Votre question

Worm.win32.Netbooster

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Mai 2008 12:27:39

bonjour, je suis infecté avec pas mal de trucs, du genre:
-Worm.Win32.Netbooster
-Troja.Vundo.DVS
-Trojan.Downloader.VBS
-"Warning:Spyware threat has been detected on your PC"


Est ce que quelqu'un pourrait m'aider?? je vous remercie d'avance

Autres pages sur : worm win32 netbooster

Anonyme
2 Mai 2008 18:06:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:33, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Seekmo\bin\10.0.370.0\OEAddOn.exe
C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Seekmo\bin\10.0.370.0\Srv.exe
C:\Program Files\vipantispyware\vipantispyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Seekmo /fleok=1D8A83A5C5E5107B9BAF6A2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.370.0\HostIE.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: DVA First - {F2FB4BB4-4C80-4AEE-8B59-F146B08F6193} - C:\WINDOWS\gndarmblldk.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Seekmo - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Seekmo\bin\10.0.370.0\HostIE.dll
O3 - Toolbar: wxdbpfvo - {3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B} - C:\WINDOWS\wxdbpfvo.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\Gabriel Tourgis\Mes documents\setup_fr.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [e©ùýùñûï×óÎÃøøíøôÇÊýòñûëÞó] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [51974648258580045896941727702284] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [vipantispyware] C:\Program Files\vipantispyware\vipantispyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: *.cercoporno.com
O15 - Trusted Zone: *.eros-porno.com
O15 - Trusted Zone: *.otherchance.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O21 - SSODL: qadovnel - {59677C15-16F7-4EA2-86A6-FC2D37C4C23D} - C:\WINDOWS\qadovnel.dll
O21 - SSODL: bdkpfxqw - {D23D7A70-8C66-4A98-A99D-9E95F639D719} - C:\WINDOWS\bdkpfxqw.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 13040 bytes
Contenus similaires
Pas de réponse à votre question ? Demandez !
Anonyme
2 Mai 2008 18:13:45

J'ai le virus Worm.Win32.Netbooster et j'ai donc utiliser HijackThis. J'ai ensuite poster le rapport, mais que dois-je faire après?
a b 8 Sécurité
2 Mai 2008 19:35:49

Patiente un peu :) 

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    3 Mai 2008 13:58:17

    re bonjour, donc voici mon rapport hijackthis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:31, on 02/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\WINDOWS\system32\slserv.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\tgtstyxo.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Propriétaire.AMELBENT\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: wxdbpfvo - {C3169036-557E-45E1-840F-C845DC406C55} - C:\WINDOWS\wxdbpfvo.dll
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
    O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKLM\..\Policies\Explorer\Run: [EVlKG4hX8a] C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_a...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6...
    O21 - SSODL: qadovnel - {B23A4527-332D-4AC8-BC83-708741DD255E} - C:\WINDOWS\qadovnel.dll
    O21 - SSODL: bdkpfxqw - {8B7E81BA-53A4-4330-BF4B-AFD11D19B0E0} - C:\WINDOWS\bdkpfxqw.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 8693 bytes
    a b 8 Sécurité
    3 Mai 2008 14:11:26

    Merci de créer ton propre sujet :) 
    3 Mai 2008 14:17:37

    c moi qui l'ai creer, c l autre qui c'est trompé, je suis un peu dégouter d'ailleurs!!!! Verifie si tu me crois pas. merci
    a b 8 Sécurité
    3 Mai 2008 14:18:24

    Au temps pour moi, désolé.

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    3 Mai 2008 14:54:37

    voila le rapport combofix

    ComboFix 08-05-01.3 - Propriétaire 2008-05-03 14:46:53.8 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.638 [GMT 2:00]
    Endroit: C:\Documents and Settings\Propriétaire.AMELBENT\Bureau\ComboFix.exe
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-03 14:41 . 2008-05-03 14:41 <REP> d-------- C:\Documents and Settings\PropriÚtaire.AMELBENT
    2008-05-03 14:41 . 2008-05-03 14:41 <REP> d-------- C:\Documents and Settings\HervÚ
    2008-05-02 12:49 . 2008-05-02 12:49 90,112 --a------ C:\WINDOWS\system32\dclenuzu.exe
    2008-05-02 02:30 . 2008-05-02 02:30 <REP> d-------- C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\TmpRecentIcons
    2008-05-02 01:08 . 2008-05-03 14:43 <REP> d-------- C:\Program Files\Trojan Remover
    2008-05-02 01:00 . 2008-05-02 01:00 96,320 --a------ C:\WINDOWS\system32\nhyptbdy.dll.ren
    2008-05-02 00:48 . 2008-05-02 00:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq
    2008-05-02 00:47 . 2008-04-30 18:19 258,048 --a------ C:\WINDOWS\gndarmblsnv.dll
    2008-05-01 21:49 . 2008-05-01 21:49 <REP> d-------- C:\Program Files\LucasArts
    2008-04-30 13:59 . 2008-04-30 13:59 <REP> d-------- C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\ItsLabel
    2008-04-29 13:17 . 2008-05-01 22:24 <REP> d-------- C:\Downloads
    2008-04-29 13:13 . 2008-04-29 20:46 <REP> d-------- C:\Program Files\BitSpirit
    2008-04-29 13:05 . 2008-04-29 13:05 684 --a------ C:\WINDOWS\mozver.dat
    2008-04-28 17:51 . 2008-04-28 17:51 <REP> d-------- C:\Program Files\MSBuild
    2008-04-28 17:48 . 2008-04-28 17:48 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-28 17:44 . 2008-04-28 17:44 <REP> d-------- C:\WINDOWS\system32\URTTEMP
    2008-04-28 17:10 . 2008-04-28 17:28 <REP> d-------- C:\74fc8f5e940e438bc33db032a0
    2008-04-28 17:07 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-28 17:07 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-28 17:07 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-28 17:07 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-28 17:07 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-28 17:07 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-28 17:07 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-28 17:07 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-28 17:07 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-28 15:51 . 2008-04-28 15:51 <REP> d-------- C:\WINDOWS\system32\Atheros_L1
    2008-04-28 15:51 . 2007-11-01 02:56 36,864 -ra------ C:\WINDOWS\system32\drivers\l151x86.sys
    2008-04-28 15:50 . 2008-04-28 15:50 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-04-28 15:50 . 2008-04-28 15:50 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-04-28 15:47 . 2008-04-28 15:47 <REP> d-------- C:\WINDOWS\system32\RTCOM
    2008-04-28 15:47 . 2008-04-28 15:47 <REP> d-------- C:\WINDOWS\ASUSInstAll
    2008-04-28 15:47 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
    2008-04-28 15:45 . 2007-10-25 05:57 16,855,552 -r------- C:\WINDOWS\RTHDCPL.exe
    2008-04-28 15:45 . 2007-06-28 10:44 2,165,760 -r------- C:\WINDOWS\MicCal.exe
    2008-04-28 15:45 . 2007-10-11 05:04 1,826,816 -r------- C:\WINDOWS\SkyTel.exe
    2008-04-28 15:45 . 2007-07-26 12:06 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe
    2008-04-28 15:45 . 2006-08-18 00:58 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl
    2008-04-28 15:44 . 2008-04-28 15:44 <REP> d-------- C:\Program Files\Realtek
    2008-04-28 15:44 . 2007-07-26 11:09 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-04-28 15:44 . 2008-04-28 15:44 315,392 --a------ C:\WINDOWS\HideWin.exe
    2008-04-28 15:43 . 2008-04-28 15:43 <REP> d-------- C:\Program Files\Intel
    2008-04-28 15:42 . 2008-04-28 15:42 <REP> d-------- C:\Intel
    2008-04-28 15:40 . 2007-08-01 05:39 12,536 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2008-04-28 15:40 . 2008-04-28 15:47 11,025 --a------ C:\WINDOWS\Ascd_log.ini
    2008-04-28 15:40 . 2008-04-28 15:40 10,802 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-04-28 15:40 . 2004-08-13 12:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
    2008-04-28 15:34 . 2008-04-28 15:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
    2008-04-28 14:48 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-04-28 14:47 . 2004-08-05 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-04-28 14:45 . 2008-04-28 14:45 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-04-28 14:37 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
    2008-04-28 14:34 . 2004-08-04 00:54 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
    2008-04-28 14:34 . 2004-08-04 00:55 56,832 --a------ C:\WINDOWS\system32\MSDvbNP.ax
    2008-04-28 14:34 . 2004-08-04 00:55 33,280 --a------ C:\WINDOWS\system32\PsisRndr.ax
    2008-04-28 14:34 . 2004-08-04 00:55 18,432 --a------ C:\WINDOWS\system32\BdaPlgIn.ax
    2008-04-28 14:34 . 2004-08-03 23:10 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
    2008-04-28 14:28 . 2008-04-28 17:10 1,065,935 --a------ C:\WINDOWS\setupapi.log.1.old
    2008-04-08 00:55 . 2008-04-08 01:00 8,192 --a------ C:\WINDOWS\system32\edb.chk
    2008-04-08 00:44 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
    2008-04-08 00:31 . 2004-08-05 15:00 1,086,058 -ra------ C:\WINDOWS\SETE6.tmp
    2008-04-08 00:31 . 2004-08-05 15:00 1,014,836 -ra------ C:\WINDOWS\SETE3.tmp
    2008-04-08 00:31 . 2004-08-05 15:00 14,043 -ra------ C:\WINDOWS\SETF2.tmp
    2008-04-08 00:31 . 2008-04-08 00:31 34 --a------ C:\WINDOWS\system\oeminfo.ini
    2008-04-07 21:21 . 2007-08-08 22:12 216 --ahs---- C:\BOOT.BKK
    2008-04-07 21:14 . 2008-03-22 01:00 93,572 --a------ C:\WINDOWS\380.jpg
    2008-04-07 21:09 . 2008-04-07 21:09 <REP> d-------- C:\Program Files\TGTSoft
    2008-04-07 20:49 . 2008-05-01 15:27 1,072,979,968 --a------ C:\WINDOWS\MEMORY.DMP
    2008-04-06 23:40 . 2008-04-07 14:27 2,215 --a------ C:\rollback.ini
    2008-04-06 00:07 . 2008-04-06 03:26 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
    2008-04-06 00:06 . 2008-04-07 14:18 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-06 00:05 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-04 19:12 . 2008-04-04 19:12 <REP> d-------- C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Bitdefender
    2008-04-04 19:01 . 2008-04-04 19:01 <REP> d-------- C:\Program Files\Softwin
    2008-04-04 18:49 . 2008-04-04 18:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-03 12:44 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-05-03 12:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-03 12:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-05-03 12:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2008-05-02 10:53 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-05-01 17:14 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-01 14:02 --------- d-----w C:\Program Files\DivX
    2008-05-01 13:59 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\DivX
    2008-04-29 18:22 --------- d-----w C:\Program Files\EoRezo
    2008-04-29 09:55 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
    2008-04-28 16:57 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-04-28 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-06 18:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2008-04-05 13:13 90,112 ----a-w C:\WINDOWS\DUMP5c77.tmp
    2008-04-05 12:45 90,112 ----a-w C:\WINDOWS\DUMP6002.tmp
    2008-04-04 17:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
    2008-04-03 17:09 90,112 ----a-w C:\WINDOWS\DUMP5ae1.tmp
    2008-04-02 11:08 --------- d-----w C:\Program Files\CFWebAdvancedU
    2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\CamfrogWEB
    2008-04-02 09:52 --------- d-----w C:\Program Files\Windows Live
    2008-04-02 09:51 --------- d-----w C:\Program Files\Project64 1.6
    2008-04-02 09:42 --------- d-----w C:\Program Files\LimeWire
    2008-04-02 09:40 --------- d-----w C:\Program Files\Google
    2008-04-02 09:39 --------- d-----w C:\Program Files\eMule
    2008-04-02 09:39 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Desperate Housewives
    2008-04-02 09:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
    2008-04-02 09:33 --------- d-----w C:\Program Files\Lavasoft
    2008-04-02 09:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-02 09:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 20:33 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-31 20:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-03-31 17:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-03-31 17:41 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Malwarebytes
    2008-03-31 17:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-03-31 14:51 --------- d-----w C:\Program Files\RealVNC
    2008-03-31 14:03 --------- d-----w C:\Program Files\Trend Micro
    2008-03-29 14:24 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Snapfish
    2008-03-28 22:03 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-28 15:46 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Deskbar_{CCF3B2DF-BC59-400d-B892-C02A87013B27}
    2008-03-27 21:08 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\LimeWire
    2008-03-23 14:22 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\dvdcss
    2008-03-22 12:06 --------- d-----w C:\Program Files\Java
    2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 19:12 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Apple Computer
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 00:23 166 ----a-w C:\Program Files\results.txt
    2008-03-19 11:54 --------- d-----w C:\Program Files\CyberLink
    2008-03-17 15:51 --------- d-----w C:\Program Files\Ahead
    2008-03-12 17:22 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-03-12 17:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
    2008-03-11 22:25 --------- d-----w C:\Program Files\AskTBar
    2008-03-11 16:27 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Nero
    2008-03-08 12:17 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\TransRender
    2008-03-08 12:00 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Temporary
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-06 16:19 2,262 ----a-w C:\WINDOWS\system32\tmp.reg
    2006-05-25 08:11 144 ----a-w C:\Program Files\vssver.scc
    2006-05-17 13:25 10,419 ----a-w C:\Program Files\NAMES_SP.TXT
    2006-05-15 12:13 10,773 ----a-w C:\Program Files\NAMES_DU.TXT
    2006-05-15 10:26 10,804 ----a-w C:\Program Files\NAMES_IT.TXT
    2006-05-12 16:57 9,991 ----a-w C:\Program Files\NAMES_EN.TXT
    2006-05-12 16:57 11,352 ----a-w C:\Program Files\NAMES_GE.TXT
    2006-05-12 16:57 10,959 ----a-w C:\Program Files\NAMES_FR.TXT
    2006-05-12 16:57 10,959 ----a-w C:\Program Files\Names.txt
    2005-11-18 09:59 264,118 ----a-w C:\Program Files\oui_id.txt
    2005-11-14 11:17 1,421,403 ----a-w C:\Program Files\AegisE5.dll
    2004-11-10 08:17 86,016 ----a-w C:\Program Files\Installrt2500qa.dll
    2004-11-10 08:17 122 ----a-w C:\Program Files\filespecrt2500qa
    2004-07-22 16:45 116 ----a-w C:\Program Files\filespecrtrt2500USB
    2004-06-03 15:00 73,728 ----a-w C:\Program Files\Install2500USB.dll
    2004-02-27 09:04 45,056 ----a-w C:\Program Files\DEDriverDLL.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BFC1E05-8287-420E-8526-F6D76E1FEBB8}]
    2008-04-30 18:19 258048 --a------ C:\WINDOWS\gndarmblsnv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C3169036-557E-45E1-840F-C845DC406C55}"= "C:\WINDOWS\wxdbpfvo.dll" [ ]

    [HKEY_CLASSES_ROOT\clsid\{c3169036-557e-45e1-840f-c845dc406c55}]
    [HKEY_CLASSES_ROOT\wxdbpfvo.1]
    [HKEY_CLASSES_ROOT\TypeLib\{D95C697F-D985-4AB1-92B5-40DF04BBE322}]
    [HKEY_CLASSES_ROOT\wxdbpfvo]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC-Cleaner"="C:\Program Files\PC-Cleaner\PC-Cleaner.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

    C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-08 21:17:01 124912]
    Post-it© Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 15:26:54 2080768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "EVlKG4hX8a"= C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxwvwV]
    yayxwvwV.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitSpirit\\BitSpirit.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5900:TCP"= 5900:TCP:p ort vnc
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 14:00]
    R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 14:14]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 02:56]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-01 17:14:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-03 14:49:31
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 74

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\sockspy.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\sockspy.dll
    .
    Temps d'accomplissement: 2008-05-03 14:51:28
    ComboFix-quarantined-files.txt 2008-05-03 12:50:48
    ComboFix2.txt 2008-05-03 12:41:32
    ComboFix3.txt 2008-04-06 20:32:13
    ComboFix4.txt 2008-04-06 12:35:12
    ComboFix5.txt 2008-04-05 19:53:23

    Pre-Run: 25,887,997,952 octets libres
    Post-Run: 25,872,871,424 octets libres

    271 --- E O F --- 2008-04-30 23:48:18
    a b 8 Sécurité
    3 Mai 2008 16:10:04

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\nhyptbdy.dll.ren
    C:\WINDOWS\gndarmblsnv.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BFC1E05-8287-420E-8526-F6D76E1FEBB8}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{C3169036-557E-45E1-840F-C845DC406C55}"=-
    [-HKEY_CLASSES_ROOT\clsid\{c3169036-557e-45e1-840f-c845dc406c55}]
    [-HKEY_CLASSES_ROOT\wxdbpfvo.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{D95C697F-D985-4AB1-92B5-40DF04BBE322}]
    [-HKEY_CLASSES_ROOT\wxdbpfvo]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayxwvwV]


    Ouvre le Bloc-notes (Démarrer>Exécuter...>notepad) puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :


    Cela va relancer ComboFix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    3 Mai 2008 16:26:07

    et voila:
    ComboFix 08-05-01.3 - Propriétaire 2008-05-03 16:16:38.9 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.559 [GMT 2:00]
    Endroit: C:\Documents and Settings\Propriétaire.AMELBENT\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Propriétaire.AMELBENT\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration
    * Resident AV is active


    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\gndarmblsnv.dll
    C:\WINDOWS\system32\nhyptbdy.dll.ren
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\gndarmblsnv.dll
    C:\WINDOWS\system32\nhyptbdy.dll.ren

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-03 15:15 . 2008-05-03 15:15 106,496 --a------ C:\WINDOWS\system32\gvelezct.exe
    2008-05-03 14:41 . 2008-05-03 14:41 <REP> d-------- C:\Documents and Settings\PropriÚtaire.AMELBENT
    2008-05-03 14:41 . 2008-05-03 14:41 <REP> d-------- C:\Documents and Settings\HervÚ
    2008-05-02 12:49 . 2008-05-02 12:49 90,112 --a------ C:\WINDOWS\system32\dclenuzu.exe
    2008-05-02 02:30 . 2008-05-02 02:30 <REP> d-------- C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\TmpRecentIcons
    2008-05-02 01:08 . 2008-05-03 14:43 <REP> d-------- C:\Program Files\Trojan Remover
    2008-05-02 00:48 . 2008-05-02 00:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq
    2008-05-01 21:49 . 2008-05-01 21:49 <REP> d-------- C:\Program Files\LucasArts
    2008-04-30 13:59 . 2008-04-30 13:59 <REP> d-------- C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\ItsLabel
    2008-04-29 13:17 . 2008-05-01 22:24 <REP> d-------- C:\Downloads
    2008-04-29 13:13 . 2008-04-29 20:46 <REP> d-------- C:\Program Files\BitSpirit
    2008-04-29 13:05 . 2008-04-29 13:05 684 --a------ C:\WINDOWS\mozver.dat
    2008-04-28 17:51 . 2008-04-28 17:51 <REP> d-------- C:\Program Files\MSBuild
    2008-04-28 17:48 . 2008-04-28 17:48 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-04-28 17:44 . 2008-04-28 17:44 <REP> d-------- C:\WINDOWS\system32\URTTEMP
    2008-04-28 17:10 . 2008-04-28 17:28 <REP> d-------- C:\74fc8f5e940e438bc33db032a0
    2008-04-28 17:07 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-04-28 17:07 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-04-28 17:07 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-04-28 17:07 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-04-28 17:07 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-04-28 17:07 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-04-28 17:07 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-04-28 17:07 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-04-28 17:07 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-28 15:51 . 2008-04-28 15:51 <REP> d-------- C:\WINDOWS\system32\Atheros_L1
    2008-04-28 15:51 . 2007-11-01 02:56 36,864 -ra------ C:\WINDOWS\system32\drivers\l151x86.sys
    2008-04-28 15:50 . 2008-04-28 15:50 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-04-28 15:50 . 2008-04-28 15:50 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-04-28 15:47 . 2008-04-28 15:47 <REP> d-------- C:\WINDOWS\system32\RTCOM
    2008-04-28 15:47 . 2008-04-28 15:47 <REP> d-------- C:\WINDOWS\ASUSInstAll
    2008-04-28 15:47 . 2006-08-01 09:02 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
    2008-04-28 15:45 . 2007-10-25 05:57 16,855,552 -r------- C:\WINDOWS\RTHDCPL.exe
    2008-04-28 15:45 . 2007-06-28 10:44 2,165,760 -r------- C:\WINDOWS\MicCal.exe
    2008-04-28 15:45 . 2007-10-11 05:04 1,826,816 -r------- C:\WINDOWS\SkyTel.exe
    2008-04-28 15:45 . 2007-07-26 12:06 1,191,936 -r------- C:\WINDOWS\RtlUpd.exe
    2008-04-28 15:45 . 2006-08-18 00:58 282,624 -r------- C:\WINDOWS\system32\RTSndMgr.cpl
    2008-04-28 15:44 . 2008-04-28 15:44 <REP> d-------- C:\Program Files\Realtek
    2008-04-28 15:44 . 2007-07-26 11:09 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-04-28 15:44 . 2008-04-28 15:44 315,392 --a------ C:\WINDOWS\HideWin.exe
    2008-04-28 15:43 . 2008-04-28 15:43 <REP> d-------- C:\Program Files\Intel
    2008-04-28 15:42 . 2008-04-28 15:42 <REP> d-------- C:\Intel
    2008-04-28 15:40 . 2007-08-01 05:39 12,536 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
    2008-04-28 15:40 . 2008-04-28 15:47 11,025 --a------ C:\WINDOWS\Ascd_log.ini
    2008-04-28 15:40 . 2008-04-28 15:40 10,802 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-04-28 15:40 . 2004-08-13 12:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
    2008-04-28 15:34 . 2008-04-28 15:34 2,422 --a------ C:\WINDOWS\system32\wpa.bak
    2008-04-28 14:48 . 2004-08-05 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-04-28 14:47 . 2004-08-05 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-04-28 14:45 . 2008-04-28 14:45 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-04-28 14:45 . 2008-04-28 14:45 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-04-28 14:37 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
    2008-04-28 14:34 . 2004-08-04 00:54 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
    2008-04-28 14:34 . 2004-08-04 00:55 56,832 --a------ C:\WINDOWS\system32\MSDvbNP.ax
    2008-04-28 14:34 . 2004-08-04 00:55 33,280 --a------ C:\WINDOWS\system32\PsisRndr.ax
    2008-04-28 14:34 . 2004-08-04 00:55 18,432 --a------ C:\WINDOWS\system32\BdaPlgIn.ax
    2008-04-28 14:34 . 2004-08-03 23:10 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
    2008-04-28 14:28 . 2008-04-28 17:10 1,065,935 --a------ C:\WINDOWS\setupapi.log.1.old
    2008-04-08 00:55 . 2008-04-08 01:00 8,192 --a------ C:\WINDOWS\system32\edb.chk
    2008-04-08 00:44 . 2004-08-05 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
    2008-04-08 00:31 . 2004-08-05 15:00 1,086,058 -ra------ C:\WINDOWS\SETE6.tmp
    2008-04-08 00:31 . 2004-08-05 15:00 1,014,836 -ra------ C:\WINDOWS\SETE3.tmp
    2008-04-08 00:31 . 2004-08-05 15:00 14,043 -ra------ C:\WINDOWS\SETF2.tmp
    2008-04-08 00:31 . 2008-04-08 00:31 34 --a------ C:\WINDOWS\system\oeminfo.ini
    2008-04-07 21:21 . 2007-08-08 22:12 216 --ahs---- C:\BOOT.BKK
    2008-04-07 21:14 . 2008-03-22 01:00 93,572 --a------ C:\WINDOWS\380.jpg
    2008-04-07 21:09 . 2008-04-07 21:09 <REP> d-------- C:\Program Files\TGTSoft
    2008-04-07 20:49 . 2008-05-01 15:27 1,072,979,968 --a------ C:\WINDOWS\MEMORY.DMP
    2008-04-06 23:40 . 2008-04-07 14:27 2,215 --a------ C:\rollback.ini
    2008-04-06 00:07 . 2008-04-06 03:26 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
    2008-04-06 00:06 . 2008-04-07 14:18 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
    2008-04-06 00:05 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-04-04 19:12 . 2008-04-04 19:12 <REP> d-------- C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Bitdefender
    2008-04-04 19:01 . 2008-04-04 19:01 <REP> d-------- C:\Program Files\Softwin
    2008-04-04 18:49 . 2008-04-04 18:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-03 14:18 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2008-05-03 12:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-05-03 12:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-05-03 12:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
    2008-05-02 10:53 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-05-01 17:14 --------- d-----w C:\Program Files\Apple Software Update
    2008-05-01 14:02 --------- d-----w C:\Program Files\DivX
    2008-05-01 13:59 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\DivX
    2008-04-29 18:22 --------- d-----w C:\Program Files\EoRezo
    2008-04-29 09:55 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
    2008-04-28 16:57 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-04-28 13:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-06 18:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2008-04-05 13:13 90,112 ----a-w C:\WINDOWS\DUMP5c77.tmp
    2008-04-05 12:45 90,112 ----a-w C:\WINDOWS\DUMP6002.tmp
    2008-04-04 17:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BitDefender
    2008-04-03 17:09 90,112 ----a-w C:\WINDOWS\DUMP5ae1.tmp
    2008-04-02 11:08 --------- d-----w C:\Program Files\CFWebAdvancedU
    2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\CamfrogWEB
    2008-04-02 09:52 --------- d-----w C:\Program Files\Windows Live
    2008-04-02 09:51 --------- d-----w C:\Program Files\Project64 1.6
    2008-04-02 09:42 --------- d-----w C:\Program Files\LimeWire
    2008-04-02 09:40 --------- d-----w C:\Program Files\Google
    2008-04-02 09:39 --------- d-----w C:\Program Files\eMule
    2008-04-02 09:39 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Desperate Housewives
    2008-04-02 09:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\ACD Systems
    2008-04-02 09:33 --------- d-----w C:\Program Files\Lavasoft
    2008-04-02 09:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-02 09:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-31 20:33 --------- d-----w C:\Program Files\MSN Messenger
    2008-03-31 20:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-03-31 17:45 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-03-31 17:41 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Malwarebytes
    2008-03-31 17:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-03-31 14:51 --------- d-----w C:\Program Files\RealVNC
    2008-03-31 14:03 --------- d-----w C:\Program Files\Trend Micro
    2008-03-29 14:24 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Snapfish
    2008-03-28 22:03 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-03-28 15:46 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Deskbar_{CCF3B2DF-BC59-400d-B892-C02A87013B27}
    2008-03-27 21:08 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\LimeWire
    2008-03-23 14:22 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\dvdcss
    2008-03-22 12:06 --------- d-----w C:\Program Files\Java
    2008-03-21 20:30 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-03-21 20:30 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 19:12 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Apple Computer
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 00:23 166 ----a-w C:\Program Files\results.txt
    2008-03-19 11:54 --------- d-----w C:\Program Files\CyberLink
    2008-03-17 15:51 --------- d-----w C:\Program Files\Ahead
    2008-03-12 17:22 --------- d-----w C:\Program Files\Fichiers communs\Nero
    2008-03-12 17:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
    2008-03-11 22:25 --------- d-----w C:\Program Files\AskTBar
    2008-03-11 16:27 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Nero
    2008-03-08 12:17 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\TransRender
    2008-03-08 12:00 --------- d-----w C:\Documents and Settings\Propriétaire.AMELBENT\Application Data\Temporary
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-06 16:19 2,262 ----a-w C:\WINDOWS\system32\tmp.reg
    2006-05-25 08:11 144 ----a-w C:\Program Files\vssver.scc
    2006-05-17 13:25 10,419 ----a-w C:\Program Files\NAMES_SP.TXT
    2006-05-15 12:13 10,773 ----a-w C:\Program Files\NAMES_DU.TXT
    2006-05-15 10:26 10,804 ----a-w C:\Program Files\NAMES_IT.TXT
    2006-05-12 16:57 9,991 ----a-w C:\Program Files\NAMES_EN.TXT
    2006-05-12 16:57 11,352 ----a-w C:\Program Files\NAMES_GE.TXT
    2006-05-12 16:57 10,959 ----a-w C:\Program Files\NAMES_FR.TXT
    2006-05-12 16:57 10,959 ----a-w C:\Program Files\Names.txt
    2005-11-18 09:59 264,118 ----a-w C:\Program Files\oui_id.txt
    2005-11-14 11:17 1,421,403 ----a-w C:\Program Files\AegisE5.dll
    2004-11-10 08:17 86,016 ----a-w C:\Program Files\Installrt2500qa.dll
    2004-11-10 08:17 122 ----a-w C:\Program Files\filespecrt2500qa
    2004-07-22 16:45 116 ----a-w C:\Program Files\filespecrtrt2500USB
    2004-06-03 15:00 73,728 ----a-w C:\Program Files\Install2500USB.dll
    2004-02-27 09:04 45,056 ----a-w C:\Program Files\DEDriverDLL.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
    "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [ ]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [ ]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PC-Cleaner"="C:\Program Files\PC-Cleaner\PC-Cleaner.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

    C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-08 21:17:01 124912]
    Post-it© Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 15:26:54 2080768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "EVlKG4hX8a"= C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=sockspy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.ACDV"= ACDV.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\BitSpirit\\BitSpirit.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5900:TCP"= 5900:TCP:p ort vnc
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-05 14:00]
    R3 3xHybrid;Pinnacle PCTV Stereo service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 14:14]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 02:56]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-01 17:14:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-03 16:18:47
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 74

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\sockspy.dll

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\sockspy.dll
    .
    Temps d'accomplissement: 2008-05-03 16:20:35
    ComboFix-quarantined-files.txt 2008-05-03 14:19:58
    ComboFix2.txt 2008-05-03 12:51:30
    ComboFix3.txt 2008-05-03 12:41:32
    ComboFix4.txt 2008-04-06 20:32:13
    ComboFix5.txt 2008-04-06 12:35:12

    Pre-Run: 25,878,138,880 octets libres
    Post-Run: 25,863,192,576 octets libres

    270 --- E O F --- 2008-04-30 23:48:18


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:23:51, on 03/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\mrelsbab.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Propriétaire.AMELBENT\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O4 - HKLM\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [qkyiitpk] C:\WINDOWS\system32\mrelsbab.exe
    O4 - HKLM\..\Policies\Explorer\Run: [EVlKG4hX8a] C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_a...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6...
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 7955 bytes
    a b 8 Sécurité
    3 Mai 2008 18:10:20

    Re,

    Fix cette ligne :
    O4 - HKCU\..\Run: [qkyiitpk] C:\WINDOWS\system32\mrelsbab.exe

    Supprime ce fichier :
    C:\WINDOWS\system32\mrelsbab.exe
    3 Mai 2008 19:53:11

    ça y est c fait voila un rapport hijackthis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:52:03, on 03/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Propriétaire.AMELBENT\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
    O4 - HKLM\..\Run: [PC-Cleaner] "C:\Program Files\PC-Cleaner\PC-Cleaner.exe" hide
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKLM\..\Policies\Explorer\Run: [EVlKG4hX8a] C:\Documents and Settings\All Users.WINDOWS\Application Data\bqtcfkdq\twhmpape.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
    O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.20/cfweb_a...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6...
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 7904 bytes
    a b 8 Sécurité
    4 Mai 2008 21:49:35

    Encore des problèmes ?
    5 Mai 2008 11:28:30

    ben j ai toujours mon image de bureau qui est noire et parfois mes icones ont disparu quand je l'allume et le menu "demarrer" s'ouvre mais on peut pas ouvrir les dossiers











































































    5 Mai 2008 13:09:17

    en fait c bon pour l'arrière plan bureau, par contre j'ai aussi un nouveau dossier qui s'est mis et qui s'appelle "virii", je ne sais pas ce que c'est
    a b 8 Sécurité
    5 Mai 2008 17:45:30

    Il contient des fichiers ?
    5 Mai 2008 19:02:32

    oui, il y a 5 fichiers Tojan-Downloader.Win32.Agent.r
    a b 8 Sécurité
    5 Mai 2008 19:36:09

    Bah supprime le dossier alors :) 
    5 Mai 2008 21:19:37

    ok merci pour ton aide
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS