -->08/05/2008 19:18:15
    C:\WINDOWS\QTFont.qfn -->08/05/2008 14:46:18
    C:\WINDOWS\QTFont.for -->07/05/2008 13:01:14

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed


    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 1544
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x10000000 0x21000 7.06.0002.0009 C:\Program Files\iTunes\iTunesMiniPlayer.dll
    0x013b0000 0xe000 7.06.0002.0001 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
    0x013e0000 0x23000 7.06.0002.0009 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
    0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x021a0000 0x170000 6.14.0010.11046 C:\WINDOWS\system32\nview.dll
    0x023d0000 0x50000 6.14.0010.11046 C:\WINDOWS\system32\NVWRSFR.DLL
    0x00d70000 0x15000 6.14.0010.8602 C:\WINDOWS\system32\nvwddi.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x03bc0000 0x74d000 6.14.0010.8602 C:\WINDOWS\system32\nvcpl.dll
    0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll
    0x029a0000 0x45000 6.14.0010.8602 C:\WINDOWS\system32\NVRSFR.DLL
    0x029f0000 0x73000 6.14.0010.11046 C:\WINDOWS\system32\nvshell.dll
    0x00f90000 0x2c000 C:\Program Files\WinRAR\rarext.dll
    0x00b80000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    0x64f00000 0x12000 4.08.1169.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
    0x00e70000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    0x02d00000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 648
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x10000000 0x1c000 3.95.0000.1942 C:\WINDOWS\system32\odyEvent.dll
    0x011d0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x01210000 0x24000 3.95.0000.1942 C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odLogin.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll


    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 2875-C38F

    Répertoire de C:\WINDOWS\system32

    05/08/2004 14:00 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 40 061 562 880 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 2875-C38F

    Répertoire de C:\WINDOWS\Downloaded Program Files

    10/05/2008 19:16 <REP> .
    10/05/2008 19:16 <REP> ..
    12/04/2007 22:56 65 desktop.ini
    11/04/2007 14:55 1 292 erma.inf
    22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
    28/02/2007 14:21 131 472 msgrchkr.dll
    12/04/2005 14:58 77 824 PhtPkMSN.dll
    08/04/2005 11:28 1 367 PhtPkMSN.inf
    28/02/2007 14:21 142 248 SolitaireShowdown.dll
    26/03/2007 16:46 5 085 swflash.inf
    8 fichier(s) 663 897 octets

    Total des fichiers listés :
    8 fichier(s) 663 897 octets
    2 Rép(s) 40 061 558 784 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..


    Liste des fichiers en exception sur le pare-feu XP SP2

    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:p artage de l'application RTC"


    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001
    "HideLegacyLogonScripts"=dword:00000000
    "HideLogoffScripts"=dword:00000000
    "RunLogonScriptSync"=dword:00000001
    "RunStartupScriptSync"=dword:00000001
    "HideStartupScripts"=dword:00000000



    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-12 18:42:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641a2603e]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641a2603e]

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0


    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    224 - nvsvc32.exe
    352 - svchost.exe
    620 - csrss.exe
    648 - winlogon.exe
    692 - services.exe
    704 - lsass.exe
    864 - svchost.exe
    904 - rundll32.exe
    952 - svchost.exe
    992 - svchost.exe
    1052 - svchost.exe
    1080 - svchost.exe
    1092 - odClientService
    1200 - WButton.exe
    1224 - aawservice.exe
    1236 - LaunchAp.exe
    1348 - ashServ.exe
    1412 - HotkeyApp.exe
    1544 - explorer.exe
    1712 - RTHDCPL.exe
    1764 - spoolsv.exe
    1876 - AppleMobileDevi
    1900 - svchost.exe
    1916 - sm56hlpr.exe
    2000 - SynTPEnh.exe
    2008 - sqlservr.exe
    2092 - OdTray.exe
    2100 - wmiprvse.exe
    2108 - WaHelper.exe
    2164 - LVCOMSX.EXE
    2188 - LogiTray.exe
    2216 - cmd.exe
    2304 - rundll32.exe
    2320 - ashMaiSv.exe
    2408 - QTTask.exe
    2436 - iTunesHelper.ex
    2456 - ashDisp.exe
    2464 - msnmsgr.exe
    2496 - ctfmon.exe
    2584 - FxSvr2.exe
    2600 - ashWebSv.exe
    2756 - Shareaza.exe
    2872 - TosBtMng.exe
    2900 - iPodService.exe
    3092 - usnsvc.exe
    3116 - TosA2dp.exe
    3172 - TosBtHid.exe
    3192 - TosBtHSP.exe

    Total number of processes = 49
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806FD000 - \WINDOWS\system32\hal.dll
    F7D64000 - \WINDOWS\system32\KDCOM.DLL
    F7C74000 - \WINDOWS\system32\BOOTVID.dll
    F7759000 - sptd.sys
    F7D66000 - \WINDOWS\System32\Drivers\WMILIB.SYS
    F7741000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
    F7712000 - ACPI.sys
    F7701000 - pci.sys
    F7864000 - isapnp.sys
    F7C78000 - compbatt.sys
    F7C7C000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
    F7E2C000 - pciide.sys
    F7AE4000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    F76E3000 - pcmcia.sys
    F7874000 - MountMgr.sys
    F76C4000 - ftdisk.sys
    F7AEC000 - PartMgr.sys
    F7C80000 - ACPIEC.sys
    F7E2D000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    F7884000 - VolSnap.sys
    F76AC000 - atapi.sys
    F75D6000 - iaStor.sys
    F7894000 - disk.sys
    F78A4000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    F75B6000 - fltMgr.sys
    F75A4000 - sr.sys
    F78B4000 - PxHelp20.sys
    F758D000 - KSecDD.sys
    F7500000 - Ntfs.sys
    F74D3000 - NDIS.sys
    F74B8000 - Mup.sys
    F7AB4000 - \SystemRoot\system32\DRIVERS\intelppm.sys
    F73FB000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys
    F6A1B000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
    F6A07000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    F69E2000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
    F7B4C000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
    F69BF000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
    F7B54000 - \SystemRoot\system32\DRIVERS\usbehci.sys
    F7AC4000 - \SystemRoot\system32\DRIVERS\EMS7SK.sys
    F69AE000 - \SystemRoot\system32\DRIVERS\sdbus.sys
    F7AD4000 - \SystemRoot\system32\DRIVERS\ESD7SK.sys
    F73E7000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
    F78D4000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
    F7B5C000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
    F697E000 - \SystemRoot\system32\DRIVERS\SynTP.sys
    F7D98000 - \SystemRoot\system32\DRIVERS\USBD.SYS
    F7B64000 - \SystemRoot\system32\DRIVERS\mouclass.sys
    F78E4000 - \SystemRoot\system32\DRIVERS\imapi.sys
    F78F4000 - \SystemRoot\system32\DRIVERS\cdrom.sys
    F7904000 - \SystemRoot\system32\DRIVERS\redbook.sys
    F695B000 - \SystemRoot\system32\DRIVERS\ks.sys
    F73E3000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    F7914000 - \SystemRoot\System32\Drivers\tosrfcom.sys
    F7F67000 - \SystemRoot\system32\DRIVERS\audstub.sys
    F7D9A000 - \SystemRoot\System32\Drivers\RootMdm.sys
    F7B6C000 - \SystemRoot\System32\Drivers\Modem.SYS
    F6DFF000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
    F7D40000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
    F691C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
    F6DEF000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
    F6DDF000 - \SystemRoot\system32\DRIVERS\raspptp.sys
    F7B74000 - \SystemRoot\system32\DRIVERS\TDI.SYS
    F690B000 - \SystemRoot\system32\DRIVERS\psched.sys
    F6DCF000 - \SystemRoot\system32\DRIVERS\msgpc.sys
    F7B7C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
    F7B84000 - \SystemRoot\system32\DRIVERS\raspti.sys
    F68E0000 - \SystemRoot\system32\DRIVERS\odysseyIM4.sys
    F7B8C000 - \SystemRoot\system32\DRIVERS\swivspnt.sys
    F6DBF000 - \SystemRoot\system32\DRIVERS\termdd.sys
    F7D9C000 - \SystemRoot\system32\DRIVERS\swenum.sys
    F6887000 - \SystemRoot\system32\DRIVERS\update.sys
    F7D54000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
    F79C4000 - \SystemRoot\system32\DRIVERS\tosporte.sys
    F79D4000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    ED064000 - \SystemRoot\system32\drivers\RtkHDAud.sys
    ED042000 - \SystemRoot\system32\drivers\portcls.sys
    F1189000 - \SystemRoot\system32\drivers\drmk.sys
    ECF6F000 - \SystemRoot\system32\DRIVERS\smserial.sys
    F1179000 - \SystemRoot\system32\DRIVERS\usbhub.sys
    F7E16000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F03B6000 - \SystemRoot\System32\Drivers\Null.SYS
    F7E18000 - \SystemRoot\System32\Drivers\Beep.SYS
    F1A61000 - \SystemRoot\System32\drivers\vga.sys
    F7E1A000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F7E1C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F1A59000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F1A51000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F1EAF000 - \SystemRoot\system32\DRIVERS\rasacd.sys
    ECF0A000 - \SystemRoot\system32\DRIVERS\ipsec.sys
    ECEB2000 - \SystemRoot\system32\DRIVERS\tcpip.sys
    ECE91000 - \SystemRoot\system32\DRIVERS\ipnat.sys
    F1169000 - \SystemRoot\System32\Drivers\aswTdi.SYS
    F1159000 - \SystemRoot\system32\DRIVERS\wanarp.sys
    ECE41000 - \SystemRoot\system32\DRIVERS\netbt.sys
    ECE1F000 - \SystemRoot\System32\drivers\afd.sys
    F1149000 - \SystemRoot\system32\DRIVERS\netbios.sys
    ECDF4000 - \SystemRoot\system32\DRIVERS\rdbss.sys
    ECD85000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
    F1440000 - \SystemRoot\System32\Drivers\Hotkey.SYS
    F1139000 - \SystemRoot\System32\Drivers\Fips.SYS
    ECD73000 - \SystemRoot\system32\DRIVERS\swumx00.sys
    ECD5D000 - \SystemRoot\System32\Drivers\aswSP.SYS
    F13B1000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
    F2862000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    ECC87000 - \SystemRoot\System32\Drivers\dump_iaStor.sys
    BF800000 - \SystemRoot\System32\win32k.sys
    F33C1000 - \SystemRoot\System32\drivers\Dxapi.sys
    F30ED000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    F43CA000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D5000 - \SystemRoot\System32\nv4_disp.dll
    F30BD000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
    EFBD4000 - \SystemRoot\system32\DRIVERS\AegisP.sys
    F7490000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
    BA5EA000 - \SystemRoot\System32\Drivers\aswMon2.SYS
    BA4CE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
    BA491000 - \SystemRoot\system32\drivers\wdmaud.sys
    F7974000 - \SystemRoot\system32\drivers\sysaudio.sys
    F7D6A000 - \SystemRoot\System32\Drivers\MASPINT.SYS
    BA3F4000 - \SystemRoot\system32\DRIVERS\srv.sys
    B9BB6000 - \SystemRoot\System32\Drivers\HTTP.sys
    B9BAA000 - \SystemRoot\System32\Drivers\aswRdr.SYS
    B6F2A000 - \SystemRoot\system32\DRIVERS\NETw3x32.sys
    F7ED0000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 126

    Liste des programmes installes

    Ad-Aware 2007
    Adobe Acrobat 5.0
    Adobe Flash Player ActiveX
    Adobe Photoshop CS
    Adobe Stock Photos 1.0
    Apple Mobile Device Support
    Apple Software Update
    Archiveur WinRAR
    Assistant de connexion Windows Live
    AutoUpdate
    avast! Antivirus
    Bluetooth Stack for Windows by Toshiba
    Borland Delphi 5
    CamStudio 2.0 Fr
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Correctif pour Windows Internet Explorer 7 (KB947864)
    Correctif pour Windows XP (KB896256)
    Correctif pour Windows XP (KB910728)
    Correctif pour Windows XP (KB914440)
    Correctif pour Windows XP (KB935448)
    Correctif Windows XP - KB873339
    Correctif Windows XP - KB883667
    Correctif Windows XP - KB885250
    Correctif Windows XP - KB885835
    Correctif Windows XP - KB885836
    Correctif Windows XP - KB886185
    Correctif Windows XP - KB887472
    Correctif Windows XP - KB888113
    Correctif Windows XP - KB888302
    Correctif Windows XP - KB889673
    Correctif Windows XP - KB890175
    Correctif Windows XP - KB890859
    Correctif Windows XP - KB891781
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    EasyPHP 1.8
    Fake Webcam 1.0
    Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
    Free Mp3 Wma Converter V 1.3.0
    High Definition Audio - KB888111
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    InterBase
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1
    Launch Manager V1.4.9
    Lecteur Windows Media 11
    Logiciel QuickCam de Logitech
    Logitech Print Service
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Macromedia Flash Player 8 Plugin
    Malwarebytes' Anti-Malware
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Language Pack - FRA
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft MSDN 2005 Express - FRA
    Microsoft MSDN 2005 Express Edition - FRA
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C# 2005 Express - FRA
    Microsoft Visual C# 2005 Express Edition - FRA
    MicroStaff WINASPI
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
    Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
    Mise à jour de sécurité pour Windows XP (KB890046)
    Mise à jour de sécurité pour Windows XP (KB893756)
    Mise à jour de sécurité pour Windows XP (KB896358)
    Mise à jour de sécurité pour Windows XP (KB896422)
    Mise à jour de sécurité pour Windows XP (KB896423)
    Mise à jour de sécurité pour Windows XP (KB896424)
    Mise à jour de sécurité pour Windows XP (KB896428)
    Mise à jour de sécurité pour Windows XP (KB896688)
    Mise à jour de sécurité pour Windows XP (KB899587)
    Mise à jour de sécurité pour Windows XP (KB899588)
    Mise à jour de sécurité pour Windows XP (KB899589)
    Mise à jour de sécurité pour Windows XP (KB899591)
    Mise à jour de sécurité pour Windows XP (KB900725)
    Mise à jour de sécurité pour Windows XP (KB901017)
    Mise à jour de sécurité pour Windows XP (KB901190)
    Mise à jour de sécurité pour Windows XP (KB901214)
    Mise à jour de sécurité pour Windows XP (KB902400)
    Mise à jour de sécurité pour Windows XP (KB904706)
    Mise à jour de sécurité pour Windows XP (KB905414)
    Mise à jour de sécurité pour Windows XP (KB905749)
    Mise à jour de sécurité pour Windows XP (KB908519)
    Mise à jour de sécurité pour Windows XP (KB911562)
    Mise à jour de sécurité pour Windows XP (KB911927)
    Mise à jour de sécurité pour Windows XP (KB913446)
    Mise à jour de sécurité pour Windows XP (KB913580)
    Mise à jour de sécurité pour Windows XP (KB914388)
    Mise à jour de sécurité pour Windows XP (KB914389)
    Mise à jour de sécurité pour Windows XP (KB917344)
    Mise à jour de sécurité pour Windows XP (KB917422)
    Mise à jour de sécurité pour Windows XP (KB917953)
    Mise à jour de sécurité pour Windows XP (KB918118)
    Mise à jour de sécurité pour Windows XP (KB918439)
    Mise à jour de sécurité pour Windows XP (KB919007)
    Mise à jour de sécurité pour Windows XP (KB920213)
    Mise à jour de sécurité pour Windows XP (KB920670)
    Mise à jour de sécurité pour Windows XP (KB920683)
    Mise à jour de sécurité pour Windows XP (KB920685)
    Mise à jour de sécurité pour Windows XP (KB921503)
    Mise à jour de sécurité pour Windows XP (KB922819)
    Mise à jour de sécurité pour Windows XP (KB923191)
    Mise à jour de sécurité pour Windows XP (KB923414)
    Mise à jour de sécurité pour Windows XP (KB923689)
    Mise à jour de sécurité pour Windows XP (KB923694)
    Mise à jour de sécurité pour Windows XP (KB923789)
    Mise à jour de sécurité pour Windows XP (KB923980)
    Mise à jour de sécurité pour Windows XP (KB924191)
    Mise à jour de sécurité pour Windows XP (KB924270)
    Mise à jour de sécurité pour Windows XP (KB924496)
    Mise à jour de sécurité pour Windows XP (KB924667)
    Mise à jour de sécurité pour Windows XP (KB925902)
    Mise à jour de sécurité pour Windows XP (KB926255)
    Mise à jour de sécurité pour Windows XP (KB926436)
    Mise à jour de sécurité pour Windows XP (KB927779)
    Mise à jour de sécurité pour Windows XP (KB927802)
    Mise à jour de sécurité pour Windows XP (KB928090)
    Mise à jour de sécurité pour Windows XP (KB928255)
    Mise à jour de sécurité pour Windows XP (KB928843)
    Mise à jour de sécurité pour Windows XP (KB929123)
    Mise à jour de sécurité pour Windows XP (KB930178)
    Mise à jour de sécurité pour Windows XP (KB931261)
    Mise à jour de sécurité pour Windows XP (KB931784)
    Mise à jour de sécurité pour Windows XP (KB932168)
    Mise à jour de sécurité pour Windows XP (KB933729)
    Mise à jour de sécurité pour Windows XP (KB935839)
    Mise à jour de sécurité pour Windows XP (KB935840)
    Mise à jour de sécurité pour Windows XP (KB936021)
    Mise à jour de sécurité pour Windows XP (KB938829)
    Mise à jour de sécurité pour Windows XP (KB941202)
    Mise à jour de sécurité pour Windows XP (KB941568)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB941644)
    Mise à jour de sécurité pour Windows XP (KB941693)
    Mise à jour de sécurité pour Windows XP (KB943055)
    Mise à jour de sécurité pour Windows XP (KB943460)
    Mise à jour de sécurité pour Windows XP (KB943485)
    Mise à jour de sécurité pour Windows XP (KB944653)
    Mise à jour de sécurité pour Windows XP (KB945553)
    Mise à jour de sécurité pour Windows XP (KB946026)
    Mise à jour de sécurité pour Windows XP (KB948590)
    Mise à jour de sécurité pour Windows XP (KB948881)
    Mise à jour pour Windows XP (KB898461)
    Mise à jour pour Windows XP (KB900485)
    Mise à jour pour Windows XP (KB904942)
    Mise à jour pour Windows XP (KB908531)
    Mise à jour pour Windows XP (KB910437)
    Mise à jour pour Windows XP (KB911280)
    Mise à jour pour Windows XP (KB912945)
    Mise à jour pour Windows XP (KB916595)
    Mise à jour pour Windows XP (KB920872)
    Mise à jour pour Windows XP (KB922582)
    Mise à jour pour Windows XP (KB927891)
    Mise à jour pour Windows XP (KB930916)
    Mise à jour pour Windows XP (KB931836)
    Mise à jour pour Windows XP (KB933360)
    Mise à jour pour Windows XP (KB936357)
    Mise à jour pour Windows XP (KB938828)
    Mise à jour pour Windows XP (KB942763)
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    Motorola SM56 Data Fax Modem
    Mozilla Firefox (2.0.0.14)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Nero Suite
    NVIDIA Drivers
    Odyssey Client for Fujitsu Siemens Computers
    Programme de gestion Camera de Logitech®
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Safari
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio
    Samsung PC Studio
    Samsung PC Studio 3 USB Driver Installer
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Shareaza version 2.2.5.0
    Sierra Wireless 3G Watcher
    Skype™ 3.5
    Spybot - Search & Destroy 1.4
    Synaptics Pointing Device Driver
    VideoLAN VLC media player 0.8.6c
    Vodafone 804SS USB driver Software
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11



    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 2875-C38F

    Répertoire de C:\Program Files

    11/05/2008 19:12 <REP> .
    11/05/2008 19:12 <REP> ..
    03/12/2007 13:34 <REP> Adobe
    15/04/2007 13:22 <REP> Ahead
    14/04/2007 01:16 <REP> Alwil Software
    16/04/2008 16:46 <REP> Apple Software Update
    09/05/2008 12:21 <REP> Ashampoo
    27/09/2007 12:19 <REP> Borland
    28/09/2007 16:47 <REP> CamStudio
    08/05/2008 18:38 <REP> CCleaner
    12/04/2007 22:54 <REP> ComPlus Applications
    27/09/2007 20:27 <REP> directx
    30/07/2007 12:10 <REP> DivX
    03/06/2007 17:35 <REP> EasyPHP1-8
    28/09/2007 16:47 <REP> Fake Webcam
    06/05/2008 17:05 <REP> Fichiers communs
    16/04/2007 20:47 <REP> Free Audio Pack
    17/09/2007 18:02 <REP> Fujitsu Siemens Computers
    08/05/2008 09:41 <REP> Grisoft
    27/05/2007 14:24 <REP> Intel
    27/09/2007 12:22 <REP> InterBase Corp
    09/04/2008 23:30 <REP> Internet Explorer
    09/04/2008 17:14 <REP> iPod
    15/11/2007 18:50 <REP> iPod(2)
    09/04/2008 17:14 <REP> iTunes
    15/11/2007 18:50 <REP> iTunes(2)
    01/04/2008 12:22 <REP> Java
    27/09/2007 20:26 <REP> Labtec
    06/05/2008 12:47 <REP> Launch Manager
    05/02/2008 10:41 <REP> Lavasoft
    18/10/2007 17:49 <REP> Logitech
    27/11/2007 17:48 <REP> Macromedia
    11/05/2008 19:12 <REP> Malwarebytes' Anti-Malware
    16/04/2007 20:39 <REP> MastaLine Software
    12/04/2007 22:54 <REP> Messenger
    06/04/2008 22:11 <REP> Messenger Plus! Live
    19/10/2007 03:00 <REP> Microsoft CAPICOM 2.1.0.2
    12/04/2007 23:02 <REP> microsoft frontpage
    14/04/2007 12:07 <REP> Microsoft Office
    17/11/2007 19:09 <REP> Microsoft SQL Server
    16/11/2007 17:57 <REP> Microsoft Visual Studio 8
    16/11/2007 18:00 <REP> Microsoft.NET
    12/04/2007 22:55 <REP> Movie Maker
    12/05/2008 17:52 <REP> Mozilla Firefox
    12/04/2007 22:53 <REP> MSN
    12/04/2007 22:54 <REP> MSN Gaming Zone
    09/06/2007 11:32 <REP> MSN Messenger
    12/07/2007 14:10 <REP> MSXML 4.0
    17/11/2007 19:02 <REP> MSXML 6.0
    12/04/2007 22:55 <REP> NetMeeting
    12/04/2007 22:54 <REP> Online Services
    13/06/2007 11:00 <REP> Outlook Express
    09/04/2008 17:13 <REP> QuickTime
    15/11/2007 18:50 <REP> QuickTime(2)
    11/07/2007 17:22 <REP> Real
    14/04/2007 00:52 <REP> Realtek
    08/05/2008 18:35 <REP> RegCleaner
    25/04/2008 23:19 <REP> Safari
    11/07/2007 16:28 <REP> Samsung
    12/04/2007 22:56 <REP> Services en ligne
    12/11/2007 19:57 <REP> Shareaza
    27/05/2007 14:09 <REP> Sierra Wireless Inc
    25/09/2007 16:46 <REP> Skype
    07/06/2007 09:53 <REP> Spybot - Search & Destroy
    14/04/2007 00:53 <REP> Synaptics
    15/04/2007 13:12 <REP> Toshiba
    17/05/2007 12:01 <REP> VideoLAN
    12/01/2008 22:59 <REP> WinamaxPoker
    20/01/2008 20:41 <REP> Windows Live
    03/02/2008 20:46 <REP> Windows Media Connect 2
    19/05/2007 12:06 <REP> Windows Media Player
    12/04/2007 22:53 <REP> Windows NT
    08/08/2007 16:55 <REP> WinRAR
    14/04/2007 01:50 <REP> WinZip
    12/04/2007 23:02 <REP> xerox
    0 fichier(s) 0 octets
    75 Rép(s) 40 048 369 664 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 2875-C38F

    Répertoire de C:\Program Files\fichiers communs

    06/05/2008 17:05 <REP> .
    06/05/2008 17:05 <REP> ..
    03/12/2007 13:36 <REP> Adobe
    03/12/2007 13:37 <REP> Adobe Systems Shared
    15/04/2007 13:20 <REP> Ahead
    01/07/2007 17:13 <REP> Apple
    27/09/2007 12:21 <REP> Borland Shared
    14/04/2007 12:07 <REP> DESIGNER
    18/10/2007 17:49 <REP> FotoWire
    17/09/2007 18:02 <REP> Funk Software
    27/11/2007 17:46 <REP> InstallShield
    12/04/2007 23:00 <REP> Java
    18/10/2007 17:47 <REP> Logitech
    27/11/2007 17:48 <REP> Macromedia
    20/01/2008 19:58 <REP> Microsoft Shared
    12/04/2007 22:55 <REP> MSSoap
    15/04/2007 13:22 <REP> Nero
    13/04/2007 00:48 <REP> ODBC
    11/07/2007 17:23 <REP> Real
    12/04/2007 22:55 <REP> Services
    25/09/2007 16:45 <REP> Skype
    13/04/2007 00:48 <REP> SpeechEngines
    13/06/2007 11:00 <REP> System
    06/05/2008 17:05 <REP> Wise Installation Wizard
    11/07/2007 17:23 <REP> xing shared
    0 fichier(s) 0 octets
    25 Rép(s) 40 048 365 568 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 2875-C38F

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    14/04/2007 12:07 <REP> .
    14/04/2007 12:07 <REP> ..
    14/04/2007 12:07 <REP> 1033
    14/04/2007 12:07 <REP> 1036
    11/07/2003 10:15 1 292 872 MSONSEXT.DLL
    15/07/2003 06:52 35 896 MSOSV.DLL
    03/06/1999 12:09 122 937 MSOWS409.DLL
    07/03/2001 07:00 127 033 MSOWS40c.DLL
    11/07/2003 02:25 80 448 PKMWS.DLL
    5 fichier(s) 1 659 186 octets
    4 Rép(s) 40 048 365 568 octets libres




    c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe
    c:\Documents and Settings\marc\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
    c:\Documents and Settings\marc\Application Data\U3\0700077A16AC05FA\cleanup.exe
    c:\Documents and Settings\marc\Application Data\U3\0700077A16AC05FA\Launchpad.exe
    c:\Documents and Settings\marc\Application Data\U3\0700077A16AC05FA\U3AccessGrant.exe
    c:\Documents and Settings\marc\Application Data\U3\temp\cleanup.exe
    c:\Documents and Settings\marc\Bureau\ashampoo_antispyware201_sm.exe
    c:\Documents and Settings\marc\Bureau\ComboFix.exe
    c:\Documents and Settings\marc\Bureau\mbam-setup.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix(2).exe
    c:\Documents and Settings\marc\Bureau\ToolsCleaner2.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\gzip.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\md5sums.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\sigcheck.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\marc\Bureau\DiagHelp\tar.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\404Fix.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\dumphive.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\exit.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\GenericRenosFix.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\HostsChk.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\IEDFix.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\Process.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\Reboot.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\restart.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\SmiUpdate.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\SrchSTS.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\swreg.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\swsc.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\swxcacls.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\UIFix.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\unzip.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\VACFix.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\VCCLSID.exe
    c:\Documents and Settings\marc\Bureau\SmitfraudFix\WS2Fix.exe
    c:\Documents and Settings\marc\Mes documents\vlc-0.8.5-freehd-win32.exe
    c:\Documents and Settings\marc\Mes documents\cours\algo\model.exe
    c:\Documents and Settings\marc\Mes documents\cours\algo\Moyenne.exe
    c:\Documents and Settings\marc\Mes documents\cours\algo\moyenne3.exe
    c:\Documents and Settings\marc\Mes documents\cours\algo\Project1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\ajout date\ajoutdate2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Algo sup\Ex1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\boucle\moyenne2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\BTS blanc\calnbmo.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\BTS blanc\Datepreced.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\clients\Clients.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\exo proc\exo1_V1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\exo proc\exo1_V2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\exo proc\exo2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\exo proc\exo3.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\exo proc\exo4.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\exo proc\exo5.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\feuille n°2\exo5_2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\feuille n°2\exo5V2_2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\feuille n°2\exo5V3_2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\feuille n°2\Exo6cas_2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Feuille n°3\Exo1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Feuille n°3\Exo2.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Feuille n°3\Exo3.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Feuille n°3\Exo3_if.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Feuille n°3\exo4_for.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Feuille n°3\exo4_while.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\fichier\fichier.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\loto\loto.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\Model\model.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\morse\morse.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\morse\morse 2\Project1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\morse 2\Project1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\mot\mots.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\mot\mots_proc.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\moyenne bac\Moybac.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\pendu\pendu.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\pour etudiants 10 avril08(2)\facture.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\algo\tableau note\Tableau_note.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\AP\Evenement\article.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\AP\GestionParcInfo\GestionParcInfo.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\Ricaud\chat.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\Ricaud\ip\adressage_ip.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\Ricaud\pendu\Project1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\Ricaud\prog evenementiel - Ricaud\Project1.exe
    c:\Documents and Settings\marc\Mes documents\cours\Marc\Ricaud\prog evenementiel - Ricaud\TRON\Project1.exe
    c:\Documents and Settings\marc\Mes documents\Programme\a2AntiMalwareSetup.exe
    c:\Documents and Settings\marc\Mes documents\Programme\aawsepersonal.exe
    c:\Documents and Settings\marc\Mes documents\Programme\ccsetup202.exe
    c:\Documents and Settings\marc\Mes documents\Programme\DivXPlay.exe
    c:\Documents and Settings\marc\Mes documents\Programme\Downloader_for_Visual_C__2005_Express_Edition.exe
    c:\Documents and Settings\marc\Mes documents\Programme\easyphp1-8_setup.exe
    c:\Documents and Settings\marc\Mes documents\Programme\fakwebcam(www.MsnTrucAstuce.fr).exe
    c:\Documents and Settings\marc\Mes documents\Programme\Firefox Setup 2.0.0.11.exe
    c:\Documents and Settings\marc\Mes documents\Programme\Lavasoft_Adaware2007_fr.exe
    c:\Documents and Settings\marc\Mes documents\Programme\MsgPlusLive-420.exe
    c:\Documents and Settings\marc\Mes documents\Programme\MsgPlusLive-450.exe
    c:\Documents and Settings\marc\Mes documents\Programme\pllangs.exe
    c:\Documents and Settings\marc\Mes documents\Programme\QuickTimeInstaller.exe
    c:\Documents and Settings\marc\Mes documents\Programme\Setup_FreeConverter.exe
    c:\Documents and Settings\marc\Mes documents\Programme\Shareaza_2.2.5.0.exe
    c:\Documents and Settings\marc\Mes documents\Programme\spybotsd14.exe
    c:\Documents and Settings\marc\Mes documents\Programme\ssftrialsnrsetup1_28367584.exe
    c:\Documents and Settings\marc\Mes documents\Programme\WINSOS.EXE
    c:\Documents and Settings\marc\Mes documents\Programme\WLinstaller.exe
    c:\Documents and Settings\marc\Mes documents\Programme\wmp11-windowsxp-x86-FR-FR.exe
    c:\Documents and Settings\marc\Mes documents\Programme\wrar362fr.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\autorun.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\DeleteTemp.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\DW20.EXE
    c:\Documents and Settings\marc\Mes documents\Programme\C#\Ixpvcs.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\RebootStub.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\setup.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\wcu\dotNetFramework\dotnetfx.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\wcu\dotNetFramework\langpack.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\wcu\dotNetFramework\x64\langpack.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\wcu\dotNetFramework\x64\NetFx64.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\wcu\MSDNExpress\msdnixp.exe
    c:\Documents and Settings\marc\Mes documents\Programme\C#\wcu\RDBG\x64\expdbgsetup.exe
    c:\Documents and Settings\marc\Mes documents\Programme\photoshop\cs\setup.exe
    c:\Documents and Settings\marc\Mes documents\Vrac\Raquette\Project1.exe
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    c:\Documents and Settings\marc\Application Data\U3\0700077A16AC05FA\PPE.dll
    c:\Documents and Settings\marc\Application Data\U3\0700077A16AC05FA\u3dapi10.dll
    c:\Documents and Settings\marc\Local Settings\Application Data\Macromedia\Flash 8\fr\Configuration\External Libraries\FLfile.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_MARC-7AB3288C11.tar.gz a l'adresse http://upload.malekal.com
    13 Mai 2008 21:27:26

    Re,

    Apparemment propre :D 

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.
    13 Mai 2008 23:33:50

    Voici le rapport de kaspersky, aparrement pas aussi propre que sa !

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, May 13, 2008 11:32:10 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 13/05/2008
    Kaspersky Anti-Virus database records: 770742
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 84772
    Number of viruses found: 3
    Number of infected objects: 22
    Number of suspicious objects: 0
    Duration of the scan process: 01:22:34

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\marc\Application Data\Sierra Wireless\Logs\SwiCardDetect.txt Object is locked skipped
    C:\Documents and Settings\marc\Bureau\SmitfraudFix\IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\Documents and Settings\marc\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\marc\Bureau\SmitfraudFix(2).exe/SmitfraudFix/IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\Documents and Settings\marc\Bureau\SmitfraudFix(2).exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\marc\Bureau\SmitfraudFix(2).exe RAR: infected - 2 skipped
    C:\Documents and Settings\marc\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Temp\~DF9B55.tmp Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Temp\~DF9E13.tmp Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Temp\~DFCDD4.tmp Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Temp\~DFCDFD.tmp Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\1HZTMM68\p_1153875144=0&[7].htm Object is locked skipped
    C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\marc\ntuser.dat Object is locked skipped
    C:\Documents and Settings\marc\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\temp\Perflib_Perfdata_7d8.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswAr.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_179.trc Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP390\A0045374.dll Infected: Trojan.Win32.Agent.jqa skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP413\A0047215.exe/file10 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP413\A0047215.exe Inno: infected - 1 skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP416\A0048920.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP416\A0048922.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP417\A0049274.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP417\A0049274.exe RAR: infected - 1 skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP417\A0049402.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP417\A0049404.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP417\A0049436.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP417\A0049438.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{D85A1D74-3376-48D3-A064-2CAE83C8D01B}\RP421\change.log Object is locked skipped
    C:\upload_moi_MARC-7AB3288C11.tar.gz/upload_moi.tar/WINDOWS/System32/IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\upload_moi_MARC-7AB3288C11.tar.gz/upload_moi.tar/WINDOWS/System32/404Fix.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\upload_moi_MARC-7AB3288C11.tar.gz/upload_moi.tar Infected: Constructor.Win32.Binder.bn skipped
    C:\upload_moi_MARC-7AB3288C11.tar.gz GZIP: infected - 3 skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\404Fix.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\TEMP\Perflib_Perfdata_544.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
    13 Mai 2008 23:37:35

    Et voici le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:36:03, on 13/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
    C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\marc\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: vnbptxlf - {3AB99368-48AF-4A01-B845-2904204948B5} - C:\WINDOWS\vnbptxlf.dll (file missing)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
    O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
    O4 - HKLM\..\Run: [PCShowBuzz] C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [KMZNMRO1A0] C:\Documents and Settings\All Users\Application Data\bofivovi\zspejcjc.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\marc\Mes documents\Programme\Nouveau dossier\aircrack-ng-0.9-win\bin\wzcook.exe (file missing)

    --
    End of file - 10364 bytes
    14 Mai 2008 16:26:16

    J'ai enfin réussi a faire remarcher combofix, voila le rapport :

    ComboFix 08-05-12.1 - marc 2008-05-14 13:10:20.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.353 [GMT 2:00]
    Endroit: C:\Documents and Settings\marc\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_poof


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-13 21:39 . 2008-05-13 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-05-11 19:12 . 2008-05-11 19:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-11 19:12 . 2008-05-11 19:12 <REP> d-------- C:\Documents and Settings\marc\Application Data\Malwarebytes
    2008-05-11 19:12 . 2008-05-11 19:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-11 19:12 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-11 19:12 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-11 14:10 . 2008-05-11 20:10 <REP> d-------- C:\WINDOWS\ERUNT
    2008-05-11 13:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-05-11 13:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-05-11 13:41 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-05-11 13:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-05-11 13:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-11 13:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-05-11 13:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-05-11 00:06 . 2008-05-11 00:06 244 --ah----- C:\sqmnoopt06.sqm
    2008-05-11 00:06 . 2008-05-11 00:06 232 --ah----- C:\sqmdata06.sqm
    2008-05-09 12:21 . 2008-05-09 12:21 <REP> d-------- C:\Program Files\Ashampoo
    2008-05-08 18:38 . 2008-05-08 18:38 <REP> d-------- C:\Program Files\CCleaner
    2008-05-08 18:31 . 2008-05-08 18:35 <REP> d-------- C:\Program Files\RegCleaner
    2008-05-08 09:41 . 2008-05-08 09:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-05-07 13:01 . 2008-05-08 14:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-07 13:01 . 2008-05-07 13:01 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-07 00:13 . 2008-05-07 00:13 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-06 17:05 . 2008-05-06 17:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-05-05 23:56 . 2008-05-11 00:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\bofivovi

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-08 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-08 14:56 --------- d-----w C:\Documents and Settings\marc\Application Data\Skype
    2008-05-06 10:47 --------- d-----w C:\Program Files\Launch Manager
    2008-04-25 21:19 --------- d-----w C:\Program Files\Safari
    2008-04-16 14:46 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-09 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\xmpqpyvk
    2008-04-09 15:14 --------- d-----w C:\Program Files\iTunes
    2008-04-09 15:14 --------- d-----w C:\Program Files\iPod
    2008-04-09 15:13 --------- d-----w C:\Program Files\QuickTime
    2008-04-06 20:11 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-01 10:22 --------- d-----w C:\Program Files\Java
    2008-03-19 21:04 --------- d-----w C:\Documents and Settings\marc\Application Data\Apple Computer
    2007-07-13 02:06 34,080 --sha-w C:\WINDOWS\fidbox.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3AB99368-48AF-4A01-B845-2904204948B5}"= "C:\WINDOWS\vnbptxlf.dll" [ ]

    [HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]
    [HKEY_CLASSES_ROOT\vnbptxlf.1]
    [HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]
    [HKEY_CLASSES_ROOT\vnbptxlf]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-01-20 20:42 5724184]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2007-11-28 00:54 196608]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-05 14:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
    "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-09-04 15:44 65536]
    "LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [2008-05-06 12:47 0]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2008-05-06 12:47 0]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-09-13 18:23 86016]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-05 14:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-01 19:10 16049664 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2007-11-28 00:54 2879488 C:\WINDOWS\SkyTel.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2007-11-28 00:54 53248]
    "SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 15:16 761946]
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2008-05-06 12:47 0]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 15:14 1015871]
    "AirCardEnabler"="" []
    "WatcherHelper"="C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2006-12-16 14:47 95776]
    "PCShowBuzz"="C:\Program Files\inKline Global\PCShowBuzz\PCShowBuzz.exe" [ ]
    "nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2007-11-28 00:54 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 14:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 14:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "KMZNMRO1A0"= C:\Documents and Settings\All Users\Application Data\bofivovi\zspejcjc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
    odyEvent.dll 2007-05-27 14:33 106496 C:\WINDOWS\system32\odyEvent.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
    R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52]
    R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-10-12 09:49]
    R3 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);C:\WINDOWS\system32\DRIVERS\swumx00.sys [2007-01-12 10:29]
    S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
    S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-03 21:53]
    S3 SWNC8U00;Sierra Wireless MUX NDIS Driver (UMTS00);C:\WINDOWS\system32\DRIVERS\SWNC8U00.sys [2007-01-12 13:26]
    S3 WZCOOK;WEP/WPA-PMK key recovery service;"C:\Documents and Settings\marc\Mes documents\Programme\Nouveau dossier\aircrack-ng-0.9-win\bin\wzcook.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20cd71bc-a329-11dc-881d-0018de36c34a}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-09 13:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-14 13:14:36
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-14 13:26:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-14 11:26:01

    Pre-Run: 33,670,856,704 octets libres
    Post-Run: 34,106,032,128 octets libres

    177 --- E O F --- 2008-04-12 09:17:12
    14 Mai 2008 16:38:11

    Re,

    Pour le scan Kas, c'est rien, la restauration, des faux positifs ..

    Sélectionne l'intégralité du cadre ci-dessous :

    Driver::
    WZCOOK

    Folder::
    C:\Documents and Settings\All Users\Application Data\bofivovi
    C:\Documents and Settings\All Users\Application Data\xmpqpyvk

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3AB99368-48AF-4A01-B845-2904204948B5}"=-
    [-HKEY_CLASSES_ROOT\clsid\{3ab99368-48af-4a01-b845-2904204948b5}]
    [-HKEY_CLASSES_ROOT\vnbptxlf.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{E814C71C-7BB7-4FBE-8E61-8047F0956BF1}]
    [-HKEY_CLASSES_ROOT\vnbptxlf]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "KMZNMRO1A0"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=-
    "SkyTel"=-
    "NeroFilterCheck"=-
    "AirCardEnabler"=-
    "WatcherHelper"=-
    "PCShowBuzz"=-
    "LVCOMSX"=-
    "LogitechVideoRepair"=-
    "LogitechVideoTray"=-
    "QuickTime Task"=-
    "iTunesHelper"=-


    Cela va relancer Combofix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    14 Mai 2008 21:46:20

    Action effectuée, voila le rapport combofix :

    ComboFix 08-05-12.1 - marc 2008-05-14 21:25:07.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.442 [GMT 2:00]
    Endroit: C:\Documents and Settings\marc\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\marc\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\bofivovi
    C:\Documents and Settings\All Users\Application Data\xmpqpyvk

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_WZCOOK
    -------\Service_WZCOOK


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-14 16:40 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2008-05-13 21:39 . 2008-05-13 21:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-05-11 19:12 . 2008-05-11 19:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-11 19:12 . 2008-05-11 19:12 <REP> d-------- C:\Documents and Settings\marc\Application Data\Malwarebytes
    2008-05-11 19:12 . 2008-05-11 19:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-11 19:12 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-11 19:12 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-11 14:10 . 2008-05-11 20:10 <REP> d-------- C:\WINDOWS\ERUNT
    2008-05-11 13:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-05-11 13:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-05-11 13:41 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-05-11 13:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-05-11 13:41 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-05-11 13:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-05-11 13:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-05-11 00:06 . 2008-05-11 00:06 244 --ah----- C:\sqmnoopt06.sqm
    2008-05-11 00:06 . 2008-05-11 00:06 232 --ah----- C:\sqmdata06.sqm
    2008-05-09 12:21 . 2008-05-09 12:21 <REP> d-------- C:\Program Files\Ashampoo
    2008-05-08 18:38 . 2008-05-08 18:38 <REP> d-------- C:\Program Files\CCleaner
    2008-05-08 18:31 . 2008-05-08 18:35 <REP> d-------- C:\Program Files\RegCleaner
    2008-05-08 09:41 . 2008-05-08 09:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-05-07 13:01 . 2008-05-08 14:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-05-07 13:01 . 2008-05-07 13:01 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-05-07 00:13 . 2008-05-07 00:13 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-05-06 17:05 . 2008-05-06 17:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-08 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-08 14:56 --------- d-----w C:\Documents and Settings\marc\Application Data\Skype
    2008-05-06 10:47 --------- d-----w C:\Program Files\Launch Manager
    2008-04-25 21:19 --------- d-----w C:\Program Files\Safari
    2008-04-16 14:46 --------- d-----w C:\Program Files\Apple Software Update
    2008-04-09 15:14 --------- d-----w C:\Program Files\iTunes
    2008-04-09 15:14 --------- d-----w C:\Program Files\iPod
    2008-04-09 15:13 --------- d-----w C:\Program Files\QuickTime
    2008-04-06 20:11 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-01 10:22 --------- d-----w C:\Program Files\Java
    2008-03-19 21:04 --------- d-----w C:\Documents and Settings\marc\Application Data\Apple Computer
    2007-07-13 02:06 34,080 --sha-w C:\WINDOWS\fidbox.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-14_13.25.50.23 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-14 11:13:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-14 19:32:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-04-09 21:30:36 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    + 2008-05-14 15:25:31 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
    - 2008-04-09 21:30:36 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2008-05-14 15:25:31 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    - 2008-04-09 21:30:36 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    + 2008-05-14 15:25:31 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
    - 2008-04-09 21:30:36 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    + 2008-05-14 15:25:31 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2008-04-09 21:30:36 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2008-05-14 15:25:31 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2008-04-09 21:30:36 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    + 2008-05-14 15:25:31 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2008-04-09 21:30:36 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2008-05-14 15:25:31 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2008-04-09 21:30:36 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2008-05-14 15:25:31 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2008-04-09 21:30:36 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2008-05-14 15:25:31 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
    - 2008-04-09 21:30:36 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    + 2008-05-14 15:25:31 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
    - 2008-04-09 21:30:36 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2008-05-14 15:25:31 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2008-04-09 21:30:36 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    + 2008-05-14 15:25:31 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2008-04-09 21:30:36 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2008-05-14 15:25:31 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    - 2004-08-05 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
    - 2004-08-05 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
    - 2004-08-05 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
    - 2004-08-05 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
    - 2004-08-05 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
    - 2004-08-05 12:00:00 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    + 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    - 2004-08-05 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
    - 2004-08-05 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
    - 2004-08-05 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
    - 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
    - 2004-08-05 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
    - 2004-08-05 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
    - 2004-08-05 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
    - 2004-08-05 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
    - 2004-08-05 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
    - 2004-08-05 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    + 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    - 2004-08-05 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
    - 2004-08-05 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
    + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
    - 2004-08-05 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
    + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
    - 2004-08-05 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
    + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
    - 2004-08-05 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
    - 2004-08-05 12:00:00 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll
    + 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    - 2004-08-05 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
    + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
    - 2004-08-05 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
    + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
    - 2004-08-05 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
    + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
    - 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
    + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
    - 2004-08-05 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
    - 2004-08-05 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
    - 2004-08-05 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
    + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
    - 2004-08-05 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
    + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
    - 2004-08-05 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
    + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
    - 2004-08-05 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
    + 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    - 2004-08-05 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
    + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
    + 2008-05-14 19:32:25 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_3f8.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-01-20 20:42 5724184]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="rundll32.exe" [2004-08-05 14:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
    "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-09-04 15:44 65536]
    "LMgrVolOSD"="C:\Program Files\Launch Manager\OSD.exe" [2008-05-06 12:47 0]
    "LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2008-05-06 12:47 0]
    "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-09-13 18:23 86016]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-05 14:00 33792 C:\WINDOWS\system32\rundll32.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2007-11-28 00:54 53248]
    "SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 15:16 761946]
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2008-05-06 12:47 0]
    "OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2005-05-18 15:14 1015871]
    "nwiz"="nwiz.exe" [2006-07-20 20:58 1519616 C:\WINDOWS\system32\nwiz.exe]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 14:00 44032]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 14:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00 455168]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Shareaza\\Shareaza.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 SQLWriter;Enregistreur VSS SQL Server;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
    R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2005-05-18 13:52]
    R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-10-12 09:49]
    R3 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);C:\WINDOWS\system32\DRIVERS\swumx00.sys [2007-01-12 10:29]
    S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys []
    S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 10:38]
    S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-03 21:53]
    S3 SWNC8U00;Sierra Wireless MUX NDIS Driver (UMTS00);C:\WINDOWS\system32\DRIVERS\SWNC8U00.sys [2007-01-12 13:26]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20cd71bc-a329-11dc-881d-0018de36c34a}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-05-09 13:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-14 21:32:54
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-14 21:43:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-14 19:43:52
    ComboFix2.txt 2008-05-14 11:26:06

    Pre-Run: 33,033,846,784 octets libres
    Post-Run: 33,605,943,296 octets libres

    254 --- E O F --- 2008-05-14 15:25:33
    15 Mai 2008 10:44:26

    C'est mieux ?

    Télécharge Clean (de Malekal) sur ton Bureau.

  • Dézippe le sur ton Bureau. Double-clic sur le dossier Clean qui vient d'apparaître.
  • Double-clic sur Clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
  • Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
  • Poste le rapport qui se trouve ici : C:\rapport_clean.txt

    Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

    Aide : Comment utiliser Clean.
    15 Mai 2008 12:01:04

    voila le rapport :

    15/05/2008 a 11:59:32,71

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !


    Aparement tout est c propre, merci beaucoup
    15 Mai 2008 12:29:57

    Reposte un HIjackThis ;) 
    15 Mai 2008 12:53:05

    Le voila :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:49:19, on 15/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\LVComsX.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\marc\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

    --
    End of file - 9065 bytes
    15 Mai 2008 13:49:18

    Apparemment propre.

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!
  • Ad-Aware

    - Poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK

    Tu recocheras après.

    Puis supprime les dossiers correspondants :
  • Dans Programfiles
  • Dans Programfiles\Fichiers communs
  • Dans %allusersprofile%\application data
    ( XP -> C:\Documents and Settings\All users\Application Data,
    Vista -> C:\Users\ton nom\appdata\roaming)
  • Etc ... (Tu peux rechercher les dossiers à supprimer par une recherche Windows [Démarrer\rechercher])

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    16 Mai 2008 00:17:58



    Avira AntiVir Personal
    Report file date: jeudi 15 mai 2008 23:31

    Scanning for 1274495 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: marc
    Computer name: MARC-7AB3288C11

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 21:28:37
    ANTIVIR3.VDF : 7.0.4.46 307712 Bytes 15/05/2008 21:28:46
    Engineversion : 8.1.0.46
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.33 266618 Bytes 15/05/2008 21:29:39
    AESCN.DLL : 8.1.0.18 119156 Bytes 15/05/2008 21:29:35
    AERDL.DLL : 8.1.0.20 418165 Bytes 15/05/2008 21:29:32
    AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 21:29:26
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 15/05/2008 21:29:18
    AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 21:29:14
    AEHELP.DLL : 8.1.0.14 115063 Bytes 15/05/2008 21:29:00
    AEGEN.DLL : 8.1.0.21 303477 Bytes 15/05/2008 21:28:58
    AEEMU.DLL : 8.1.0.6 430451 Bytes 15/05/2008 21:28:54
    AECORE.DLL : 8.1.0.29 168311 Bytes 15/05/2008 21:28:49
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 15 mai 2008 23:31

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
    Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'OdTray.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
    Scan process 'WButton.exe' - '1' Module(s) have been scanned
    Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
    Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
    Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'odClientService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    45 processes with 45 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '34' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\marc\Bureau\SmitfraudFix(2).exe
    [DETECTION] Contains detection pattern of the dropper DR/Binder.BN
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: vendredi 16 mai 2008 00:06
    Used time: 35:22 min

    The scan has been done completely.

    7530 Scanning directories
    274019 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    274018 Files not concerned
    1567 Archives were scanned
    2 Warnings
    1 Notes

    16 Mai 2008 07:10:21

    Bien, reposte un nouveau rapport HijackThis ;) 
    16 Mai 2008 12:59:40

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:58:07, on 16/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Documents and Settings\marc\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe

    --
    End of file - 8600 bytes
    16 Mai 2008 17:46:33

    Re,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    Plus de dysfonctionnements ?
    17 Mai 2008 04:26:09

    Oui merci beaucoup pour tout !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS