Votre question

[Résolu] Fservice.exe Manquant ? Virus ?

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Mars 2008 09:59:30

Bonjour à tous et à toutes,


Voilà j'ai un problème dans C:/Windows/System32/Fservice.exe
Il n'y est pas, je pense que cela est vital de l'avoir ! Et apparemment cela provient d'un virus !

Je voulais savoir comment le récupérer ou me débarrasser de ce virus ?



Merci d'avance,

Autres pages sur : resolu fservice exe manquant virus

22 Mars 2008 10:41:28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at Niixo 10:41:17, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\services.exe
D:\Apache\Apache.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
D:\Apache\Apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\srksrv.exe
D:\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
D:\nessusd.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system\System\ctf\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system\System\FZS\FlashPlayer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\iTunesHelper.exe
C:\WINDOWS\lsassxp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Alix\Bureau\Hellou Repack V6\Hellus\Hellou Repack V6\Server.exe.exe
C:\Documents and Settings\Alix\Bureau\Hellou Repack V6\Hellus\Hellou Repack V6\Server.exe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\service.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\service.exe
D:\hamachi.exe
D:\WinRAR.exe
C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: {99712aab-46e6-5e98-a714-13c042a14c61} - {16c41a24-0c31-417a-89e5-6e64baa21799} - C:\WINDOWS\system32\cabxsess.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: (no name) - {67fb8436-9794-487a-a8b2-a6f825cb0261} - C:\WINDOWS\system32\tmp9B.tmp.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcbxvv.dll (file missing)
O2 - BHO: (no name) - {707476e3-cc1e-4074-8da8-5c6fc77e19e7} - C:\WINDOWS\system32\cry_32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D66D8AD9-6D61-4681-B47F-419B204BC56F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [htxduvs] c:\windows\system32\htxduvs.exe htxduvs
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [system] C:\WINDOWS\svcr.exe
O4 - HKLM\..\Run: [lsassxp] C:\WINDOWS\lsassxp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [901d8676] rundll32.exe "C:\WINDOWS\system32\rkkneota.dll",b
O4 - HKLM\..\Run: [BM932eb5ea] Rundll32.exe "C:\WINDOWS\system32\ucqrbaan.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [lmdsxiwxig] c:\documents and settings\alix\local settings\application data\lmdsxiwxig.exe lmdsxiwxig
O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
O4 - HKCU\..\Run: [system] C:\WINDOWS\svcr.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKCU\..\Policies\Explorer\Run: [COM Service] C:\WINDOWS\msagent\mslukw.com
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = ?
O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD85E32-FEA7-43BC-A374-C93C6F14EEEE}: NameServer = 85.255.115.157,85.255.112.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\vtsqppq.dll
O20 - Winlogon Notify: cry_32 - cry_32.dll (file missing)
O20 - Winlogon Notify: efcbxvv - efcbxvv.dll (file missing)
O20 - Winlogon Notify: kbdcab - kbdcab.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alix\Application Data\tmp2E59.tmp.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

--
End of file - 15806 bytes
Contenus similaires
22 Mars 2008 11:04:46

Je sais que tu n'est pas beaucoup disponible mais cela est très urgent :s
22 Mars 2008 11:15:25

Re,

Si c'est urgent, tu vas voir un informaticien qui en prendra pour son argent... :o 

Ton PC est vraiment très vérolé. Donc la désinfection se sera pas forcément rapide, mais je te suivrai jusqu'au bout.

1) Télécharge SDFix (créé par AndyManchesta ) et sauvegarde le sur ton Bureau.
Guide d'utilisation : http://mickael.barroux.free.fr/securite/sdfix.php

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
  • Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
    N.B.:
    - Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.
    - Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

    2) Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

    Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
    **Si le lien ne fonctionne pas, clique [#ff0000]ici
    **

    Lance le fix (FixWareout.exe), clique sur Next puis Install.
    Assure-toi que Run fixit soit bien activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    3) Télécharge Navilog1 de IL-MAFIOSO : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Selon l’antivirus que tu utilises navilog1 peut être détecté comme virus !!!
    Dans ce cas-là désactive le pendant le téléchargement et le scan!!!!


    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le bloc note.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    4) Poste un nouveau rapport hijackthis.

    N.B : Si tu prévois de formater, ou d'aller chez un informaticien si tu es si pressé(e) que ça, merci de me le dire que je ne perde pas mon temps avec toi.
    22 Mars 2008 11:19:54

    Non, je ne pensé pas que cela était si long :)  Je prendrais le temps qu'il faudra avec toi :)  J'espère que tu tiendras jusqu'au bout ;) 


    Merci beaucoup !
    22 Mars 2008 11:31:43

    Re,

    Pas de souci, je n'abandonne jamais les personnes que je prends en charge.

    Par contre, il se peut que certains jours je ne passe qu'une fois dans la journée.

    ;) 
    22 Mars 2008 12:13:02

    Ok, pas de soucis ! J'ai fais la première étape pour le rapport avec SDFIX Voici mon rapport :


    SDFix: Version 1.159

    Run by Alix on 22/03/2008 at Niixo 11:28

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\Alix\Bureau\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\Documents and Settings\Alix\Application Data\tmp1067.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp10E.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp11D8.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp122.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp123.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp1239.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp123C.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp124.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp1241.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp125.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp12FB.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp1327.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp1329.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp13D3.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp13F4.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp14AC.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp16E2.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp17FB.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp186.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp1C64.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp1D24.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp1F6D.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp207C.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2155.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp215A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2184.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp221.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp223.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp23.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2368.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2384.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp23A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp23D6.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp272B.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp279.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp27E.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp282.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2BB.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2D.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2DAF.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2E59.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2E81.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2E85.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp2E8E.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp32.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp322.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp344.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp354.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp3575.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp39A7.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp3E3C.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp42.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp43.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp48.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp4D.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp4D32.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp4F.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp4F93.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp50.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp54.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp571.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp58.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp591.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp5A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp5BB.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp5F.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp60.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp64.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp64B0.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp6621.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp6624.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp6625.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp67E.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp6A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp6D.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp6DC.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp71.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp72.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp76A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp7AD.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp7B.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp7C67.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp7D.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp7F.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp830.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp88.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp8A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp8E2.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp9B.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmp9FA.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpA03.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpA0D.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpA39.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpA96.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpAA1A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpAF1B.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpB3.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpB70.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpBB2.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpC1.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpCD09.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpD0.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpD48A.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpE4E.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpE971.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpE9B3.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpE9BA.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpE9BD.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpEA5.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Application Data\tmpEB.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Local Settings\Temp\tem1D96.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Local Settings\Temp\tem1DA6.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Local Settings\Temp\tem1DB0.tmp.exe - Deleted
    C:\Documents and Settings\Alix\Local Settings\Temp\upd54.tmp.exe - Deleted
    C:\WINDOWS\system32\tmp1067.tmp.dll - Deleted
    C:\WINDOWS\system32\tmp1241.tmp.dll - Deleted
    C:\WINDOWS\system32\tmp2E8E.tmp.dll - Deleted
    C:\WINDOWS\system32\tmp4D.tmp.dll - Deleted
    C:\WINDOWS\system32\tmp4F.tmp.dll - Deleted
    C:\WINDOWS\system32\tmp9B.tmp.dll - Deleted
    C:\WINDOWS\system32\tmpE9BD.tmp.dll - Deleted
    C:\DOCUME~1\Alix\LOCALS~1\Temp\GLFA08.tmp.dll - Deleted
    C:\WINDOWS\retadpu2000373.exe - Deleted
    C:\WINDOWS\ktd32.atm - Deleted
    C:\WINDOWS\SecureWin31.dll - Deleted
    C:\WINDOWS\SecureWin32.exe - Deleted
    C:\WINDOWS\service.exe - Deleted
    C:\WINDOWS\services.exe - Deleted
    C:\WINDOWS\svcr.exe - Deleted
    C:\WINDOWS\system\sservice.exe - Deleted
    C:\WINDOWS\system32\fservice.exe - Deleted
    C:\WINDOWS\system32\reginv.dll - Deleted
    C:\WINDOWS\system32\service.exe - Deleted
    C:\WINDOWS\system32\winkey.dll - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 11:45:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:D 7125df9
    "s2"=dword:0486fca7
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Alcohol 120\"
    "h0"=dword:00000000
    "ujdew"=hex:42,84,80,3c,49,42,f8,03,d3,7b,3f,73,d6,91,15,86,22,3f,9a,6b,eb,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "p0"="D:\Alcohol 120\"
    "h0"=dword:00000000
    "ujdew"=hex:42,84,80,3c,49,42,f8,03,d3,7b,3f,73,d6,91,15,86,22,3f,9a,6b,eb,..

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{421F5D79-C101-9436-A395-83B082B43710}]
    "nacjbaphbdplllkkkcfacifdecfc"=hex:6b,61,6f,6f,68,64,64,69,6f,6d,64,68,63,6b,64,61,6c,6e,6a,61,62,..
    "maiihjaaegdnodapheiagecdph"=hex:6b,61,6f,6f,69,64,6f,6d,6b,70,6c,6e,6b,70,65,6d,65,6b,6f,6f,69,..

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 2927


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
    "C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"="C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe:*:Enabled:CivCity Rome"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:p MSRegisterFile"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\NetAppel\\NetAppel.exe"="C:\\Program Files\\NetAppel\\NetAppel.exe:*:Enabled:NetAppel"
    "C:\\Program Files\\TribalWeb.net\\tribalweb.exe"="C:\\Program Files\\TribalWeb.net\\tribalweb.exe:*:D isabled:TribalWeb.net : R‚seau priv‚ sur Internet"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:D isabled:umi"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\TorrentQ\\TorrentQ.exe"="C:\\Program Files\\TorrentQ\\TorrentQ.exe:*:Enabled:Torrent P2P application"
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
    "D:\\VoipStunt\\VoipStunt.exe"="D:\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
    "D:\\Program Files\\GameSpy Arcade\\Aphex.exe"="D:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
    "D:\\Program Files\\flashget.exe"="D:\\Program Files\\flashget.exe:*:Enabled:Flashget"
    "D:\\VNC4\\vncviewer.exe"="D:\\VNC4\\vncviewer.exe:*:Enabled:VNC Viewer Personal Edition for Win32"
    "D:\\VNC4\\winvnc4.exe"="D:\\VNC4\\winvnc4.exe:*:Enabled:VNC Server"
    "D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "D:\\UltraVNC\\winvnc.exe"="D:\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
    "D:\\SonicText\\BF2.exe"="D:\\SonicText\\BF2.exe:*:Enabled:Battlefield 2"
    "D:\\hair\\CivCity Rome.exe"="D:\\hair\\CivCity Rome.exe:*:Enabled:CivCity Rome"
    "C:\\WINDOWS\\system32\\mcoinstall.exe"="C:\\WINDOWS\\system32\\mcoinstall.exe:*:Enabled:mcoinstall"
    "D:\\Ares\\Ares.exe"="D:\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
    "D:\\hl.exe"="D:\\hl.exe:*:Enabled:Half-Life Launcher"
    "D:\\eMule\\emule.exe"="D:\\eMule\\emule.exe:*:Enabled:eMule"
    "D:\\Azureus\\Azureus.exe"="D:\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "D:\\Dreamweaver 8\\Dreamweaver.exe"="D:\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:D reamweaver 8"
    "D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="D:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
    "D:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="D:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
    "D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="D:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "D:\\bittorrent.exe"="D:\\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\\Documents and Settings\\Alix\\Bureau\\DebboProject Remix Suang\\DebboProject Remix Suang\\Server Edit by Suang.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject Remix Suang\\DebboProject Remix Suang\\Server Edit by Suang.exe:*:Enabled:Server Edit by Suang"
    "C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PublicServer.exe"="C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PublicServer.exe:*:Enabled:p ublicServer"
    "C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PrivateServer.exe"="C:\\Documents and Settings\\Alix\\Local Settings\\Temporary Internet Files\\Content.IE5\\D8QSO89M\\Habbo_Retro_Server[1]\\Retro Server\\Retro\\Retro\\PrivateServer.exe:*:Enabled:p rivateServer"
    "C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v1.5\\Server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v1.5\\Server.exe:*:Enabled:Server"
    "C:\\Documents and Settings\\Alix\\Bureau\\server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\server.exe:*:Enabled:server"
    "D:\\counter\\SteamApps\\clementpolizzi\\counter-strike source\\hl2.exe"="D:\\counter\\SteamApps\\clementpolizzi\\counter-strike source\\hl2.exe:*:Enabled:hl2"
    "C:\\Documents and Settings\\Alix\\Bureau\\test_firewall.exe"="C:\\Documents and Settings\\Alix\\Bureau\\test_firewall.exe:*:Enabled:test_firewall"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2 patch1\\Server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2 patch1\\Server.exe:*:Enabled:Server"
    "C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2\\Server.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DebboProject v2\\Server.exe:*:Enabled:Server"
    "C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
    "C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
    "C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
    "C:\\Documents and Settings\\Alix\\Bureau\\DBPV3_SE.exe"="C:\\Documents and Settings\\Alix\\Bureau\\DBPV3_SE.exe:*:Enabled:D BPV3_SE"
    "C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"="C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe:*:Enabled:Adobe Bridge"
    "C:\\Documents and Settings\\Alix\\Bureau\\Jeux pc\\flashget.exe"="C:\\Documents and Settings\\Alix\\Bureau\\Jeux pc\\flashget.exe:*:Enabled:Flashget"
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
    "C:\\Documents and Settings\\Alix\\Application Data\\tmp2E59.tmp.exe"="C:\\Documents and Settings\\Alix\\Applicat"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "D:\\Program Files\\BF2.exe"="D:\\Program Files\\BF2.exe:*:Enabled:Battlefield 2"
    "C:\\Documents and Settings\\Alix\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\Alix\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
    "D:\\Adobe CS3\\BF2.exe"="D:\\Adobe CS3\\BF2.exe:*:Enabled:Battlefield 2"
    "D:\\VoipDiscount\\VoipDiscount.exe"="D:\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount"
    "D:\\iTunes.exe"="D:\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    Remaining Files :


    File Backups: - C:\DOCUME~1\Alix\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Wed 6 Dec 2006 1,248 A.SH. --- "C:\hv0fao30.sys"
    Wed 5 Jul 2006 1,248 A.SH. --- "C:\hv0jaw3o.sys"
    Wed 31 Oct 2007 20,153 ..SH. --- "C:\WINDOWS\system32\srqss.tmp"
    Tue 19 Dec 2006 8,349 ..SH. --- "C:\WINDOWS\system32\srqss.bak1"
    Wed 12 Mar 2008 162,965 ..SH. --- "C:\WINDOWS\system32\srqss.bak2"
    Wed 24 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sun 28 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BITC.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITF.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT13.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BITB.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT10.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BITD.tmp"
    Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT3D.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT12.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BITE.tmp"
    Sat 15 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT11.tmp"

    Finished!



    Ensuite je fais la partie N.B. ?
    22 Mars 2008 12:24:25

    Re,

    Tu as fait le 1)

    Fais le 2), le 3) et le 4)

    Une fois tout cela fait je te dirai quoi faire après. Comme je te l'ai dit, vu ton niveau d'infection, ça ne va pas être rapide :p 

    ;) 
    22 Mars 2008 12:35:14

    Search Navipromo version 3.5.0 commencé le 22/03/2008 à 12:23:05,57

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***




    *** Recherche dossiers dans C:\WINDOWS ***



    *** Recherche dossiers dans C:\Program Files ***



    *** Recherche dossiers dans ***




    *** Recherche dossiers dans "C:\Documents and Settings\Alix\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\Alix\locals~1\applic~1" ***



    *** Recherche dossiers dans "C:\Documents and Settings\Alix\menudm~1\progra~1" ***


    *** Recherche dossiers dans ***


    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé



    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans "C:\Documents and Settings\Alix\locals~1\applic~1" *

    Fichiers trouvés :

    lmdsxiwxig.exe trouvé !
    lmdsxiwxig.dat trouvé !
    lmdsxiwxig_nav.dat trouvé !
    lmdsxiwxig_navps.dat trouvé !



    *** Recherche fichiers ***


    C:\WINDOWS\system32\nvs2.inf trouvé !


    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :


    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :


    * Dans "C:\Documents and Settings\Alix\locals~1\applic~1" :

    lmdsxiwxig.dat trouvé !
    lmdsxiwxig_nav.dat trouvé !
    lmdsxiwxig_navps.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat OOO-Favorit trouvé !

    4)Recherche fichiers connus :

    C:\WINDOWS\system32\srqss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\srqss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\srqss.bak2 trouvé ! infection Vundo possible non traitée par cet outil !


    *** Analyse terminée le 22/03/2008 à 12:34:47,81 ***


    Voilà ensuite je poste le rapport HiJacktHis !
    22 Mars 2008 12:35:45

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at Niixo 12:35:34, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    D:\Apache\Apache.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    D:\Apache\Apache.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\srksrv.exe
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    D:\nessusd.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    D:\iTunesHelper.exe
    C:\WINDOWS\lsassxp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\counterstrikesource\Steam.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\hamachi.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: {99712aab-46e6-5e98-a714-13c042a14c61} - {16c41a24-0c31-417a-89e5-6e64baa21799} - C:\WINDOWS\system32\cabxsess.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {67fb8436-9794-487a-a8b2-a6f825cb0261} - C:\WINDOWS\system32\tmp9B.tmp.dll (file missing)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcbxvv.dll (file missing)
    O2 - BHO: (no name) - {707476e3-cc1e-4074-8da8-5c6fc77e19e7} - C:\WINDOWS\system32\cry_32.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D66D8AD9-6D61-4681-B47F-419B204BC56F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [htxduvs] c:\windows\system32\htxduvs.exe htxduvs
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
    O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
    O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
    O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lsassxp] C:\WINDOWS\lsassxp.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [901d8676] rundll32.exe "C:\WINDOWS\system32\rkkneota.dll",b
    O4 - HKLM\..\Run: [BM932eb5ea] Rundll32.exe "C:\WINDOWS\system32\ucqrbaan.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [lmdsxiwxig] c:\documents and settings\alix\local settings\application data\lmdsxiwxig.exe lmdsxiwxig
    O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = ?
    O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
    O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.97
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD85E32-FEA7-43BC-A374-C93C6F14EEEE}: NameServer = 85.255.115.157,85.255.112.97
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\vtsqppq.dll
    O20 - Winlogon Notify: cry_32 - cry_32.dll (file missing)
    O20 - Winlogon Notify: efcbxvv - efcbxvv.dll (file missing)
    O20 - Winlogon Notify: kbdcab - kbdcab.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alix\Application Data\tmp2E59.tmp.exe (file missing)
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

    --
    End of file - 15611 bytes
    22 Mars 2008 12:41:28

    Re, tu as oublié de faire ça :p 

    2) Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

    Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
    **Si le lien ne fonctionne pas, clique [#ff0000]ici
    **

    Lance le fix (FixWareout.exe), clique sur Next puis Install.
    Assure-toi que Run fixit soit bien activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Au final, poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.
    22 Mars 2008 12:42:46

    Je l'ai fait mais tu ne m'a pas demandé de poster le rapport :p  Je le poste ?
    22 Mars 2008 12:43:34

    Ah bah tu as édité :p  Ok je te le poste :


    Username "Alix" - 22/03/2008 12:14:21 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7BD85E32-FEA7-43BC-A374-C93C6F14EEEE}
    "DhcpNameServer"="85.255.115.157,85.255.112.97" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F9A89054-8A7E-4F44-A085-FBFFC57A475F}
    "DhcpNameServer"="85.255.115.157,85.255.112.97" <Value cleared.

    Cache de résolution DNS vidé.
    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
    "KeyBoard"="C:\\PROGRA~1\\Labtec\\LABTEC~1\\Keyboard.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "WinVNC"="\"D:\\UltraVNC\\winvnc.exe\" -servicehelper"
    "htxduvs"="c:\\windows\\system32\\htxduvs.exe htxduvs"
    "NWEReboot"=""
    "SkyTel"="SkyTel.EXE"
    "CTFMon"="C:\\WINDOWS\\system\\System\\ctf\\ctfmon.exe /b"
    "SystemXP1"="\"C:\\WINDOWS\\regedit.exe\" -s \"C:\\WINDOWS\\system\\System\\NO\\settings.reg\""
    "SystemNT1"="\"C:\\WINDOWS\\system\\System\\FZS\\FlashPlayer.exe\" /install"
    "SystemNT2"="\"C:\\WINDOWS\\system\\System\\FZS\\FlashPlayer.exe\" /start"
    "RTHDCPL"="RTHDCPL.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"D:\\iTunesHelper.exe\""
    "lsassxp"="C:\\WINDOWS\\lsassxp.exe"
    "WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
    "901d8676"="rundll32.exe \"C:\\WINDOWS\\system32\\rkkneota.dll\",b"
    "BM932eb5ea"="Rundll32.exe \"C:\\WINDOWS\\system32\\ucqrbaan.dll\",s"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\PROGRA~1\\WINDOW~4\\MESSEN~1\\msnmsgr.exe\" /background"
    "VoipStunt"="\"D:\\VoipStunt\\VoipStunt.exe\" -nosplash -minimized"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "ares"="\"D:\\Ares\\Ares.exe\" -h"
    "BitTorrent"="\"D:\\bittorrent.exe\" --force_start_minimized"
    "Magentic"="C:\\PROGRA~1\\Magentic\\bin\\Magentic.exe /c"
    "VoipDiscount"="\"D:\\VoipDiscount\\VoipDiscount.exe\" -nosplash -minimized"
    "lmdsxiwxig"="c:\\documents and settings\\alix\\local settings\\application data\\lmdsxiwxig.exe lmdsxiwxig"
    "Steam"="\"D:\\counterstrikesource\\Steam.exe\" -silent"
    "Vidalia"="\"C:\\Program Files\\Vidalia Bundle\\Vidalia\\vidalia.exe\""
    "Yodm3D"="C:\\Documents and Settings\\Alix\\Bureau\\yodm-3d\\yodm-3d\\Yodm3D.exe"
    "Orb"="\"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe\" /background"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
    22 Mars 2008 12:47:20

    Re,

    Poste un nouveau hijackthis stp ;) 
    22 Mars 2008 12:49:27

    Voilà :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at Niixo 12:49:09, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    D:\Apache\Apache.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    D:\Apache\Apache.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\srksrv.exe
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    D:\nessusd.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    D:\iTunesHelper.exe
    C:\WINDOWS\lsassxp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\counterstrikesource\Steam.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\hamachi.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: {99712aab-46e6-5e98-a714-13c042a14c61} - {16c41a24-0c31-417a-89e5-6e64baa21799} - C:\WINDOWS\system32\cabxsess.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {67fb8436-9794-487a-a8b2-a6f825cb0261} - C:\WINDOWS\system32\tmp9B.tmp.dll (file missing)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcbxvv.dll (file missing)
    O2 - BHO: (no name) - {707476e3-cc1e-4074-8da8-5c6fc77e19e7} - C:\WINDOWS\system32\cry_32.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D66D8AD9-6D61-4681-B47F-419B204BC56F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [htxduvs] c:\windows\system32\htxduvs.exe htxduvs
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
    O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
    O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
    O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lsassxp] C:\WINDOWS\lsassxp.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [901d8676] rundll32.exe "C:\WINDOWS\system32\rkkneota.dll",b
    O4 - HKLM\..\Run: [BM932eb5ea] Rundll32.exe "C:\WINDOWS\system32\ucqrbaan.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [lmdsxiwxig] c:\documents and settings\alix\local settings\application data\lmdsxiwxig.exe lmdsxiwxig
    O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = ?
    O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
    O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.97
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD85E32-FEA7-43BC-A374-C93C6F14EEEE}: NameServer = 85.255.115.157,85.255.112.97
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\vtsqppq.dll
    O20 - Winlogon Notify: cry_32 - cry_32.dll (file missing)
    O20 - Winlogon Notify: efcbxvv - efcbxvv.dll (file missing)
    O20 - Winlogon Notify: kbdcab - kbdcab.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alix\Application Data\tmp2E59.tmp.exe (file missing)
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

    --
    End of file - 15559 bytes



    Je m'absente je reviens vers 6heures ;) 
    22 Mars 2008 12:56:45

    Re,

    Il y a de la résistance :D 

    1) Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis 2 et valide.

    Le fix va t'informer qu'il va alors redémarrer ton PC
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé.
    (si ton PC ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le bloc note va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver
    Referme le bloc note. Ton bureau va réapparaître

    PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Cela te fera apparaître ton bureau


    2) Imprime ces instructions si nécessaire car il va y avoir un redémarrage de l'ordinateur.

    Télécharge le FixWareout (LonnyRJones[/#f]) sur le Bureau.
    **Si le lien ne fonctionne pas, clique [#ff0000]ici
    **

    Lance le fix (FixWareout.exe), clique sur Next puis Install.
    Assure-toi que Run fixit soit bien activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis : ( si présentes !!! )

    Citation :
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.97
    O17 - HKLM\System\CS2\Services\Tcpip\..\{7BD85E32-FEA7-43BC-A374-C93C6F14EEEE}: NameServer = 85.255.115.157,85.255.112.97


    N.B : Il se peut que tu perdes ta connection internet après cette manip'. Si c'est le cas fais ceci :

    Citation :
    - Vas dans démarrer/panneau de configuration et choisis connection réseaux.
    - Fais un clic droit sur l'icône correspondant à ta connection réseau internet
    - Puis choisis propriétés
    - Doubles-cliques sur protocole TCP/IP
    - Dans l'onglet général, vérifies qu'est coché "obtenir une adresse IP automatiquement"
    - Valides 2 fois par OK
    - Redémarres ton ordinateur



    Au final, poste le contenu de C:\fixwareout\report.txt.

    3) Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

    http://www.atribune.org/ccount/click.php?id=4

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note:
    Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

    Bonne après midi :hello: 
    22 Mars 2008 18:23:58

    Voilà comme promis le Contenu de C:/fixwareout/report.txt :



    Username "Alix" - 22/03/2008 18:16:24 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Cache de résolution DNS vidé.
    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
    "LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
    "KeyBoard"="C:\\PROGRA~1\\Labtec\\LABTEC~1\\Keyboard.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "WinVNC"="\"D:\\UltraVNC\\winvnc.exe\" -servicehelper"
    "htxduvs"="c:\\windows\\system32\\htxduvs.exe htxduvs"
    "NWEReboot"=""
    "SkyTel"="SkyTel.EXE"
    "CTFMon"="C:\\WINDOWS\\system\\System\\ctf\\ctfmon.exe /b"
    "SystemXP1"="\"C:\\WINDOWS\\regedit.exe\" -s \"C:\\WINDOWS\\system\\System\\NO\\settings.reg\""
    "SystemNT1"="\"C:\\WINDOWS\\system\\System\\FZS\\FlashPlayer.exe\" /install"
    "SystemNT2"="\"C:\\WINDOWS\\system\\System\\FZS\\FlashPlayer.exe\" /start"
    "RTHDCPL"="RTHDCPL.EXE"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"D:\\iTunesHelper.exe\""
    "lsassxp"="C:\\WINDOWS\\lsassxp.exe"
    "WinampAgent"="\"C:\\Program Files\\Winamp\\winampa.exe\""
    "901d8676"="rundll32.exe \"C:\\WINDOWS\\system32\\rkkneota.dll\",b"
    "BM932eb5ea"="Rundll32.exe \"C:\\WINDOWS\\system32\\ucqrbaan.dll\",s"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MsnMsgr"="\"C:\\PROGRA~1\\WINDOW~4\\MESSEN~1\\msnmsgr.exe\" /background"
    "VoipStunt"="\"D:\\VoipStunt\\VoipStunt.exe\" -nosplash -minimized"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "ares"="\"D:\\Ares\\Ares.exe\" -h"
    "BitTorrent"="\"D:\\bittorrent.exe\" --force_start_minimized"
    "Magentic"="C:\\PROGRA~1\\Magentic\\bin\\Magentic.exe /c"
    "VoipDiscount"="\"D:\\VoipDiscount\\VoipDiscount.exe\" -nosplash -minimized"
    "Steam"="\"D:\\counterstrikesource\\Steam.exe\" -silent"
    "Vidalia"="\"C:\\Program Files\\Vidalia Bundle\\Vidalia\\vidalia.exe\""
    "Yodm3D"="C:\\Documents and Settings\\Alix\\Bureau\\yodm-3d\\yodm-3d\\Yodm3D.exe"
    "Orb"="\"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe\" /background"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~


    Je continue l'étape 3 !
    22 Mars 2008 18:33:54

    Dans l'étape 3 tu me demandes à la fin du scan de Vundo de cliquer sur "Remove Vundo" mais je ne vois aucuns boutons !

    Voilà ce que j'ai :

    22 Mars 2008 18:58:15

    Re,

    Tu cliques sur "fixvundo", c'est pareil :p  Ensuite tu me postes le rapport ;) 

    Et après tu fais ça :

    1) Affiche les fichiers et dossiers cachés …
    Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
    Ensuite, clique sur > Outils > Options des dossiers ...
    clique sur l' onglet « Affichage » et ...
    coche ---> Afficher les fichiers et dossiers cachés
    décoche > Masquer les extensions des fichiers dont le type est connu
    décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
    « Appliquer » et « OK ».

    2) Désactive toute protection résidente ( antivirus…) !

    Télécharge Combofix de sUBs :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !


    Redémarre en mode sans échecs : aide ici >>>

    http://forum.telecharger.01net.com/telecharger/virus_et...
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    3) Copie/colle un nouveau rapport HiJackThis avec.

    ;) 
    22 Mars 2008 19:04:59

    Voici le rapport Vundo Fix :



    VundoFix V7.0.3

    Scan started at 18:24:29 Niixo 22/03/2008

    Listing files found while scanning....

    C:\WINDOWS\nqprru.ini
    C:\windows\system32\awtqq.exe
    C:\WINDOWS\system32\efcbxvv.dll
    C:\WINDOWS\system32\kqhjohxv.dll
    C:\windows\system32\mljghgh.dll
    C:\windows\system32\mlljk.exe
    C:\windows\system32\sstqqrs.dll
    C:\WINDOWS\system32\wbopljsj.dll
    C:\WINDOWS\urrpqn.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\nqprru.ini
    C:\WINDOWS\nqprru.ini Has been deleted!

    Attempting to delete C:\windows\system32\awtqq.exe
    C:\windows\system32\awtqq.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kqhjohxv.dll
    C:\WINDOWS\system32\kqhjohxv.dll Has been deleted!

    Attempting to delete C:\windows\system32\mljghgh.dll
    C:\windows\system32\mljghgh.dll Has been deleted!

    Attempting to delete C:\windows\system32\mlljk.exe
    C:\windows\system32\mlljk.exe Has been deleted!

    Attempting to delete C:\windows\system32\sstqqrs.dll
    C:\windows\system32\sstqqrs.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wbopljsj.dll
    C:\WINDOWS\system32\wbopljsj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\urrpqn.dll
    C:\WINDOWS\urrpqn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    22 Mars 2008 19:31:34

    Et voilà pour le rapport de ComboFix :

    ComboFix 08-03-22.1 - Alix 2008-03-22 19:10:45.1 - NTFSx86 MINIMAL
    Endroit: C:\Documents and Settings\Alix\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Alix\Application Data\FunWebProducts
    C:\Documents and Settings\Alix\Application Data\macromedia\Flash Player\#SharedObjects\EYFH5CVW\iforex.com
    C:\Documents and Settings\Alix\Application Data\macromedia\Flash Player\#SharedObjects\EYFH5CVW\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Alix\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Alix\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\msn.exe
    C:\Program Files\ContextTool
    C:\Program Files\ContextTool\ContextHelper.dat
    C:\Program Files\ContextTool\pcre3.dll
    C:\Program Files\ContextTool\uninstall.exe
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0023AADC.urr
    C:\Program Files\FunWebProducts\Shared\00A43B84.dat
    C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\00A1E64A
    C:\Program Files\MyWebSearch\bar\Cache\00A1EF14
    C:\Program Files\MyWebSearch\bar\Cache\00A30CC8.bin
    C:\Program Files\MyWebSearch\bar\Cache\00A3114C.bin
    C:\Program Files\MyWebSearch\bar\Cache\00A31469.bin
    C:\Program Files\MyWebSearch\bar\Cache\00A316AB.bin
    C:\Program Files\MyWebSearch\bar\Cache\00A4CF19.bin
    C:\Program Files\MyWebSearch\bar\Cache\00A4D68C.bin
    C:\Program Files\MyWebSearch\bar\Cache\00C53F9B.bin
    C:\Program Files\MyWebSearch\bar\Cache\00C5422B.bin
    C:\Program Files\MyWebSearch\bar\Cache\00C5440F.bin
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
    C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
    C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\WINDOWS\BM932eb5ea.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\ahqlniis.ini
    C:\WINDOWS\system32\akruphua.ini
    C:\WINDOWS\system32\arevbbtp.dll
    C:\WINDOWS\system32\atoenkkr.ini
    C:\WINDOWS\system32\aylqpxqv.ini
    C:\WINDOWS\system32\behhhill.dll
    C:\WINDOWS\system32\biowflda.dll
    C:\WINDOWS\system32\bmrhuafg.dll
    C:\WINDOWS\system32\bvwbabhb.ini
    C:\WINDOWS\system32\cabxsess.dll
    C:\WINDOWS\system32\ccncknxa.ini
    C:\WINDOWS\system32\cmrucdte.dll
    C:\WINDOWS\system32\cqydrrxh.dll
    C:\WINDOWS\system32\cuubstjq.dll
    C:\WINDOWS\system32\dfysxmlq.dll
    C:\WINDOWS\system32\dhvtidsq.dll
    C:\WINDOWS\system32\dmncxbvo.ini
    C:\WINDOWS\system32\dnfdmskn.ini
    C:\WINDOWS\system32\dnffdhpu.dll
    C:\WINDOWS\system32\dxeoqeev.dll
    C:\WINDOWS\system32\ehamkwjy.dll
    C:\WINDOWS\system32\etptevil.ini
    C:\WINDOWS\system32\eyhujrjt.dll
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\fnwomduw.dll
    C:\WINDOWS\system32\fshlhcec.ini
    C:\WINDOWS\system32\fvowtkbe.ini
    C:\WINDOWS\system32\gakhsdel.dll
    C:\WINDOWS\system32\gcoparqi.dll
    C:\WINDOWS\system32\girkoylo.ini
    C:\WINDOWS\system32\grejdfeb.ini
    C:\WINDOWS\system32\hecldyap.dll
    C:\WINDOWS\system32\hhhaupkn.ini
    C:\WINDOWS\system32\hjmpoyup.ini
    C:\WINDOWS\system32\idtmhoik.dll
    C:\WINDOWS\system32\ikosrhds.ini
    C:\WINDOWS\system32\iqalquok.ini
    C:\WINDOWS\system32\ixrucyfs.dll
    C:\WINDOWS\system32\jfjsgpvy.dll
    C:\WINDOWS\system32\jximpaet.dll
    C:\WINDOWS\system32\kdeiudut.ini
    C:\WINDOWS\system32\kduqpfiy.dll
    C:\WINDOWS\system32\kxxiwuan.dll
    C:\WINDOWS\system32\lahagmxg.ini
    C:\WINDOWS\system32\lbugjdpb.dll
    C:\WINDOWS\system32\ljhasnaa.ini
    C:\WINDOWS\system32\llktqnwk.dll
    C:\WINDOWS\system32\lobpfykg.ini
    C:\WINDOWS\system32\lprugiel.dll
    C:\WINDOWS\system32\lxkycsqy.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\navswpah.dll
    C:\WINDOWS\system32\nktlwlxh.dll
    C:\WINDOWS\system32\ojdccgwv.ini
    C:\WINDOWS\system32\omjdltpj.dll
    C:\WINDOWS\system32\ouontsrw.ini
    C:\WINDOWS\system32\pllfxcjr.dll
    C:\WINDOWS\system32\pmejcowm.dll
    C:\WINDOWS\system32\ptynoenk.dll
    C:\WINDOWS\system32\qilrodpx.dll
    C:\WINDOWS\system32\rkkneota.dll
    C:\WINDOWS\system32\roxqmwbq.dll
    C:\WINDOWS\system32\rucynoum.dll
    C:\WINDOWS\system32\rwdfbwqx.dll
    C:\WINDOWS\system32\shpsddfg.dll
    C:\WINDOWS\system32\sqxaxpcq.dll
    C:\WINDOWS\system32\srqss.bak1
    C:\WINDOWS\system32\srqss.bak2
    C:\WINDOWS\system32\srqss.ini
    C:\WINDOWS\system32\srqss.ini2
    C:\WINDOWS\system32\srqss.tmp
    C:\WINDOWS\system32\sskjrwfc.dll
    C:\WINDOWS\system32\stegptrv.dll
    C:\WINDOWS\system32\tavcbkao.ini
    C:\WINDOWS\system32\thhjpkdb.ini
    C:\WINDOWS\system32\tiirpreb.ini
    C:\WINDOWS\system32\tivdgroo.dll
    C:\WINDOWS\system32\tmkcwwbd.dll
    C:\WINDOWS\system32\tnalsnrm.dll
    C:\WINDOWS\system32\tpwsqbvl.ini
    C:\WINDOWS\system32\treunaal.dll
    C:\WINDOWS\system32\ucqrbaan.dll
    C:\WINDOWS\system32\uhkupxdw.dll
    C:\WINDOWS\system32\urubwfju.dll
    C:\WINDOWS\system32\utsgrple.ini
    C:\WINDOWS\system32\utygxons.dll
    C:\WINDOWS\system32\vampwgkp.dll
    C:\WINDOWS\system32\vkhbavqh.ini
    C:\WINDOWS\system32\voahnrod.dll
    C:\WINDOWS\system32\vtlnrfur.dll
    C:\WINDOWS\system32\vvfrwkmq.dll
    C:\WINDOWS\system32\vxhkbdno.ini
    C:\WINDOWS\system32\vxtrnxfd.dll
    C:\WINDOWS\system32\wgehvuxf.ini
    C:\WINDOWS\system32\whpqyaon.dll
    C:\WINDOWS\system32\wifrldgw.dll
    C:\WINDOWS\system32\xejhpyyj.dll
    C:\WINDOWS\system32\xufslxbi.ini
    C:\WINDOWS\system32\xxuuokqp.dll
    C:\WINDOWS\system32\xyeedrwl.dll
    C:\WINDOWS\system32\xynbljqt.dll
    C:\WINDOWS\system32\ybgmnpwo.ini
    C:\WINDOWS\system32\ydnyryde.dll
    C:\WINDOWS\system32\yfgjapau.dll
    C:\WINDOWS\system32\ygpgqlww.ini
    C:\WINDOWS\system32\ymljlrep.ini
    C:\WINDOWS\system32\yplkxjos.dll
    C:\WINDOWS\system32\yxdidgvb.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DOMAINSERVICE
    -------\Service_DomainService


    ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
    .

    2008-03-22 18:24 . 2008-03-22 18:24 <REP> d-------- C:\VundoFix Backups
    2008-03-22 12:13 . 2008-03-22 18:18 <REP> d-------- C:\fixwareout
    2008-03-22 11:25 . 2008-03-22 11:26 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-22 11:17 . 2008-03-21 00:23 <REP> d-------- C:\SDFix
    2008-03-15 18:08 . 2008-03-15 18:08 <REP> d-------- C:\Program Files\OpenAL
    2008-03-15 18:08 . 2008-03-15 18:08 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-03-15 18:08 . 2008-03-15 18:08 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-03-15 16:28 . 2008-03-15 16:28 <REP> d-------- C:\Program Files\MSBuild
    2008-03-15 16:28 . 2008-03-15 16:28 <REP> d-------- C:\Program Files\Microsoft Works
    2008-03-15 16:27 . 2008-03-15 16:27 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-15 16:24 . 2008-03-15 16:24 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-03-15 16:20 . 2008-03-15 16:20 <REP> dr-h----- C:\MSOCache
    2008-03-15 16:10 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-03-15 16:10 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-03-15 16:10 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-03-15 16:10 . 2008-03-15 16:10 15,397 --a------ C:\Program Files\settings.dat
    2008-03-12 13:33 . 2008-03-22 19:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-12 13:33 . 2008-03-12 13:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-10 16:50 . 2008-03-10 16:50 <REP> d-------- C:\Program Files\Winamp Remote
    2008-03-10 16:50 . 2008-03-10 16:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
    2008-03-10 16:48 . 2008-03-10 17:55 <REP> d-------- C:\Documents and Settings\Alix\Application Data\Winamp
    2008-03-10 16:33 . 2007-09-03 17:13 393,216 --a------ C:\WINDOWS\system32\GDS32.DLL
    2008-03-10 16:27 . 2008-03-10 16:27 <REP> d-------- C:\Program Files\DivX
    2008-03-09 18:23 . 2008-03-10 18:40 <REP> d-------- C:\Program Files\SpacialAudio
    2008-03-09 18:23 . 2008-03-10 16:33 <REP> d-------- C:\Program Files\Firebird
    2008-03-09 18:02 . 2008-03-09 18:02 <REP> d-------- C:\Program Files\SHOUTcast
    2008-03-09 17:44 . 2008-03-09 17:44 <REP> d-------- C:\Program Files\Tir
    2008-03-09 17:40 . 2008-03-09 17:40 <REP> d-------- C:\plug
    2008-03-09 17:40 . 1998-10-03 17:12 3,919,360 --a------ C:\odnis.exe
    2008-03-09 17:40 . 1997-07-28 12:33 100,352 --a------ C:\WINDOWS\system32\CmCtlFR.dll
    2008-03-09 17:40 . 1998-09-15 16:56 80,896 --a------ C:\mbrola.exe
    2008-03-09 17:40 . 1997-08-04 19:03 27,648 --a------ C:\WINDOWS\system32\ZTRAY.OCX
    2008-03-09 17:40 . 2008-03-09 17:41 616 --a------ C:\odnis.cfg
    2008-03-09 17:40 . 1998-07-14 19:17 128 --a------ C:\silence.wav
    2008-03-09 17:39 . 1998-04-06 23:43 96,256 --a------ C:\WINDOWS\system32\VB5FR.dll
    2008-03-09 17:39 . 1997-02-27 00:00 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
    2008-03-09 17:39 . 1997-02-27 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
    2008-03-09 10:43 . 2008-03-09 10:49 4,233,448 --a------ C:\WINDOWS\system32\lncom_.mp3
    2008-03-09 10:43 . 2008-03-09 10:49 350,764 --a------ C:\WINDOWS\system32\lncom.exe
    2008-03-07 21:11 . 2008-03-22 19:02 <REP> d-------- C:\Documents and Settings\Alix\Application Data\OpenOffice.org2
    2008-03-07 20:54 . 2008-03-07 20:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-03-04 16:52 . 2008-03-04 16:55 <REP> d-------- C:\Program Files\Dofus_Beta
    2008-03-03 18:03 . 2008-03-03 18:04 <REP> d-------- C:\Program Files\Hotspot Shield
    2008-02-29 20:21 . 2008-02-29 20:47 <REP> d-------- C:\Program Files\uTorrent
    2008-02-29 20:21 . 2008-02-29 21:04 <REP> d-------- C:\Documents and Settings\Alix\Application Data\uTorrent
    2008-02-26 19:28 . 2008-02-26 19:28 <REP> d-------- C:\Program Files\SmartFTP Client
    2008-02-26 19:27 . 2008-02-26 19:27 <REP> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
    2008-02-23 13:09 . 2008-02-23 13:09 <REP> d-------- C:\Documents and Settings\Alix\Application Data\e frontier
    2008-02-23 13:09 . 2008-02-23 13:09 3,120 --a------ C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
    2008-02-23 13:09 . 2008-02-23 13:09 3,120 --a------ C:\WINDOWS\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
    2008-02-22 18:14 . 2008-02-22 18:14 <REP> d-------- C:\Program Files\Pivot Stickfigure Animator

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-22 18:22 --------- d-----w C:\Documents and Settings\Alix\Application Data\tor
    2008-03-22 18:21 --------- d-----w C:\Documents and Settings\Alix\Application Data\Hamachi
    2008-03-22 18:02 --------- d-----w C:\Documents and Settings\Alix\Application Data\Vidalia
    2008-03-22 17:14 --------- d-----w C:\Program Files\Navilog1
    2008-03-22 11:14 --------- d-----w C:\Documents and Settings\Alix\Application Data\Skype
    2008-03-21 21:53 --------- d-----w C:\Documents and Settings\Alix\Application Data\FileZilla
    2008-03-21 18:45 --------- d-----w C:\Program Files\PhotoFiltre Studio
    2008-03-15 17:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-03-12 17:18 --------- d-----w C:\Documents and Settings\Alix\Application Data\gtk-2.0
    2008-03-10 16:03 --------- d-----w C:\Program Files\Winamp
    2008-03-09 16:48 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-09 10:46 --------- d-----w C:\Program Files\eMule
    2008-02-24 15:20 --------- d-----w C:\Documents and Settings\Alix\Application Data\CoreFTP
    2008-02-21 13:08 93,760 ----a-w C:\WINDOWS\system32\qwxattfo.dll
    2008-02-21 09:13 93,760 ----a-w C:\WINDOWS\system32\oarxhkxs.dll
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-18 13:04 93,248 ----a-w C:\WINDOWS\system32\sgaclrpf.dll
    2008-02-18 08:03 97,344 ----a-w C:\WINDOWS\system32\pbucqijf.dll
    2008-02-16 22:31 1,125,948 ----a-w C:\WINDOWS\lsassxp.exe
    2008-02-16 21:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-02-16 07:49 91,712 ----a-w C:\WINDOWS\system32\uobnuyeg.dll
    2008-02-15 06:59 91,200 ----a-w C:\WINDOWS\system32\lrxpchvq.dll
    2008-02-14 18:07 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-13 17:05 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-02-01 17:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-01 17:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-25 19:07 --------- d-----w C:\Program Files\Bonjour
    2008-01-25 18:56 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-01-23 21:25 27,136 ----a-w C:\WINDOWS\system32\drivers\tapvpn.sys
    2008-01-08 19:15 357 -c--a-w C:\Documents and Settings\Alix\.cb_layout.bin
    2008-01-05 13:33 27,136 ----a-w C:\WINDOWS\Pplugin8.exe
    2008-01-05 13:33 17,331 ----a-w C:\WINDOWS\Pplugin10xa.exe
    2008-01-05 13:32 66,048 ----a-w C:\WINDOWS\PpluginCd.dll
    2008-01-05 13:32 10,585 ----a-w C:\WINDOWS\Pplugin4.exe
    2008-01-05 12:48 37,124 ----a-w C:\WINDOWS\system32\imsn.exe
    2008-01-05 12:48 17,920 ----a-w C:\WINDOWS\system32\Instmsng.dll
    2007-11-03 11:53 856,064 ----a-w C:\Documents and Settings\Alix\pro4.exe
    2007-03-04 15:43 47,360 -c--a-w C:\Documents and Settings\Alix\Application Data\pcouffin.sys
    2005-09-15 04:47 1,335,296 ----a-w C:\Documents and Settings\Alix\Nero 7 Premium Final.exe
    1998-01-03 13:37 59,392 ----a-w C:\Documents and Settings\Alix\nc.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67fb8436-9794-487a-a8b2-a6f825cb0261}]
    C:\WINDOWS\system32\tmp9B.tmp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707476e3-cc1e-4074-8da8-5c6fc77e19e7}]
    C:\WINDOWS\system32\cry_32.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D66D8AD9-6D61-4681-B47F-419B204BC56F}]
    C:\WINDOWS\system32\ssqrs.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "VoipStunt"="D:\VoipStunt\VoipStunt.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ares"="D:\Ares\Ares.exe" [ ]
    "BitTorrent"="D:\bittorrent.exe" [ ]
    "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [ ]
    "VoipDiscount"="D:\VoipDiscount\VoipDiscount.exe" [ ]
    "Steam"="D:\counterstrikesource\Steam.exe" [2008-03-17 15:18 1266936]
    "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288]
    "Yodm3D"="C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe" [2007-06-26 19:26 2058752]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-09 13:16 949376]
    "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-07-31 15:14 484864]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "WinVNC"="D:\UltraVNC\winvnc.exe" [ ]
    "NWEReboot"="" []
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "CTFMon"="C:\WINDOWS\system\System\ctf\ctfmon.exe" [2006-11-28 19:26 75776]
    "SystemXP1"="C:\WINDOWS\regedit.exe" [2006-03-02 13:00 153088]
    "SystemNT1"="C:\WINDOWS\system\System\FZS\FlashPlayer.exe" [2006-12-11 12:12 576000]
    "SystemNT2"="C:\WINDOWS\system\System\FZS\FlashPlayer.exe" [2006-12-11 12:12 576000]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 13:08 16050688 C:\WINDOWS\RTHDCPL.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="D:\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "lsassxp"="C:\WINDOWS\lsassxp.exe" [2008-02-16 23:31 1125948]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="logonui.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cry_32]
    cry_32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxvv]
    efcbxvv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdcab]
    kbdcab.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\vtsqppq.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "D:\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "D:\\SonicText\\BF2.exe"=
    "C:\\WINDOWS\\system32\\mcoinstall.exe"=
    "D:\\Dreamweaver 8\\Dreamweaver.exe"=
    "D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "D:\\Program Files\\BF2.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "D:\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "90:TCP"= 90:TCP:D arkhotel

    *Newly Created Service* - PCALERTDRIVER
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-15 21:14:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 19:19:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\Apache\Apache.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Apache\Apache.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    C:\WINDOWS\system32\srksrv.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\hamachi.exe
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Vidalia Bundle\Tor\tor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-22 19:28:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-22 18:28:15
    .
    2008-03-15 17:05:49 --- E O F ---
    22 Mars 2008 19:32:32

    Et voilà pour HiJackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at Niixo 19:31:34, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Apache\Apache.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Apache\Apache.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\iTunesHelper.exe
    C:\WINDOWS\lsassxp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    D:\counterstrikesource\Steam.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    C:\WINDOWS\system32\srksrv.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\hamachi.exe
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Vidalia Bundle\Tor\tor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {67fb8436-9794-487a-a8b2-a6f825cb0261} - C:\WINDOWS\system32\tmp9B.tmp.dll (file missing)
    O2 - BHO: (no name) - {707476e3-cc1e-4074-8da8-5c6fc77e19e7} - C:\WINDOWS\system32\cry_32.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {D66D8AD9-6D61-4681-B47F-419B204BC56F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
    O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
    O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
    O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lsassxp] C:\WINDOWS\lsassxp.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = ?
    O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
    O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\vtsqppq.dll
    O20 - Winlogon Notify: cry_32 - cry_32.dll (file missing)
    O20 - Winlogon Notify: efcbxvv - efcbxvv.dll (file missing)
    O20 - Winlogon Notify: kbdcab - kbdcab.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

    --
    End of file - 14434 bytes
    22 Mars 2008 21:00:51

    Re,

    1) Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\WINDOWS\system32\qwxattfo.dll
    C:\WINDOWS\system32\oarxhkxs.dll
    C:\WINDOWS\system32\sgaclrpf.dll
    C:\WINDOWS\system32\pbucqijf.dll
    C:\WINDOWS\system32\uobnuyeg.dll
    C:\WINDOWS\system32\lrxpchvq.dll
    C:\WINDOWS\system32\Instmsng.dll
    C:\WINDOWS\system32\imsn.exe
    c:\windows\system32\vtsqppq.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67fb8436-9794-487a-a8b2-a6f825cb0261}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{707476e3-cc1e-4074-8da8-5c6fc77e19e7}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D66D8AD9-6D61-4681-B47F-419B204BC56F}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cry_32]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxvv]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbdcab]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=-



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.

    2) Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\lsassxp.exe
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    C:\WINDOWS\system32\srksrv.exe

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    Bonne soirée :hello: 
    22 Mars 2008 21:14:29

    Voilà ComBofix :

    ComboFix 08-03-22.1 - Alix 2008-03-22 21:05:19.2 - NTFSx86
    Endroit: C:\Documents and Settings\Alix\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Alix\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\imsn.exe
    C:\WINDOWS\system32\Instmsng.dll
    C:\WINDOWS\system32\lrxpchvq.dll
    C:\WINDOWS\system32\oarxhkxs.dll
    C:\WINDOWS\system32\pbucqijf.dll
    C:\WINDOWS\system32\qwxattfo.dll
    C:\WINDOWS\system32\sgaclrpf.dll
    C:\WINDOWS\system32\uobnuyeg.dll
    c:\windows\system32\vtsqppq.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\imsn.exe
    C:\WINDOWS\system32\Instmsng.dll
    C:\WINDOWS\system32\lrxpchvq.dll
    C:\WINDOWS\system32\oarxhkxs.dll
    C:\WINDOWS\system32\pbucqijf.dll
    C:\WINDOWS\system32\qwxattfo.dll
    C:\WINDOWS\system32\sgaclrpf.dll
    C:\WINDOWS\system32\uobnuyeg.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-22 to 2008-03-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-22 18:24 . 2008-03-22 18:24 <REP> d-------- C:\VundoFix Backups
    2008-03-22 12:13 . 2008-03-22 18:18 <REP> d-------- C:\fixwareout
    2008-03-22 11:25 . 2008-03-22 11:26 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-22 11:17 . 2008-03-21 00:23 <REP> d-------- C:\SDFix
    2008-03-15 18:08 . 2008-03-15 18:08 <REP> d-------- C:\Program Files\OpenAL
    2008-03-15 18:08 . 2008-03-15 18:08 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-03-15 18:08 . 2008-03-15 18:08 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-03-15 16:28 . 2008-03-15 16:28 <REP> d-------- C:\Program Files\MSBuild
    2008-03-15 16:28 . 2008-03-15 16:28 <REP> d-------- C:\Program Files\Microsoft Works
    2008-03-15 16:27 . 2008-03-15 16:27 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-15 16:24 . 2008-03-15 16:24 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-03-15 16:20 . 2008-03-15 16:20 <REP> dr-h----- C:\MSOCache
    2008-03-15 16:10 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-03-15 16:10 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-03-15 16:10 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-03-15 16:10 . 2008-03-15 16:10 15,397 --a------ C:\Program Files\settings.dat
    2008-03-12 13:33 . 2008-03-22 19:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-12 13:33 . 2008-03-12 13:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-10 16:50 . 2008-03-10 16:50 <REP> d-------- C:\Program Files\Winamp Remote
    2008-03-10 16:50 . 2008-03-10 16:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
    2008-03-10 16:48 . 2008-03-10 17:55 <REP> d-------- C:\Documents and Settings\Alix\Application Data\Winamp
    2008-03-10 16:33 . 2007-09-03 17:13 393,216 --a------ C:\WINDOWS\system32\GDS32.DLL
    2008-03-10 16:27 . 2008-03-10 16:27 <REP> d-------- C:\Program Files\DivX
    2008-03-09 18:23 . 2008-03-10 18:40 <REP> d-------- C:\Program Files\SpacialAudio
    2008-03-09 18:23 . 2008-03-10 16:33 <REP> d-------- C:\Program Files\Firebird
    2008-03-09 18:02 . 2008-03-09 18:02 <REP> d-------- C:\Program Files\SHOUTcast
    2008-03-09 17:44 . 2008-03-09 17:44 <REP> d-------- C:\Program Files\Tir
    2008-03-09 17:40 . 2008-03-09 17:40 <REP> d-------- C:\plug
    2008-03-09 17:40 . 1998-10-03 17:12 3,919,360 --a------ C:\odnis.exe
    2008-03-09 17:40 . 1997-07-28 12:33 100,352 --a------ C:\WINDOWS\system32\CmCtlFR.dll
    2008-03-09 17:40 . 1998-09-15 16:56 80,896 --a------ C:\mbrola.exe
    2008-03-09 17:40 . 1997-08-04 19:03 27,648 --a------ C:\WINDOWS\system32\ZTRAY.OCX
    2008-03-09 17:40 . 2008-03-09 17:41 616 --a------ C:\odnis.cfg
    2008-03-09 17:40 . 1998-07-14 19:17 128 --a------ C:\silence.wav
    2008-03-09 17:39 . 1998-04-06 23:43 96,256 --a------ C:\WINDOWS\system32\VB5FR.dll
    2008-03-09 17:39 . 1997-02-27 00:00 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
    2008-03-09 17:39 . 1997-02-27 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
    2008-03-09 10:43 . 2008-03-09 10:49 4,233,448 --a------ C:\WINDOWS\system32\lncom_.mp3
    2008-03-09 10:43 . 2008-03-09 10:49 350,764 --a------ C:\WINDOWS\system32\lncom.exe
    2008-03-07 21:11 . 2008-03-22 19:22 <REP> d-------- C:\Documents and Settings\Alix\Application Data\OpenOffice.org2
    2008-03-07 20:54 . 2008-03-07 20:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-03-04 16:52 . 2008-03-04 16:55 <REP> d-------- C:\Program Files\Dofus_Beta
    2008-03-03 18:03 . 2008-03-03 18:04 <REP> d-------- C:\Program Files\Hotspot Shield
    2008-02-29 20:21 . 2008-02-29 20:47 <REP> d-------- C:\Program Files\uTorrent
    2008-02-29 20:21 . 2008-02-29 21:04 <REP> d-------- C:\Documents and Settings\Alix\Application Data\uTorrent
    2008-02-26 19:28 . 2008-02-26 19:28 <REP> d-------- C:\Program Files\SmartFTP Client
    2008-02-26 19:27 . 2008-02-26 19:27 <REP> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
    2008-02-23 13:09 . 2008-02-23 13:09 <REP> d-------- C:\Documents and Settings\Alix\Application Data\e frontier
    2008-02-23 13:09 . 2008-02-23 13:09 3,120 --a------ C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
    2008-02-23 13:09 . 2008-02-23 13:09 3,120 --a------ C:\WINDOWS\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
    2008-02-22 18:14 . 2008-02-22 18:14 <REP> d-------- C:\Program Files\Pivot Stickfigure Animator

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-22 20:08 --------- d-----w C:\Documents and Settings\Alix\Application Data\Hamachi
    2008-03-22 18:22 --------- d-----w C:\Documents and Settings\Alix\Application Data\tor
    2008-03-22 18:02 --------- d-----w C:\Documents and Settings\Alix\Application Data\Vidalia
    2008-03-22 17:14 --------- d-----w C:\Program Files\Navilog1
    2008-03-22 11:14 --------- d-----w C:\Documents and Settings\Alix\Application Data\Skype
    2008-03-21 21:53 --------- d-----w C:\Documents and Settings\Alix\Application Data\FileZilla
    2008-03-21 18:45 --------- d-----w C:\Program Files\PhotoFiltre Studio
    2008-03-15 17:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-03-12 17:18 --------- d-----w C:\Documents and Settings\Alix\Application Data\gtk-2.0
    2008-03-10 16:03 --------- d-----w C:\Program Files\Winamp
    2008-03-09 16:48 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-09 10:46 --------- d-----w C:\Program Files\eMule
    2008-02-24 15:20 --------- d-----w C:\Documents and Settings\Alix\Application Data\CoreFTP
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-16 22:31 1,125,948 ----a-w C:\WINDOWS\lsassxp.exe
    2008-02-16 21:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-02-14 18:07 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-13 17:05 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-02-01 17:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-01 17:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-25 19:07 --------- d-----w C:\Program Files\Bonjour
    2008-01-25 18:56 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-01-23 21:25 27,136 ----a-w C:\WINDOWS\system32\drivers\tapvpn.sys
    2008-01-08 19:15 357 -c--a-w C:\Documents and Settings\Alix\.cb_layout.bin
    2008-01-05 13:33 27,136 ----a-w C:\WINDOWS\Pplugin8.exe
    2008-01-05 13:33 17,331 ----a-w C:\WINDOWS\Pplugin10xa.exe
    2008-01-05 13:32 66,048 ----a-w C:\WINDOWS\PpluginCd.dll
    2008-01-05 13:32 10,585 ----a-w C:\WINDOWS\Pplugin4.exe
    2007-11-03 11:53 856,064 ----a-w C:\Documents and Settings\Alix\pro4.exe
    2007-03-04 15:43 47,360 -c--a-w C:\Documents and Settings\Alix\Application Data\pcouffin.sys
    2005-09-15 04:47 1,335,296 ----a-w C:\Documents and Settings\Alix\Nero 7 Premium Final.exe
    1998-01-03 13:37 59,392 ----a-w C:\Documents and Settings\Alix\nc.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-22_19.28.04.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-22 18:04:55 429,730 ----a-w C:\WINDOWS\system\System\ctf\Data\22.03.2008.dat
    + 2008-03-22 20:05:41 549,558 ----a-w C:\WINDOWS\system\System\ctf\Data\22.03.2008.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "VoipStunt"="D:\VoipStunt\VoipStunt.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ares"="D:\Ares\Ares.exe" [ ]
    "BitTorrent"="D:\bittorrent.exe" [ ]
    "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [ ]
    "VoipDiscount"="D:\VoipDiscount\VoipDiscount.exe" [ ]
    "Steam"="D:\counterstrikesource\Steam.exe" [2008-03-17 15:18 1266936]
    "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288]
    "Yodm3D"="C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe" [2007-06-26 19:26 2058752]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-09 13:16 949376]
    "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-07-31 15:14 484864]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "WinVNC"="D:\UltraVNC\winvnc.exe" [ ]
    "NWEReboot"="" []
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "CTFMon"="C:\WINDOWS\system\System\ctf\ctfmon.exe" [2006-11-28 19:26 75776]
    "SystemXP1"="C:\WINDOWS\regedit.exe" [2006-03-02 13:00 153088]
    "SystemNT1"="C:\WINDOWS\system\System\FZS\FlashPlayer.exe" [2006-12-11 12:12 576000]
    "SystemNT2"="C:\WINDOWS\system\System\FZS\FlashPlayer.exe" [2006-12-11 12:12 576000]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 13:08 16050688 C:\WINDOWS\RTHDCPL.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="D:\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "lsassxp"="C:\WINDOWS\lsassxp.exe" [2008-02-16 23:31 1125948]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="logonui.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "D:\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "D:\\SonicText\\BF2.exe"=
    "C:\\WINDOWS\\system32\\mcoinstall.exe"=
    "D:\\Dreamweaver 8\\Dreamweaver.exe"=
    "D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "D:\\Program Files\\BF2.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "D:\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "90:TCP"= 90:TCP:D arkhotel

    *Newly Created Service* - PCALERTDRIVER
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-03-15 21:14:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 21:08:21
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-22 21:12:32
    ComboFix-quarantined-files.txt 2008-03-22 20:12:29
    ComboFix2.txt 2008-03-22 18:28:20
    .
    2008-03-15 17:05:49 --- E O F ---




    Voilà pour le rapport HiJackThis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at Niixo 21:14:18, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Apache\Apache.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Apache\Apache.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    D:\iTunesHelper.exe
    C:\WINDOWS\lsassxp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    D:\counterstrikesource\Steam.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    C:\WINDOWS\system32\srksrv.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\hamachi.exe
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Vidalia Bundle\Tor\tor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
    O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
    O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
    O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lsassxp] C:\WINDOWS\lsassxp.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = ?
    O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
    O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

    --
    End of file - 13849 bytes
    22 Mars 2008 21:19:13

    Re,

    Bien pour le rapport combofix ;) 

    Fais maintenant les quatre analyses demandées avec virus total ;) 

    Bonne soirée :hello: 
    22 Mars 2008 21:27:44

    Voilà pour le rapport de C:\WINDOWS\system\System\FZS\FlashPlayer.exe :
    Je continue avec les autres ;) 




    1. Fichier FlashPlayer.exe reçu le 2008.03.22 21:17:55 (CET)
    2. Antivirus Version Dernière mise à jour Résultat
    3. AhnLab-V3 2008.3.22.1 2008.03.21 -
    4. AntiVir 7.6.0.75 2008.03.22 -
    5. Authentium 4.93.8 2008.03.22 -
    6. Avast 4.7.1098.0 2008.03.22 -
    7. AVG 7.5.0.516 2008.03.22 -
    8. BitDefender 7.2 2008.03.22 -
    9. CAT-QuickHeal 9.50 2008.03.21 -
    10. ClamAV 0.92.1 2008.03.22 -
    11. DrWeb 4.44.0.09170 2008.03.22 -
    12. eSafe 7.0.15.0 2008.03.18 -
    13. eTrust-Vet 31.3.5633 2008.03.21 -
    14. Ewido 4.0 2008.03.22 -
    15. F-Prot 4.4.2.54 2008.03.22 -
    16. F-Secure 6.70.13260.0 2008.03.21 -
    17. FileAdvisor 1 2008.03.22 -
    18. Fortinet 3.14.0.0 2008.03.22 -
    19. Ikarus T3.1.1.20 2008.03.22 -
    20. Kaspersky 7.0.0.125 2008.03.22 -
    21. McAfee 5257 2008.03.21 -
    22. Microsoft 1.3301 2008.03.22 -
    23. NOD32v2 2967 2008.03.21 -
    24. Norman 5.80.02 2008.03.20 -
    25. Panda 9.0.0.4 2008.03.22 -
    26. Prevx1 V2 2008.03.22 -
    27. Rising 20.36.42.00 2008.03.21 -
    28. Sophos 4.27.0 2008.03.22 -
    29. Sunbelt 3.0.978.0 2008.03.18 -
    30. Symantec 10 2008.03.22 -
    31. TheHacker 6.2.92.252 2008.03.22 -
    32. VBA32 3.12.6.3 2008.03.21 -
    33. VirusBuster 4.3.26:9 2008.03.22 -
    34. Webwasher-Gateway 6.6.2 2008.03.22 -
    35. Information additionnelle
    36. File size: 576000 bytes
    37. MD5: de4fb6815697a1baeafd0c23e8588201
    38. SHA1: c153af4f7ed1eae9295bf208836cc9a34983e47d
    39. PEiD: -
    40.  
    41. Antivirus Version Dernière mise à jour Résultat
    42. AhnLab-V3 2008.3.22.1 2008.03.21 -
    43. AntiVir 7.6.0.75 2008.03.22 -
    44. Authentium 4.93.8 2008.03.22 -
    45. Avast 4.7.1098.0 2008.03.22 -
    46. AVG 7.5.0.516 2008.03.22 -
    47. BitDefender 7.2 2008.03.22 -
    48. CAT-QuickHeal 9.50 2008.03.21 -
    49. ClamAV 0.92.1 2008.03.22 -
    50. DrWeb 4.44.0.09170 2008.03.22 -
    51. eSafe 7.0.15.0 2008.03.18 -
    52. eTrust-Vet 31.3.5633 2008.03.21 -
    53. Ewido 4.0 2008.03.22 -
    54. F-Prot 4.4.2.54 2008.03.22 -
    55. F-Secure 6.70.13260.0 2008.03.21 -
    56. FileAdvisor 1 2008.03.22 -
    57. Fortinet 3.14.0.0 2008.03.22 -
    58. Ikarus T3.1.1.20 2008.03.22 -
    59. Kaspersky 7.0.0.125 2008.03.22 -
    60. McAfee 5257 2008.03.21 -
    61. Microsoft 1.3301 2008.03.22 -
    62. NOD32v2 2967 2008.03.21 -
    63. Norman 5.80.02 2008.03.20 -
    64. Panda 9.0.0.4 2008.03.22 -
    65. Prevx1 V2 2008.03.22 -
    66. Rising 20.36.42.00 2008.03.21 -
    67. Sophos 4.27.0 2008.03.22 -
    68. Sunbelt 3.0.978.0 2008.03.18 -
    69. Symantec 10 2008.03.22 -
    70. TheHacker 6.2.92.252 2008.03.22 -
    71. VBA32 3.12.6.3 2008.03.21 -
    72. VirusBuster 4.3.26:9 2008.03.22 -
    73. Webwasher-Gateway 6.6.2 2008.03.22 -
    74.  
    75. Information additionnelle
    76. File size: 576000 bytes
    77. MD5: de4fb6815697a1baeafd0c23e8588201
    78. SHA1: c153af4f7ed1eae9295bf208836cc9a34983e47d
    79. PEiD: -

    22 Mars 2008 21:32:56

    Voilà pour le rapport de C:\WINDOWS\lsassxp.exe
    Je continue les autres ;) 


    1. Fichier lsassxp.exe reçu le 2008.01.27 19:26:10 (CET)
    2. Antivirus Version Dernière mise à jour Résultat
    3. AhnLab-V3 - - Win-Trojan/Gaduka.1125996
    4. AntiVir - - BDS/Gaduka.23.1
    5. Authentium - - W32/Backdoor.LGY
    6. Avast - - Win32:Gaduka
    7. AVG - - BackDoor.Generic2.GFW
    8. BitDefender - - Backdoor.Gaduka.23
    9. CAT-QuickHeal - - Backdoor.Gaduka.23
    10. ClamAV - - Trojan.Delf-363
    11. DrWeb - - BackDoor.Gadu.23
    12. eSafe - - -
    13. eTrust-Vet - - -
    14. Ewido - - Backdoor.Gaduka.23
    15. FileAdvisor - - -
    16. Fortinet - - W32/Gaduka.A!tr.bdr
    17. F-Prot - - W32/Backdoor.LGY
    18. F-Secure - - W32/Gaduka.C
    19. Ikarus - - Backdoor.Win32.Gaduka.23
    20. Kaspersky - - Backdoor.Win32.Gaduka.23
    21. McAfee - - New Malware.b
    22. Microsoft - - Backdoor:Win32/Gaduka.A
    23. NOD32v2 - - Win32/Gaduka
    24. Norman - - W32/Gaduka.C
    25. Panda - - Bck/Gaduka.A
    26. Prevx1 - - Heuristic: Suspicious File With Mass Email Capabilities
    27. Rising - - Backdoor.Gaduka.d
    28. Sophos - - -
    29. Sunbelt - - -
    30. Symantec - - -
    31. TheHacker - - Backdoor/Gaduka.23
    32. VBA32 - - Backdoor.Win32.Gaduka.23
    33. VirusBuster - - Backdoor.Gaduka.C
    34. Webwasher-Gateway - - Trojan.Backdoor.Gaduka.23.1
    35. Information additionnelle
    36. MD5: 8926b66548294107c8501b27d27ef1df
    37. SHA1: f922ba68c97a81ab741f724eba24b1db3f4b734d
    38. SHA256: 7b29aed464b45fd57c0437c4ea23d63d5c6dedeb74c44829bda6c32dac11f8ec
    39. SHA512: e6cd5ef83754c45d9c3ec1563f8ae040fb7453238eb4af90731453d8e5b46e00 48fba7bca6d6c5582ebbc7cb0b456467113b5c153c8f56cc6b12b6fe828fd474
    40.  
    41. Antivirus Version Dernière mise à jour Résultat
    42. AhnLab-V3 - - Win-Trojan/Gaduka.1125996
    43. AntiVir - - BDS/Gaduka.23.1
    44. Authentium - - W32/Backdoor.LGY
    45. Avast - - Win32:Gaduka
    46. AVG - - BackDoor.Generic2.GFW
    47. BitDefender - - Backdoor.Gaduka.23
    48. CAT-QuickHeal - - Backdoor.Gaduka.23
    49. ClamAV - - Trojan.Delf-363
    50. DrWeb - - BackDoor.Gadu.23
    51. eSafe - - -
    52. eTrust-Vet - - -
    53. Ewido - - Backdoor.Gaduka.23
    54. FileAdvisor - - -
    55. Fortinet - - W32/Gaduka.A!tr.bdr
    56. F-Prot - - W32/Backdoor.LGY
    57. F-Secure - - W32/Gaduka.C
    58. Ikarus - - Backdoor.Win32.Gaduka.23
    59. Kaspersky - - Backdoor.Win32.Gaduka.23
    60. McAfee - - New Malware.b
    61. Microsoft - - Backdoor:Win32/Gaduka.A
    62. NOD32v2 - - Win32/Gaduka
    63. Norman - - W32/Gaduka.C
    64. Panda - - Bck/Gaduka.A
    65. Prevx1 - - Heuristic: Suspicious File With Mass Email Capabilities
    66. Rising - - Backdoor.Gaduka.d
    67. Sophos - - -
    68. Sunbelt - - -
    69. Symantec - - -
    70. TheHacker - - Backdoor/Gaduka.23
    71. VBA32 - - Backdoor.Win32.Gaduka.23
    72. VirusBuster - - Backdoor.Gaduka.C
    73. Webwasher-Gateway - - Trojan.Backdoor.Gaduka.23.1
    74.  
    75. Information additionnelle
    76. MD5: 8926b66548294107c8501b27d27ef1df
    77. SHA1: f922ba68c97a81ab741f724eba24b1db3f4b734d
    78. SHA256: 7b29aed464b45fd57c0437c4ea23d63d5c6dedeb74c44829bda6c32dac11f8ec
    79. SHA512: e6cd5ef83754c45d9c3ec1563f8ae040fb7453238eb4af90731453d8e5b46e00 48fba7bca6d6c5582ebbc7cb0b456467113b5c153c8f56cc6b12b6fe828fd474



    Ps : Ils m'ont dit que il l'avaid déjà analysé donc j'ai pris le rapport de ce qui m'ont donné !
    22 Mars 2008 21:37:12

    Voilà pour le rapport C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    Je continue le dernier ;) 



    1. Fichier MsgrIntSvr.exe reçu le 2007.12.11 19:08:15 (CET)
    2. Antivirus Version Dernière mise à jour Résultat
    3. AhnLab-V3 - - -
    4. AntiVir - - -
    5. Authentium - - -
    6. Avast - - -
    7. AVG - - -
    8. BitDefender - - -
    9. CAT-QuickHeal - - -
    10. ClamAV - - -
    11. DrWeb - - -
    12. eSafe - - -
    13. eTrust-Vet - - -
    14. Ewido - - -
    15. FileAdvisor - - -
    16. Fortinet - - -
    17. F-Prot - - -
    18. F-Secure - - -
    19. Ikarus - - -
    20. Kaspersky - - -
    21. McAfee - - -
    22. Microsoft - - -
    23. NOD32v2 - - -
    24. Norman - - -
    25. Panda - - -
    26. Prevx1 - - Heuristic: Suspicious Backdoor
    27. Rising - - -
    28. Sophos - - -
    29. Sunbelt - - -
    30. Symantec - - -
    31. TheHacker - - -
    32. VBA32 - - -
    33. VirusBuster - - -
    34. Webwasher-Gateway - - -
    35. Information additionnelle
    36. MD5: e845ded967efef8e4670ec0eec57ae12
    37. SHA1: 08279bf0a2dc1af7cd681fdc9b1045336f08d5e9
    38. SHA256: fc3010d3362ff692993b23ba4f460da83ec7fc59eb251772cc95d2d66368fd5f
    39. SHA512: a0e335b64c57aa5f7dd019dee5ea3bcd6ac6305cfbe0a7a75c92d55580d49e99 970ad121c0ab1a41627ec717b718fceccea4f8205586701e748b85918feddf70
    40.  
    41. Antivirus Version Dernière mise à jour Résultat
    42. AhnLab-V3 - - -
    43. AntiVir - - -
    44. Authentium - - -
    45. Avast - - -
    46. AVG - - -
    47. BitDefender - - -
    48. CAT-QuickHeal - - -
    49. ClamAV - - -
    50. DrWeb - - -
    51. eSafe - - -
    52. eTrust-Vet - - -
    53. Ewido - - -
    54. FileAdvisor - - -
    55. Fortinet - - -
    56. F-Prot - - -
    57. F-Secure - - -
    58. Ikarus - - -
    59. Kaspersky - - -
    60. McAfee - - -
    61. Microsoft - - -
    62. NOD32v2 - - -
    63. Norman - - -
    64. Panda - - -
    65. Prevx1 - - Heuristic: Suspicious Backdoor
    66. Rising - - -
    67. Sophos - - -
    68. Sunbelt - - -
    69. Symantec - - -
    70. TheHacker - - -
    71. VBA32 - - -
    72. VirusBuster - - -
    73. Webwasher-Gateway - - -
    74.  
    75. Information additionnelle
    76. MD5: e845ded967efef8e4670ec0eec57ae12
    77. SHA1: 08279bf0a2dc1af7cd681fdc9b1045336f08d5e9
    78. SHA256: fc3010d3362ff692993b23ba4f460da83ec7fc59eb251772cc95d2d66368fd5f
    79. SHA512: a0e335b64c57aa5f7dd019dee5ea3bcd6ac6305cfbe0a7a75c92d55580d49e99 970ad121c0ab1a41627ec717b718fceccea4f8205586701e748b85918feddf70

    22 Mars 2008 21:47:38

    Voilà pour le rapport C:\WINDOWS\system32\srksrv.exe
    Et voilà ;) 


    1. Fichier srksrv.exe reçu le 2008.02.17 20:36:41 (CET)
    2. Antivirus Version Dernière mise à jour Résultat
    3. AhnLab-V3 2008.2.16.10 2008.02.15 -
    4. AntiVir 7.6.0.67 2008.02.15 -
    5. Authentium 4.93.8 2008.02.17 -
    6. Avast 4.7.1098.0 2008.02.16 -
    7. AVG 7.5.0.516 2008.02.17 -
    8. BitDefender 7.2 2008.02.17 -
    9. CAT-QuickHeal None 2008.02.16 -
    10. ClamAV 0.92.1 2008.02.17 -
    11. DrWeb 4.44.0.09170 2008.02.17 -
    12. eSafe 7.0.15.0 2008.02.17 -
    13. eTrust-Vet 31.3.5541 2008.02.15 -
    14. Ewido 4.0 2008.02.17 -
    15. FileAdvisor 1 2008.02.17 -
    16. Fortinet 3.14.0.0 2008.02.17 -
    17. F-Prot 4.4.2.54 2008.02.17 -
    18. F-Secure 6.70.13260.0 2008.02.17 -
    19. Ikarus T3.1.1.20 2008.02.17 -
    20. Kaspersky 7.0.0.125 2008.02.17 -
    21. McAfee 5231 2008.02.15 -
    22. Microsoft 1.3204 2008.02.17 -
    23. NOD32v2 2881 2008.02.17 -
    24. Norman 5.80.02 2008.02.15 -
    25. Panda 9.0.0.4 2008.02.17 -
    26. Prevx1 V2 2008.02.17 -
    27. Rising 20.31.50.00 2008.02.16 -
    28. Sophos 4.26.0 2008.02.17 -
    29. Sunbelt 2.2.907.0 2008.02.16 -
    30. Symantec 10 2008.02.17 -
    31. TheHacker 6.2.9.222 2008.02.16 -
    32. VBA32 3.12.6.1 2008.02.17 -
    33. VirusBuster 4.3.26:9 2008.02.17 -
    34. Webwasher-Gateway 6.6.2 2008.02.15 -
    35. Information additionnelle
    36. File size: 453120 bytes
    37. MD5: 009745030558db6cce3c4be2aa752b22
    38. SHA1: 2297ea21b5646dc0b2c72ecac532d20f24c7b82d
    39. PEiD: -
    40.  
    41. Antivirus Version Dernière mise à jour Résultat
    42. AhnLab-V3 2008.2.16.10 2008.02.15 -
    43. AntiVir 7.6.0.67 2008.02.15 -
    44. Authentium 4.93.8 2008.02.17 -
    45. Avast 4.7.1098.0 2008.02.16 -
    46. AVG 7.5.0.516 2008.02.17 -
    47. BitDefender 7.2 2008.02.17 -
    48. CAT-QuickHeal None 2008.02.16 -
    49. ClamAV 0.92.1 2008.02.17 -
    50. DrWeb 4.44.0.09170 2008.02.17 -
    51. eSafe 7.0.15.0 2008.02.17 -
    52. eTrust-Vet 31.3.5541 2008.02.15 -
    53. Ewido 4.0 2008.02.17 -
    54. FileAdvisor 1 2008.02.17 -
    55. Fortinet 3.14.0.0 2008.02.17 -
    56. F-Prot 4.4.2.54 2008.02.17 -
    57. F-Secure 6.70.13260.0 2008.02.17 -
    58. Ikarus T3.1.1.20 2008.02.17 -
    59. Kaspersky 7.0.0.125 2008.02.17 -
    60. McAfee 5231 2008.02.15 -
    61. Microsoft 1.3204 2008.02.17 -
    62. NOD32v2 2881 2008.02.17 -
    63. Norman 5.80.02 2008.02.15 -
    64. Panda 9.0.0.4 2008.02.17 -
    65. Prevx1 V2 2008.02.17 -
    66. Rising 20.31.50.00 2008.02.16 -
    67. Sophos 4.26.0 2008.02.17 -
    68. Sunbelt 2.2.907.0 2008.02.16 -
    69. Symantec 10 2008.02.17 -
    70. TheHacker 6.2.9.222 2008.02.16 -
    71. VBA32 3.12.6.1 2008.02.17 -
    72. VirusBuster 4.3.26:9 2008.02.17 -
    73. Webwasher-Gateway 6.6.2 2008.02.15 -
    74.  
    75. Information additionnelle
    76. File size: 453120 bytes
    77. MD5: 009745030558db6cce3c4be2aa752b22
    78. SHA1: 2297ea21b5646dc0b2c72ecac532d20f24c7b82d
    79. PEiD: -
    22 Mars 2008 22:05:20

    Re,

    Désactive toute protection résidente ( antivirus…) !

    Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :

    Citation :
    File::
    C:\WINDOWS\lsassxp.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "lsassxp"=-



    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un nouveau rapport Hijackthis.
    S'il n'y a pas de redémarrage, poste quand même les rapports.
    22 Mars 2008 22:22:27

    Voilà pour ComboFix :

    ComboFix 08-03-22.1 - Alix 2008-03-22 22:07:29.3 - NTFSx86
    Endroit: C:\Documents and Settings\Alix\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Alix\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\lsassxp.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\lsassxp.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
    .

    2008-03-22 19:28 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
    2008-03-22 18:24 . 2008-03-22 18:24 <REP> d-------- C:\VundoFix Backups
    2008-03-22 12:13 . 2008-03-22 18:18 <REP> d-------- C:\fixwareout
    2008-03-22 11:25 . 2008-03-22 11:26 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-22 11:17 . 2008-03-21 00:23 <REP> d-------- C:\SDFix
    2008-03-15 18:08 . 2008-03-15 18:08 <REP> d-------- C:\Program Files\OpenAL
    2008-03-15 18:08 . 2008-03-15 18:08 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2008-03-15 18:08 . 2008-03-15 18:08 114,688 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2008-03-15 16:28 . 2008-03-15 16:28 <REP> d-------- C:\Program Files\MSBuild
    2008-03-15 16:28 . 2008-03-15 16:28 <REP> d-------- C:\Program Files\Microsoft Works
    2008-03-15 16:27 . 2008-03-15 16:27 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-03-15 16:24 . 2008-03-15 16:24 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-03-15 16:20 . 2008-03-15 16:20 <REP> dr-h----- C:\MSOCache
    2008-03-15 16:10 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
    2008-03-15 16:10 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
    2008-03-15 16:10 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
    2008-03-15 16:10 . 2008-03-15 16:10 15,397 --a------ C:\Program Files\settings.dat
    2008-03-12 13:33 . 2008-03-22 22:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-03-12 13:33 . 2008-03-12 13:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-03-10 16:50 . 2008-03-10 16:50 <REP> d-------- C:\Program Files\Winamp Remote
    2008-03-10 16:50 . 2008-03-10 16:50 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
    2008-03-10 16:48 . 2008-03-10 17:55 <REP> d-------- C:\Documents and Settings\Alix\Application Data\Winamp
    2008-03-10 16:33 . 2007-09-03 17:13 393,216 --a------ C:\WINDOWS\system32\GDS32.DLL
    2008-03-10 16:27 . 2008-03-10 16:27 <REP> d-------- C:\Program Files\DivX
    2008-03-09 18:23 . 2008-03-10 18:40 <REP> d-------- C:\Program Files\SpacialAudio
    2008-03-09 18:23 . 2008-03-10 16:33 <REP> d-------- C:\Program Files\Firebird
    2008-03-09 18:02 . 2008-03-09 18:02 <REP> d-------- C:\Program Files\SHOUTcast
    2008-03-09 17:44 . 2008-03-09 17:44 <REP> d-------- C:\Program Files\Tir
    2008-03-09 17:40 . 2008-03-09 17:40 <REP> d-------- C:\plug
    2008-03-09 17:40 . 1998-10-03 17:12 3,919,360 --a------ C:\odnis.exe
    2008-03-09 17:40 . 1997-07-28 12:33 100,352 --a------ C:\WINDOWS\system32\CmCtlFR.dll
    2008-03-09 17:40 . 1998-09-15 16:56 80,896 --a------ C:\mbrola.exe
    2008-03-09 17:40 . 1997-08-04 19:03 27,648 --a------ C:\WINDOWS\system32\ZTRAY.OCX
    2008-03-09 17:40 . 2008-03-09 17:41 616 --a------ C:\odnis.cfg
    2008-03-09 17:40 . 1998-07-14 19:17 128 --a------ C:\silence.wav
    2008-03-09 17:39 . 1998-04-06 23:43 96,256 --a------ C:\WINDOWS\system32\VB5FR.dll
    2008-03-09 17:39 . 1997-02-27 00:00 73,216 --a------ C:\WINDOWS\ST5UNST.EXE
    2008-03-09 17:39 . 1997-02-27 00:00 29,696 --a------ C:\WINDOWS\system32\VB5StKit.dll
    2008-03-09 10:43 . 2008-03-09 10:49 4,233,448 --a------ C:\WINDOWS\system32\lncom_.mp3
    2008-03-09 10:43 . 2008-03-09 10:49 350,764 --a------ C:\WINDOWS\system32\lncom.exe
    2008-03-07 21:11 . 2008-03-22 19:22 <REP> d-------- C:\Documents and Settings\Alix\Application Data\OpenOffice.org2
    2008-03-07 20:54 . 2008-03-07 20:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
    2008-03-04 16:52 . 2008-03-04 16:55 <REP> d-------- C:\Program Files\Dofus_Beta
    2008-03-03 18:03 . 2008-03-03 18:04 <REP> d-------- C:\Program Files\Hotspot Shield
    2008-02-29 20:21 . 2008-02-29 20:47 <REP> d-------- C:\Program Files\uTorrent
    2008-02-29 20:21 . 2008-02-29 21:04 <REP> d-------- C:\Documents and Settings\Alix\Application Data\uTorrent
    2008-02-26 19:28 . 2008-02-26 19:28 <REP> d-------- C:\Program Files\SmartFTP Client
    2008-02-26 19:27 . 2008-02-26 19:27 <REP> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
    2008-02-23 13:09 . 2008-02-23 13:09 <REP> d-------- C:\Documents and Settings\Alix\Application Data\e frontier
    2008-02-23 13:09 . 2008-02-23 13:09 3,120 --a------ C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
    2008-02-23 13:09 . 2008-02-23 13:09 3,120 --a------ C:\WINDOWS\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
    2008-02-22 18:14 . 2008-02-22 18:14 <REP> d-------- C:\Program Files\Pivot Stickfigure Animator

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-22 21:13 --------- d-----w C:\Documents and Settings\Alix\Application Data\tor
    2008-03-22 21:13 --------- d-----w C:\Documents and Settings\Alix\Application Data\Hamachi
    2008-03-22 18:02 --------- d-----w C:\Documents and Settings\Alix\Application Data\Vidalia
    2008-03-22 17:14 --------- d-----w C:\Program Files\Navilog1
    2008-03-22 11:14 --------- d-----w C:\Documents and Settings\Alix\Application Data\Skype
    2008-03-21 21:53 --------- d-----w C:\Documents and Settings\Alix\Application Data\FileZilla
    2008-03-21 18:45 --------- d-----w C:\Program Files\PhotoFiltre Studio
    2008-03-15 17:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2008-03-12 17:18 --------- d-----w C:\Documents and Settings\Alix\Application Data\gtk-2.0
    2008-03-10 16:03 --------- d-----w C:\Program Files\Winamp
    2008-03-09 16:48 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-03-09 10:46 --------- d-----w C:\Program Files\eMule
    2008-02-24 15:20 --------- d-----w C:\Documents and Settings\Alix\Application Data\CoreFTP
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-02-16 21:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
    2008-02-14 18:07 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-13 17:05 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2008-02-01 17:23 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-01 17:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-25 19:07 --------- d-----w C:\Program Files\Bonjour
    2008-01-25 18:56 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-01-23 21:25 27,136 ----a-w C:\WINDOWS\system32\drivers\tapvpn.sys
    2008-01-08 19:15 357 -c--a-w C:\Documents and Settings\Alix\.cb_layout.bin
    2008-01-05 13:33 27,136 ----a-w C:\WINDOWS\Pplugin8.exe
    2008-01-05 13:33 17,331 ----a-w C:\WINDOWS\Pplugin10xa.exe
    2008-01-05 13:32 66,048 ----a-w C:\WINDOWS\PpluginCd.dll
    2008-01-05 13:32 10,585 ----a-w C:\WINDOWS\Pplugin4.exe
    2007-11-03 11:53 856,064 ----a-w C:\Documents and Settings\Alix\pro4.exe
    2007-03-04 15:43 47,360 -c--a-w C:\Documents and Settings\Alix\Application Data\pcouffin.sys
    2005-09-15 04:47 1,335,296 ----a-w C:\Documents and Settings\Alix\Nero 7 Premium Final.exe
    1998-01-03 13:37 59,392 ----a-w C:\Documents and Settings\Alix\nc.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-22_19.28.04.00 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-22 18:04:55 429,730 ----a-w C:\WINDOWS\system\System\ctf\Data\22.03.2008.dat
    + 2008-03-22 20:49:14 634,264 ----a-w C:\WINDOWS\system\System\ctf\Data\22.03.2008.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
    "MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "VoipStunt"="D:\VoipStunt\VoipStunt.exe" [ ]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "ares"="D:\Ares\Ares.exe" [ ]
    "BitTorrent"="D:\bittorrent.exe" [ ]
    "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [ ]
    "VoipDiscount"="D:\VoipDiscount\VoipDiscount.exe" [ ]
    "Steam"="D:\counterstrikesource\Steam.exe" [2008-03-17 15:18 1266936]
    "Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288]
    "Yodm3D"="C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe" [2007-06-26 19:26 2058752]
    "Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-12-09 13:16 949376]
    "LiveMonitor"="C:\Program Files\MSI\Live Update 3\LMonitor.exe" [2006-07-31 15:14 484864]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "WinVNC"="D:\UltraVNC\winvnc.exe" [ ]
    "NWEReboot"="" []
    "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
    "CTFMon"="C:\WINDOWS\system\System\ctf\ctfmon.exe" [2006-11-28 19:26 75776]
    "SystemXP1"="C:\WINDOWS\regedit.exe" [2006-03-02 13:00 153088]
    "SystemNT1"="C:\WINDOWS\system\System\FZS\FlashPlayer.exe" [2006-12-11 12:12 576000]
    "SystemNT2"="C:\WINDOWS\system\System\FZS\FlashPlayer.exe" [2006-12-11 12:12 576000]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 13:08 16050688 C:\WINDOWS\RTHDCPL.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
    "nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="D:\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="logonui.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "D:\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
    "C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
    "D:\\SonicText\\BF2.exe"=
    "C:\\WINDOWS\\system32\\mcoinstall.exe"=
    "D:\\Dreamweaver 8\\Dreamweaver.exe"=
    "D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Adobe\\Adobe Bridge\\Bridge.exe"=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "D:\\Program Files\\BF2.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "D:\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "90:TCP"= 90:TCP:D arkhotel

    *Newly Created Service* - PCALERTDRIVER
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-22 21:14:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-22 22:12:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Apache\Apache.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Apache\Apache.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\srksrv.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    D:\Alcohol 120\StarWind\StarWindService.exe
    D:\nessusd.exe
    C:\Program Files\Vidalia Bundle\Tor\tor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-22 22:21:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-22 21:21:39
    ComboFix2.txt 2008-03-22 20:12:33
    ComboFix3.txt 2008-03-22 18:28:20
    .
    2008-03-15 17:05:49 --- E O F ---
    22 Mars 2008 22:22:53

    Pour HiJackThis :



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at Niixo 22:22:35, on 22/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Apache\Apache.exe
    D:\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    D:\counterstrikesource\Steam.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
    D:\Apache\Apache.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\srksrv.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    D:\nessusd.exe
    C:\Program Files\Vidalia Bundle\Tor\tor.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
    O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
    O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
    O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = ?
    O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
    O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

    --
    End of file - 13761 bytes
    22 Mars 2008 22:24:21

    Re,

    1) Télécharge MalwareByte's Anti-Malware et installe le.

    ~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
    Aide


  • Lance MalwareByte's Anti-Malware et sélectionne "Exécuter un examen complet". Patiente le temps du scan.
  • Une fois le scan terminé,clique sur "Afficher les résultats" et enregistre le rapport sur ton Bureau.
  • Clique enfin sur "Supprimer la sélection".

    Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
    Aide

    2)
  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    ;) 
    23 Mars 2008 14:31:23

    Voilà enfin le rapport de kaspersky :


    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Sunday, March 23, 2008 2:30:31 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 23/03/2008
    Enregistrements dans la base antivirus Kaspersky : 591651
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    C:\
    D:\
    E:\

    Statistiques de l'analyse:
    Total d'objets analysés: 477254
    Nombre de virus trouvés: 48
    Nombre d'objets infectés: 184 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 03:10:22

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\Alix\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\formhistory.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\history.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Bureau\Card\CARDPRO.EXE Infecté : Trojan-AOL.Win16.Beazly ignoré
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\backups\backup-20071102-124856-398.dll Infecté : Trojan-Downloader.Win32.ConHook.hu ignoré
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\backups\backup-20071102-125013-921.dll Infecté : Trojan-Downloader.Win32.ConHook.hu ignoré
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\backups\backup-20071102-125024-286.dll Infecté : Trojan-Downloader.Win32.ConHook.hu ignoré
    C:\Documents and Settings\Alix\Bureau\PRORAT\ProRat.exe Infecté : HackTool.Win32.ProRat.a ignoré
    C:\Documents and Settings\Alix\Bureau\PRORAT\server.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/fservice.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/reginv.dll Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/services.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/sservice.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp1067.tmp.dll Infecté : Trojan.Win32.BHO.yi ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp1067.tmp.exe Infecté : Trojan.Win32.BHO.aug ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp10E.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp11D8.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp122.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp123C.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp1241.tmp.dll Infecté : Trojan.Win32.BHO.on ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp12FB.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp1329.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp13F4.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp14AC.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp16E2.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp17FB.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp186.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp1C64.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp1D24.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp1F6D.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp207C.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2155.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp215A.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2184.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp221.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp223.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp23.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2384.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp23A.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp23D6.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp272B.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp279.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp27E.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp282.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2BB.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2D.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2DAF.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2E59.tmp.exe Infecté : Trojan.Win32.Agent.aoy ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2E85.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp2E8E.tmp.dll Infecté : Trojan.Win32.BHO.yi ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp32.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp322.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp344.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp3575.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp39A7.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp3E3C.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp42.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp43.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp48.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp4D32.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp4F93.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp50.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp54.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp571.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp58.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp591.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp5BB.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp64.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp64B0.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp6624.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp6625.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp67E.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp6A.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp6DC.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp71.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp72.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp76A.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp7AD.tmp.exe Infecté : Trojan.Win32.Agent.aoy ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp7B.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp7C67.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp7D.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp7F.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp830.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp88.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp8A.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmp8E2.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpA03.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpA0D.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpA96.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpAA1A.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpAF1B.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpB3.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpB70.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpBB2.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpCD09.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpD0.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpD48A.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpE4E.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpE971.tmp.exe Infecté : Trojan.Win32.Agent.aoy ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpE9BA.tmp.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpE9BD.tmp.dll Infecté : Trojan.Win32.BHO.nl ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpE9BD.tmp.exe Infecté : Trojan.Win32.BHO.awp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpEA5.tmp.exe Infecté : Trojan.Win32.Agent.dbp ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/tmpEB.tmp.exe Infecté : Trojan.Win32.Agent.bur ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip/backups/winkey.dll Infecté : Backdoor.Win32.Prorat.19.ah ignoré
    C:\Documents and Settings\Alix\Bureau\SDFix\backups\backups.zip ZIP: infecté - 96 ignoré
    C:\Documents and Settings\Alix\Bureau\WPE PRO\WPE PRO.exe Infecté : Sniffer.Win32.WpePro.a ignoré
    C:\Documents and Settings\Alix\Bureau\WPE PRO\WpeSpy.dll Infecté : Sniffer.Win32.WpePro.a ignoré
    C:\Documents and Settings\Alix\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Application Data\Mozilla\Firefox\Profiles\xn2nmx2d.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Temporary Internet Files\Content.IE5\H09A0HQJ\home[1].swf L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Mes documents\Ma musique\(full) habbo zeldha by C0NFUSED Bonus.zip/Setup.exe Infecté : not-virus:Hoax.Win32.Agent.o ignoré
    C:\Documents and Settings\Alix\Mes documents\Ma musique\(full) habbo zeldha by C0NFUSED Bonus.zip ZIP: infecté - 1 ignoré
    C:\Documents and Settings\Alix\Mes documents\Ma musique\Macromedia Flash Professional 8.zip/Setup.exe Infecté : P2P-Worm.Win32.VB.dw ignoré
    C:\Documents and Settings\Alix\Mes documents\Ma musique\Macromedia Flash Professional 8.zip ZIP: infecté - 1 ignoré
    C:\Documents and Settings\Alix\Mes documents\Mes fichiers reçus\hacking.rar/hacking/IceCold ReLoaded.exe Infecté : HackTool.Win32.Homac ignoré
    C:\Documents and Settings\Alix\Mes documents\Mes fichiers reçus\hacking.rar/hacking/IPB --2.1.6-- Remote sql.txt Infecté : Exploit.Perl.Board.c ignoré
    C:\Documents and Settings\Alix\Mes documents\Mes fichiers reçus\hacking.rar/hacking/le shell c99.txt Infecté : Backdoor.PHP.C99Shell.p ignoré
    C:\Documents and Settings\Alix\Mes documents\Mes fichiers reçus\hacking.rar RAR: infecté - 3 ignoré
    C:\Documents and Settings\Alix\Mes documents\Mes fichiers reçus\lcapi0.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Mes documents\Mes fichiers reçus\MsnMsgr.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\Mes documents\Mes fichiers reçus\Transport0.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Alix\NTUSER.DAT.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\CabDirectory.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbErrors.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks\Logs\OrbTrayIcon.log L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Perl\bin\exploit3.pl Infecté : DoS.Perl.BBDoS.a ignoré
    C:\Perl\bin\exploitsdemo.pl Infecté : DoS.Perl.BBDoS.a ignoré
    C:\Perl\bin\punbb.pl Infecté : Exploit.Python.PunBB.a ignoré
    C:\Program Files\ESET\cache\CACHE.NDB L'objet est verrouillé ignoré
    C:\Program Files\ESET\cache\FND251.NFI Infecté : Backdoor.Win32.Tramin.131 ignoré
    C:\Program Files\ESET\infected\1FUK1PBA.NQF Infecté : Trojan-Spy.Win32.Perfloger.l ignoré
    C:\Program Files\ESET\infected\223IANDA.NQF Infecté : P2P-Worm.Win32.VB.dw ignoré
    C:\Program Files\ESET\infected\230OD5DA.NQF Infecté : Backdoor.Win32.VB.bna ignoré
    C:\Program Files\ESET\infected\30UXQCAA.NQF Infecté : HackTool.Win32.ProRat.a ignoré
    C:\Program Files\ESET\infected\3BD4UXBA.NQF Infecté : Backdoor.Win32.Prorat.19 ignoré
    C:\Program Files\ESET\infected\3HWLOZAA.NQF Infecté : HackTool.Win32.WwwHack.a ignoré
    C:\Program Files\ESET\infected\AQEVQLAA.NQF Infecté : HackTool.Win32.CrackSearch.a ignoré
    C:\Program Files\ESET\infected\BHHB34BA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\DVYTWECA.NQF Infecté : Trojan.Win32.Agent.bcn ignoré
    C:\Program Files\ESET\infected\EEJ2B5BA.NQF Infecté : Backdoor.Win32.Agent.amb ignoré
    C:\Program Files\ESET\infected\F2EZIEBA.NQF Infecté : HackTool.Win32.Homac ignoré
    C:\Program Files\ESET\infected\FE4O3CDA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\FKY5OYDA.NQF Infecté : Backdoor.Win32.SubSeven.22.b2 ignoré
    C:\Program Files\ESET\infected\FYFWJWDA.NQF Infecté : P2P-Worm.Win32.VB.dw ignoré
    C:\Program Files\ESET\infected\H1J0NMBA.NQF Infecté : Trojan-Downloader.Win32.Agent.auv ignoré
    C:\Program Files\ESET\infected\I2T3DACA.NQF/bpkr.exe Infecté : Trojan-Spy.Win32.Perfloger.l ignoré
    C:\Program Files\ESET\infected\I2T3DACA.NQF RAR: infecté - 1 ignoré
    C:\Program Files\ESET\infected\I2T3DACA.NQF PE-Crypt.XorPE: infecté - 1 ignoré
    C:\Program Files\ESET\infected\IGO2ZSBA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\IUWD05CA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\JGP0TKDA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\JOAI3VBA.NQF Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Program Files\ESET\infected\KFUMYYAA.NQF Infecté : Backdoor.Win32.Gaduka.23 ignoré
    C:\Program Files\ESET\infected\KXALJTBA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\MBJZQFBA.NQF Infecté : Backdoor.Win32.Agent.amb ignoré
    C:\Program Files\ESET\infected\MGKPFADA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\MRVXP0BA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\N5OJC4CA.NQF Infecté : Trojan-Dropper.Win32.Joiner.16 ignoré
    C:\Program Files\ESET\infected\N5R404CA.NQF Infecté : Trojan-Downloader.Win32.IstBar.gen ignoré
    C:\Program Files\ESET\infected\OAMFMOBA.NQF Infecté : HackTool.Win32.MSNPass.b ignoré
    C:\Program Files\ESET\infected\ORSMW0AA.NQF Infecté : Backdoor.Win32.Prorat.19 ignoré
    C:\Program Files\ESET\infected\P20KG3CA.NQF Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Program Files\ESET\infected\Q2OVAOCA.NQF/data.rar/keygen.exe Infecté : Trojan.Win32.Inject.mt ignoré
    C:\Program Files\ESET\infected\Q2OVAOCA.NQF/data.rar/crack.exe Infecté : Trojan-Downloader.Win32.Agent.dlu ignoré
    C:\Program Files\ESET\infected\Q2OVAOCA.NQF/data.rar Infecté : Trojan-Downloader.Win32.Agent.dlu ignoré
    C:\Program Files\ESET\infected\Q2OVAOCA.NQF RarSFX: infecté - 3 ignoré
    C:\Program Files\ESET\infected\Q2OVAOCA.NQF PE-Crypt.XorPE: infecté - 3 ignoré
    C:\Program Files\ESET\infected\QFNUQKCA.NQF Infecté : Backdoor.Win32.Prorat.19 ignoré
    C:\Program Files\ESET\infected\SCMJSQAA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\SMPXI2BA.NQF Infecté : Trojan.Win32.Agent.bcn ignoré
    C:\Program Files\ESET\infected\T3KYZ5BA.NQF Infecté : Sniffer.Win32.WpePro.a ignoré
    C:\Program Files\ESET\infected\UOHHSBCA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\WD0WYFDA.NQF Infecté : Backdoor.Win32.SubSeven.22.plugin ignoré
    C:\Program Files\ESET\infected\YH3XC0BA.NQF Infecté : Backdoor.Win32.Prorat.18 ignoré
    C:\Program Files\ESET\infected\YNJ5FGCA.NQF Infecté : HackTool.Win32.WwwHack.a ignoré
    C:\Program Files\ESET\infected\YQVA4YAA.NQF Infecté : Virus.Win32.Sality.q ignoré
    C:\Program Files\ESET\infected\YRFVKWBA.NQF Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\Program Files\ESET\logs\virlog.dat L'objet est verrouillé ignoré
    C:\Program Files\ESET\logs\warnlog.dat L'objet est verrouillé ignoré
    C:\Program Files\Hotspot Shield\log\oas.log L'objet est verrouillé ignoré
    C:\QooBox\Quarantine\C\WINDOWS\lsassxp.exe.vir Infecté : Backdoor.Win32.Gaduka.23 ignoré
    C:\QooBox\Quarantine\C\WINDOWS\system32\Instmsng.dll.vir Infecté : Backdoor.Win32.VB.aem ignoré
    C:\QooBox\Quarantine\catchme2008-03-22_191946.76.zip/services.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\QooBox\Quarantine\catchme2008-03-22_191946.76.zip/sservice.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\QooBox\Quarantine\catchme2008-03-22_191946.76.zip/fservice.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\QooBox\Quarantine\catchme2008-03-22_191946.76.zip/reginv.dll Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\QooBox\Quarantine\catchme2008-03-22_191946.76.zip/winkey.dll Infecté : Backdoor.Win32.Prorat.19.ah ignoré
    C:\QooBox\Quarantine\catchme2008-03-22_191946.76.zip ZIP: infecté - 5 ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{2C4AC962-5E66-44F1-92E7-E315BE90C086}\RP10\change.log L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{2C4AC962-5E66-44F1-92E7-E315BE90C086}\RP2\A0000066.dll Infecté : Backdoor.Win32.VB.aem ignoré
    C:\System Volume Information\_restore{2C4AC962-5E66-44F1-92E7-E315BE90C086}\RP3\A0000123.exe Infecté : Backdoor.Win32.Gaduka.23 ignoré
    C:\VundoFix Backups\mljghgh.dll.bad Infecté : Trojan-Downloader.Win32.ConHook.bg ignoré
    C:\VundoFix Backups\sstqqrs.dll.bad Infecté : Trojan-Downloader.Win32.ConHook.bg ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\msagent\mslukw.com Infecté : Backdoor.Win32.Beastdoor.av ignoré
    C:\WINDOWS\Pplugin4.exe Infecté : Trojan-PSW.Win32.LdPinch.fi ignoré
    C:\WINDOWS\Pplugin8.exe Infecté : Backdoor.Win32.Prorat.19.p ignoré
    C:\WINDOWS\PpluginCd.dll Infecté : Backdoor.Win32.Prorat.19.p ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\dxdgns.dll Infecté : Backdoor.Win32.Beastdoor.ab ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\lncom.exe Infecté : Backdoor.Win32.Prorat.19.i ignoré
    C:\WINDOWS\system32\mscahg.com Infecté : Backdoor.Win32.Beastdoor.av ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\Alcohol 120\StarWind\logs\starwind.2008-03-23.10-13-03.log L'objet est verrouillé ignoré
    D:\Apache\logs\access.log L'objet est verrouillé ignoré
    D:\Apache\logs\error.log L'objet est verrouillé ignoré
    D:\counterstrikesource\logs\connection_log.txt L'objet est verrouillé ignoré
    D:\counterstrikesource\Steam.log L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\base source engine 2.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\counter-strike source client.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\counter-strike source shared.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\counter-strike source_french.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\source engine.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\source materials.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\source models.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\source sounds.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\sourceinit.gcf L'objet est verrouillé ignoré
    D:\counterstrikesource\SteamApps\winui.gcf L'objet est verrouillé ignoré
    D:\logs\server.log L'objet est verrouillé ignoré
    D:\Program Files\ESET\infected\WYJKIJCA.NQF Infecté : Trojan-Downloader.Win32.VB.ft ignoré
    D:\services\services.db L'objet est verrouillé ignoré
    D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    D:\System Volume Information\_restore{2C4AC962-5E66-44F1-92E7-E315BE90C086}\RP10\change.log L'objet est verrouillé ignoré

    Analyse terminée.
    23 Mars 2008 14:54:06

    Re,

    As-tu fait le scan avec Malwarebyte Antimalware ?

    Si oui as-tu un rapport ?

    23 Mars 2008 15:26:04

    Oui j'ai le rapport mais comme tu m'avais rien demandé je te le donne quand même :

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 521

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 547928
    Temps écoulé: 2 hour(s), 2 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 129
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 35

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{7be6b643-6201-4cf7-b8b1-d79ffae57cba} (Adware.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{58696980-c6b3-4ad2-ab53-718f1c3c57ca} (Adware.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\alewinsecure.winsecure (Adware.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\alewinsecure.winsecure.1 (Adware.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a1789eb6-b263-4bd6-8830-d3daaf78949a} (Adware.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\AppID\{a93a1ba9-9ee8-469f-a9fe-fd1c26700bda} (Adware.Agent) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
    HKEY_CURRENT_USER\Software\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
    HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> No action taken.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> No action taken.
    HKEY_CLASSES_ROOT\AppID\AleWinSecure.EXE (Adware.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
    HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> No action taken.
    HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> No action taken.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> No action taken.
    C:\VundoFix Backups\awtqq.exe.bad (Trojan.Vundo) -> No action taken.
    C:\VundoFix Backups\mlljk.exe.bad (Trojan.Vundo) -> No action taken.
    23 Mars 2008 16:05:48

    Re,

    Citation :
    (Adware.MyWebSearch) -> No action taken.
    C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> No action taken.
    C:\VundoFix Backups\awtqq.exe.bad (Trojan.Vundo) -> No action taken.
    C:\VundoFix Backups\mlljk.exe.bad (Trojan.Vundo) -> No action taken.


    Tu n'as pas cliqué sur supprimer la sélection :) 

    Recommence et fais-le, et poste-moi le rapport :super:

    ;) 
    23 Mars 2008 20:06:54

    Voilà ils m'ont dit qu'il y avait pas de fichiers infectés :

    Malwarebytes' Anti-Malware 1.09
    Version de la base de données: 521

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 554532
    Temps écoulé: 2 hour(s), 7 minute(s), 40 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    23 Mars 2008 20:16:42

    Re,

    Poste-moi un nouveau rapport hijackthis et dis-moi comment va le PC ;) 

    On avance :super:
    23 Mars 2008 20:52:26

    Voilà pour mon rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at Niixo 20:50:25, on 23/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\MSI\Live Update 3\LMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\counterstrikesource\Steam.exe
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\hamachi.exe
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    D:\Apache\Apache.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    D:\Apache\Apache.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\srksrv.exe
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Vidalia Bundle\Tor\tor.exe
    D:\nessusd.exe
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
    O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
    O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
    O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = ?
    O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
    O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

    --
    End of file - 14313 bytes



    Alors pour mon ordinateur : Le gestionnaire des tâches remarche, plus de messages dès le démarrage de mon ordinateur quand il arrive sur le bureau !
    Il rame un peu je pense à cause de tout ce que j'ai fais et installé !

    Je te remercie beaucoup pour tout, et si il faut continuer je continuerai !
    23 Mars 2008 21:12:17

    Re,

    1) Relance HijackThis, clique sur "do a system scan only", coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :

    O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)
    O9 - Extra 'Tools' menuitem: PhotoCapt - {D4935849-9EBC-4eac-A3AF-0C861DDAF397} - C:\Program Files\PhotoCapt\PhotoCapt.exe (file missing)


    2)
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present


    Est-ce toi qui a mis des restriction pour IE ?

    3) Fais un scan en linge avec BitDefender, avec internet explorer ! Sauvegarde tes musiques et photos, il arrive que BitDefender les supprime ;) 

    http://www.bitdefender.fr/
    et copie colle le résultat ici
    * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur I agree
    * La fenêtre change encore, clique sur Click here to scan
    * Les signatures se chargent, etc.

    Tutorial en image : http://forum.pcastuces.com/sujet.asp?f=25&s=31584

    Poste-moi le rapport en entier ;) 
    24 Mars 2008 16:38:17

    Re,

    1) Poste un nouveau rapport hijackthis ;) 

    2) Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\WINDOWS\system\System\ctf\revealer.dll

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    ;) 
    24 Mars 2008 16:59:32

    Voilàà le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at Niixo 16:58:52, on 24/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\counterstrikesource\Steam.exe
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    D:\hamachi.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    D:\Apache\Apache.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    D:\Apache\Apache.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\srksrv.exe
    D:\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    D:\nessusd.exe
    C:\Program Files\Vidalia Bundle\Tor\tor.exe
    C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Clavier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\PhotoFiltre Studio\pf-studio.exe
    C:\Documents and Settings\Alix\Bureau\Logiciels utiles\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://habbo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
    O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - D:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinVNC] "D:\UltraVNC\winvnc.exe" -servicehelper
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system\System\ctf\ctfmon.exe /b
    O4 - HKLM\..\Run: [SystemXP1] "C:\WINDOWS\regedit.exe" -s "C:\WINDOWS\system\System\NO\settings.reg"
    O4 - HKLM\..\Run: [SystemNT1] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /install
    O4 - HKLM\..\Run: [SystemNT2] "C:\WINDOWS\system\System\FZS\FlashPlayer.exe" /start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VoipStunt] "D:\VoipStunt\VoipStunt.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [VoipDiscount] "D:\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [Steam] "D:\counterstrikesource\Steam.exe" -silent
    O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
    O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Alix\Bureau\yodm-3d\yodm-3d\Yodm3D.exe
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
    O4 - Startup: hamachi.lnk = ?
    O4 - Startup: IMVU.lnk = D:\IMVU\IMVUClient.exe
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\MSWorks\Calendrier\WKCALREM.EXE
    O4 - Startup: Yahoo! Widget Engine.lnk = D:\Yahoo! Widget Engine\YahooWidgetEngine.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
    O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer l'image sur mon Téléphone avec PhotoCapt - res://C:\Program Files\PhotoCapt\PhotoCapt.exe/143
    O8 - Extra context menu item: Save Flash - res://D:\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - D:\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay121.hotmail.msn.com/resources/MsnPUpl...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache - Unknown owner - D:\Apache\Apache.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\WINDOWS\system\System\FZS\FlashPlayer.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Serveur intermédiaire pour Messenger (MsgrIntSvc) - <n!co:9.1 /> - C:\Program Files\MsgrIntSvr\MsgrIntSvr.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PoliceService - Unknown owner - C:\WINDOWS\system32\srksrv.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - D:\nessusd.exe

    --
    End of file - 13882 bytes


    Je continue :p 
    24 Mars 2008 17:07:42

    Et voilà : C:\WINDOWS\system\System\ctf\ctfmon.exe




    Fichier ctfmon.exe reçu le 2008.03.11 03:20:28 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - SPR/RevealerKeylogger.B.1
    Authentium - - -
    Avast - - -
    AVG - - Potentially harmful program Logger.CYJ
    BitDefender - - Application.Keylogger.Revealer.1.2
    CAT-QuickHeal - - -
    ClamAV - - Trojan.Keylogger-209
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - Not-A-Virus.Monitor.Win32.RevealerKeylogger.b
    FileAdvisor - - High threat detected
    Fortinet - - Keylog/RevealerKeylogger
    F-Prot - - -
    F-Secure - - -
    Ikarus - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    Kaspersky - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - Trj/Keylog.LH
    Rising - - -
    Sophos - - -
    Sunbelt - - Revealer Free Edition
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - Riskware.RevealerKeylogger.B.1
    Information additionnelle
    MD5: e4a7ff1e401db58f25eb5f4161bf77f3
    SHA1: 088185c25f9d75cad99b049c25c995fda95db4ff
    SHA256: c9af4f05f80e365062b41d976697b2077007363bd3fed652415263de2491899f
    SHA512: b910f508c538b7a30c147efe0c298b988179de820fba213c3d7fb10cb38431d8 fb97566fe4a2132fac566a730ee18bf847e46b057a50ef9fc4b5e79935b9f8d0

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - SPR/RevealerKeylogger.B.1
    Authentium - - -
    Avast - - -
    AVG - - Potentially harmful program Logger.CYJ
    BitDefender - - Application.Keylogger.Revealer.1.2
    CAT-QuickHeal - - -
    ClamAV - - Trojan.Keylogger-209
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - Not-A-Virus.Monitor.Win32.RevealerKeylogger.b
    FileAdvisor - - High threat detected
    Fortinet - - Keylog/RevealerKeylogger
    F-Prot - - -
    F-Secure - - -
    Ikarus - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    Kaspersky - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - Trj/Keylog.LH
    Rising - - -
    Sophos - - -
    Sunbelt - - Revealer Free Edition
    Symantec - - -
    TheHacker - - -
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - Riskware.RevealerKeylogger.B.1

    Information additionnelle
    MD5: e4a7ff1e401db58f25eb5f4161bf77f3
    SHA1: 088185c25f9d75cad99b049c25c995fda95db4ff
    SHA256: c9af4f05f80e365062b41d976697b2077007363bd3fed652415263de2491899f
    SHA512: b910f508c538b7a30c147efe0c298b988179de820fba213c3d7fb10cb38431d8 fb97566fe4a2132fac566a730ee18bf847e46b057a50ef9fc4b5e79935b9f8d0
    24 Mars 2008 17:09:59

    Voilà pour : C:\WINDOWS\system\System\ctf\revealer.dll




    Fichier revealer.dll reçu le 2008.03.19 05:59:57 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - Potentially harmful program Logger.CYI
    BitDefender - - Application.Keylogger.Revealer.1.2
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - Not-A-Virus.Monitor.Win32.RevealerKeylogger.b
    FileAdvisor - - High threat detected
    Fortinet - - Keylog/RevealerKeylogger
    F-Prot - - -
    F-Secure - - -
    Ikarus - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    Kaspersky - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - Generic Malware
    Prevx1 - - -
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    TheHacker - - Aplicacion/RevealerKeylogger.b
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - Riskware.RevealerKeylogger.B
    Information additionnelle
    MD5: 14671309288fa66bda37d9680a58fc8d
    SHA1: a8650804f60e833a3e4ff69920650c709e74686f
    SHA256: 6711293a11fb51d4a998c9a22768159c8e6c4808026f4437810a5ceecdca9703
    SHA512: e2086e3b6dc64ef52cb0a5f2ffda13a606a3658703683025ecadf82922cba553 9baf52f019aadd341a1a8c2d6817ad9cd2792c95a88d0cbec59265c9623591c2

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - Potentially harmful program Logger.CYI
    BitDefender - - Application.Keylogger.Revealer.1.2
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - Not-A-Virus.Monitor.Win32.RevealerKeylogger.b
    FileAdvisor - - High threat detected
    Fortinet - - Keylog/RevealerKeylogger
    F-Prot - - -
    F-Secure - - -
    Ikarus - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    Kaspersky - - not-a-virus:Monitor.Win32.RevealerKeylogger.b
    McAfee - - -
    Microsoft - - -
    NOD32v2 - - -
    Norman - - -
    Panda - - Generic Malware
    Prevx1 - - -
    Rising - - -
    Sophos - - -
    Sunbelt - - -
    TheHacker - - Aplicacion/RevealerKeylogger.b
    VBA32 - - -
    VirusBuster - - -
    Webwasher-Gateway - - Riskware.RevealerKeylogger.B

    Information additionnelle
    MD5: 14671309288fa66bda37d9680a58fc8d
    SHA1: a8650804f60e833a3e4ff69920650c709e74686f
    SHA256: 6711293a11fb51d4a998c9a22768159c8e6c4808026f4437810a5ceecdca9703
    SHA512: e2086e3b6dc64ef52cb0a5f2ffda13a606a3658703683025ecadf82922cba553 9baf52f019aadd341a1a8c2d6817ad9cd2792c95a88d0cbec59265c9623591c2
    24 Mars 2008 17:49:55

    Re,

    1) Télécharger OTMoveIt2 par OldTimer.

  • Enregistrer ce fichier sur le Bureau.
  • Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    C:\WINDOWS\system\System\ctf\ctfmon.exe
    C:\WINDOWS\system\System\ctf\revealer.dll

  • Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
  • Cliquer sur le bouton rouge Moveit!.
  • Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
  • Fermer OTMoveIt2

    Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

    Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l'outil.

    2) Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
    http://www.suspectfile.com/systemscan/

    * Coche uniquement cette case, décoche tout le reste :

    - Recent Files, 30 days

    Puis clic sur scan now, soit patient.
    Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.

    ;) 
    24 Mars 2008 20:47:22

    Voilà pour MoveIt :

    C:\WINDOWS\system\System\ctf\ctfmon.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system\System\ctf\revealer.dll
    C:\WINDOWS\system\System\ctf\revealer.dll NOT unregistered.
    C:\WINDOWS\system\System\ctf\revealer.dll moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03242008_204547
    24 Mars 2008 20:58:02

    SystemScan - www.suspectfile.com - ver. 3.5.0 (code: holifay & bReAkdOWn)

    Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
    System directory: C:\WINDOWS
    SystemScan file: C:\Documents and Settings\Alix\Bureau\sys22931.exe
    Running in: User mode
    Date: 24/03/2008
    Time: 20:57:33 Niixo

    Output limited to:
    -Recent files

    ===================== Recent files (30 days old) =====================

    ----- recent files in C:\
    09/03/2008 10:21:26 (DIR) 0 byte 15 days old -- Downloads
    09/03/2008 17:40:31 (DIR) 0 byte 15 days old -- plug
    09/03/2008 17:40:34 3957 byte 15 days old -- ST5UNST.LOG
    09/03/2008 17:41:15 616 byte 15 days old -- odnis.cfg
    14/03/2008 22:00:16 175678 byte 10 days old -- _SQL.txt
    15/03/2008 16:20:50 (DIR) 0 byte 9 days old -- MSOCache
    21/03/2008 00:23:56 (DIR) 0 byte 3 days old -- SDFix
    22/03/2008 18:14:23 2450 byte 2 days old -- cleannavi.txt
    22/03/2008 18:18:52 (DIR) 0 byte 2 days old -- fixwareout
    22/03/2008 18:24:29 (DIR) 0 byte 2 days old -- VundoFix Backups
    22/03/2008 19:00:48 1273 byte 2 days old -- VundoFix.txt
    22/03/2008 19:20:08 (DIR) 0 byte 2 days old -- System Volume Information
    22/03/2008 19:28:21 (DIR) 0 byte 2 days old -- Documents and Settings
    22/03/2008 22:10:22 (DIR) 0 byte 2 days old -- QooBox
    22/03/2008 22:21:43 14122 byte 2 days old -- ComboFix.txt
    22/03/2008 22:21:47 (DIR) 0 byte 2 days old -- ComboFix
    23/03/2008 08:46:10 (DIR) 0 byte 1 days old -- Config.Msi
    23/03/2008 08:48:54 (DIR) 0 byte 1 days old -- Program Files
    23/03/2008 12:08:38 (DIR) 0 byte 1 days old -- tmp
    24/03/2008 14:02:18 1610612736 byte 0 days old -- pagefile.sys
    24/03/2008 15:17:02 (DIR) 0 byte 0 days old -- WINDOWS
    24/03/2008 20:45:47 (DIR) 0 byte 0 days old -- _OTMoveIt
    24/03/2008 20:57:33 (DIR) 0 byte 0 days old -- suspectfile

    ----- recent files in C:\WINDOWS\
    09/10/1618 02:17:02 3120 byte 1 days old -- MF_C425.lfa
    09/10/1618 07:03:22 3120 byte 1 days old -- MF_C420.lfa
    09/10/1618 07:03:22 3120 byte 1 days old -- MF_C421.lfa
    12/03/2008 13:33:03 1409 byte 12 days old -- QTFont.for
    15/03/2008 16:27:39 (DIR) 0 byte 9 days old -- Fonts
    15/03/2008 16:32:56 (DIR) 0 byte 9 days old -- ShellNew
    15/03/2008 21:13:52 318 byte 9 days old -- WPE PRO.INI
    19/03/2008 14:30:55 121357 byte 5 days old -- wmsetup.log
    22/03/2008 09:52:08 (DIR) 0 byte 2 days old -- pss
    22/03/2008 11:26:14 (DIR) 0 byte 2 days old -- ERUNT
    22/03/2008 11:42:00 (DIR) 0 byte 2 days old -- system
    22/03/2008 19:02:23 74305 byte 2 days old -- BM932eb5ea.txt
    22/03/2008 19:16:47 (DIR) 0 byte 2 days old -- erdnt
    22/03/2008 22:12:11 227 byte 2 days old -- system.ini
    23/03/2008 08:19:48 (DIR) 0 byte 1 days old -- Cursors
    23/03/2008 08:46:10 (DIR) 0 byte 1 days old -- Installer
    23/03/2008 08:50:10 32710 byte 1 days old -- KB915865.log
    23/03/2008 08:50:36 32114 byte 1 days old -- NLSDownlevelMapping.log
    23/03/2008 08:50:54 33787 byte 1 days old -- IDNMitigationAPIs.log
    23/03/2008 08:51:51 (DIR) 0 byte 1 days old -- ie7
    23/03/2008 08:52:07 (DIR) 0 byte 1 days old -- Media
    23/03/2008 08:52:12 (DIR) 0 byte 1 days old -- WBEM
    23/03/2008 08:52:29 142599 byte 1 days old -- ie7.log
    23/03/2008 08:53:43 76901 byte 1 days old -- KB942615-IE7.log
    23/03/2008 08:53:43 1374 byte 1 days old -- imsins.BAK
    23/03/2008 08:53:45 (DIR) 0 byte 1 days old -- $hf_mig$
    23/03/2008 08:53:56 181381 byte 1 days old -- updspapi.log
    23/03/2008 08:54:04 891306 byte 1 days old -- FaxSetup.log
    23/03/2008 08:54:04 437196 byte 1 days old -- ocgen.log
    23/03/2008 08:54:04 45259 byte 1 days old -- msgsocm.log
    23/03/2008 08:54:05 49488 byte 1 days old -- ocmsn.log
    23/03/2008 08:54:05 308549 byte 1 days old -- comsetup.log
    23/03/2008 08:54:05 187061 byte 1 days old -- ntdtcsetup.log
    23/03/2008 08:54:05 347999 byte 1 days old -- tsoc.log
    23/03/2008 08:54:05 59880 byte 1 days old -- KB944533-IE7.log
    23/03/2008 08:54:05 141678 byte 1 days old -- iis6.log
    23/03/2008 08:54:05 1374 byte 1 days old -- imsins.log
    23/03/2008 08:55:51 82086 byte 1 days old -- ie7_main.log
    23/03/2008 08:57:26 (DIR) 0 byte 1 days old -- Help
    23/03/2008 08:58:45 62452 byte 1 days old -- spupdsvc.log
    23/03/2008 09:07:57 (DIR) 0 byte 1 days old -- assembly
    23/03/2008 09:07:57 (DIR) 0 byte 1 days old -- Microsoft.NET
    23/03/2008 10:12:30 (DIR) 0 byte 1 days old -- Minidump
    23/03/2008 16:00:38 830 byte 1 days old -- win.ini
    23/03/2008 17:52:35 1254496 byte 1 days old -- ntbtlog.txt
    23/03/2008 20:58:43 32616 byte 1 days old -- SchedLgU.Txt
    24/03/2008 14:02:20 2048 byte 0 days old -- bootstat.dat
    24/03/2008 14:02:29 54156 byte 0 days old -- QTFont.qfn
    24/03/2008 14:03:01 50 byte 0 days old -- wiaservc.log
    24/03/2008 14:03:04 159 byte 0 days old -- wiadebug.log
    24/03/2008 14:03:27 0 byte 0 days old -- 0.log
    24/03/2008 14:30:39 (DIR) 0 byte 0 days old -- LastGood
    24/03/2008 14:30:43 793959 byte 0 days old -- setupapi.log
    24/03/2008 14:30:43 (DIR) 0 byte 0 days old -- Downloaded Program Files
    24/03/2008 14:35:17 (DIR) 0 byte 0 days old -- BDOSCAN8
    24/03/2008 15:13:40 (DIR) 0 byte 0 days old -- msagent
    24/03/2008 18:44:32 (DIR) 0 byte 0 days old -- system32
    24/03/2008 19:08:09 17247 byte 0 days old -- KB938127-IE7.log
    24/03/2008 19:08:09 (DIR) 0 byte 0 days old -- inf
    24/03/2008 20:03:31 (DIR) 0 byte 0 days old -- TEMP
    24/03/2008 20:44:44 1691137 byte 0 days old -- WindowsUpdate.log
    24/03/2008 20:57:11 (DIR) 0 byte 0 days old -- Prefetch

    ----- recent files in C:\WINDOWS\Downloaded Program Files\

    ----- recent files in C:\WINDOWS\system\

    ----- recent files in C:\WINDOWS\system32\
    05/03/2008 17:30:54 19148408 byte 19 days old -- MRT.exe
    09/03/2008 10:49:52 4233448 byte 15 days old -- lncom_.mp3
    09/03/2008 12:38:19 108336 byte 15 days old -- Mswinsck1.ocx
    09/03/2008 12:50:09 141 byte 15 days old -- imon1.dat
    12/03/2008 19:56:06 215 byte 12 days old -- MRT.INI
    15/03/2008 18:08:54 114688 byte 9 days old -- OpenAL32.dll
    15/03/2008 18:08:54 409600 byte 9 days old -- wrap_oal.dll
    15/03/2008 20:15:53 1612616 byte 9 days old -- FNTCACHE.DAT
    15/03/2008 21:48:40 70372 byte 9 days old -- perfc009.dat
    15/03/2008 21:48:40 1072378 byte 9 days old -- PerfStringBackup.INI
    15/03/2008 21:48:40 (DIR) 0 byte 9 days old -- wbem
    15/03/2008 21:48:40 489278 byte 9 days old -- perfh00C.dat
    15/03/2008 21:48:40 85770 byte 9 days old -- perfc00C.dat
    15/03/2008 21:48:40 420072 byte 9 days old -- perfh009.dat
    22/03/2008 09:25:56 115920 byte 2 days old -- MSINET.OCX
    22/03/2008 19:18:12 (DIR) 0 byte 2 days old -- config
    22/03/2008 19:20:09 (DIR) 0 byte 2 days old -- Restore
    22/03/2008 22:21:45 (DIR) 0 byte 2 days old -- drivers
    23/03/2008 08:50:54 (DIR) 0 byte 1 days old -- CatRoot
    23/03/2008 08:53:36 (DIR) 0 byte 1 days old -- fr-fr
    23/03/2008 08:57:26 (DIR) 0 byte 1 days old -- dllcache
    24/03/2008 14:04:32 13758 byte 0 days old -- wpa.dbl
    24/03/2008 14:30:39 (DIR) 0 byte 0 days old -- CatRoot2

    ----- recent files in C:\WINDOWS\system32\drivers\
    22/03/2008 22:12:03 (DIR) 0 byte 2 days old -- etc

    ----- recent files in C:\WINDOWS\temp\
    24/03/2008 14:04:33 409 byte 0 days old -- WGANotify.settings
    24/03/2008 20:36:21 255 byte 0 days old -- WGAErrLog.txt

    ----- recent files in C:\Program Files\
    26/02/2008 19:27:51 (DIR) 0 byte 27 days old -- SmartFTP Client 2.5 Setup Files
    26/02/2008 19:28:18 (DIR) 0 byte 27 days old -- SmartFTP Client
    29/02/2008 20:47:48 (DIR) 0 byte 24 days old -- uTorrent
    03/03/2008 18:04:09 (DIR) 0 byte 21 days old -- Hotspot Shield
    04/03/2008 16:55:45 (DIR) 0 byte 20 days old -- Dofus_Beta
    07/03/2008 20:55:31 (DIR) 0 byte 17 days old -- OpenOffice.org 2.3
    09/03/2008 11:46:01 (DIR) 0 byte 15 days old -- eMule
    09/03/2008 17:44:41 (DIR) 0 byte 15 days old -- Tir
    09/03/2008 17:48:35 (DIR) 0 byte 15 days old -- Windows Live Safety Center
    09/03/2008 18:02:23 (DIR) 0 byte 15 days old -- SHOUTcast
    10/03/2008 16:27:37 (DIR) 0 byte 14 days old -- DivX
    10/03/2008 16:33:46 (DIR) 0 byte 14 days old -- Firebird
    10/03/2008 16:50:43 (DIR) 0 byte 14 days old -- Winamp Remote
    10/03/2008 17:03:41 (DIR) 0 byte 14 days old -- Winamp
    10/03/2008 18:40:25 (DIR) 0 byte 14 days old -- SpacialAudio
    15/03/2008 16:10:49 15397 byte 9 days old -- settings.dat
    15/03/2008 16:24:52 (DIR) 0 byte 9 days old -- Microsoft Visual Studio 8
    15/03/2008 16:27:25 (DIR) 0 byte 9 days old -- Microsoft.NET
    15/03/2008 16:28:02 (DIR) 0 byte 9 days old -- Fichiers communs
    15/03/2008 16:28:03 (DIR) 0 byte 9 days old -- Microsoft Visual Studio
    15/03/2008 16:28:05 (DIR) 0 byte 9 days old -- Microsoft Office
    15/03/2008 16:28:14 (DIR) 0 byte 9 days old -- MSBuild
    15/03/2008 16:28:22 (DIR) 0 byte 9 days old -- Microsoft Works
    15/03/2008 18:08:54 (DIR) 0 byte 9 days old -- OpenAL
    21/03/2008 19:45:00 (DIR) 0 byte 3 days old -- PhotoFiltre Studio
    22/03/2008 18:14:23 (DIR) 0 byte 2 days old -- Navilog1
    22/03/2008 22:27:53 (DIR) 0 byte 2 days old -- Common Files
    22/03/2008 22:28:05 (DIR) 0 byte 2 days old -- Malwarebytes' Anti-Malware
    23/03/2008 08:32:26 (DIR) 0 byte 1 days old -- Thoosje Sidebar V2.3
    23/03/2008 08:46:08 (DIR) 0 byte 1 days old -- Windows Live
    23/03/2008 08:48:54 (DIR) 0 byte 1 days old -- Blender Foundation
    23/03/2008 08:57:26 (DIR) 0 byte 1 days old -- Internet Explorer
    24/03/2008 14:17:35 (DIR) 0 byte 0 days old -- Mozilla Firefox

    ----- recent files in C:\Program Files\Fichiers communs\
    15/03/2008 16:28:02 (DIR) 0 byte 9 days old -- DESIGNER
    15/03/2008 16:32:45 (DIR) 0 byte 9 days old -- System
    15/03/2008 16:33:24 (DIR) 0 byte 9 days old -- Microsoft Shared

    ----- recent files in C:\Documents and Settings\Alix\Application Data\
    24/02/2008 16:20:50 (DIR) 0 byte 29 days old -- CoreFTP
    29/02/2008 21:04:14 (DIR) 0 byte 24 days old -- uTorrent
    10/03/2008 17:55:39 (DIR) 0 byte 14 days old -- Winamp
    11/03/2008 18:04:55 (DIR) 0 byte 13 days old -- Adobe
    12/03/2008 18:18:14 (DIR) 0 byte 12 days old -- gtk-2.0
    22/03/2008 22:28:08 (DIR) 0 byte 2 days old -- Malwarebytes
    23/03/2008 14:42:31 (DIR) 0 byte 1 days old -- Microsoft
    24/03/2008 14:02:32 (DIR) 0 byte 0 days old -- OpenOffice.org2
    24/03/2008 14:02:33 (DIR) 0 byte 0 days old -- Vidalia
    24/03/2008 14:38:06 (DIR) 0 byte 0 days old -- tor
    24/03/2008 15:48:29 (DIR) 0 byte 0 days old -- FileZilla
    24/03/2008 20:36:32 (DIR) 0 byte 0 days old -- Hamachi
    24/03/2008 20:55:48 (DIR) 0 byte 0 days old -- Skype

    ----- recent files in C:\DOCUME~1\Alix\LOCALS~1\Temp\
    22/03/2008 22:14:45 1507328 byte 2 days old -- ~DF1B34.tmp
    22/03/2008 22:27:24 (DIR) 0 byte 2 days old -- DRDld
    22/03/2008 22:27:53 1505568 byte 2 days old -- Stp17_TMP.EXE
    23/03/2008 07:54:34 20135 byte 1 days old -- Korean.bin
    23/03/2008 07:54:34 24297 byte 1 days old -- Japanese.bin
    23/03/2008 07:54:35 27409 byte 1 days old -- Italian.bin
    23/03/2008 07:54:35 25746 byte 1 days old -- German.bin
    23/03/2008 07:54:35 27237 byte 1 days old -- French.bin
    23/03/2008 07:54:35 27754 byte 1 days old -- Spanish.bin
    23/03/2008 07:54:35 24088 byte 1 days old -- SWEDISH.bin
    23/03/2008 07:54:35 16949 byte 1 days old -- TradChin.bin
    23/03/2008 07:54:35 26125 byte 1 days old -- Russian.bin
    23/03/2008 07:54:35 25741 byte 1 days old -- Dutch.bin
    23/03/2008 07:54:35 22769 byte 1 days old -- Danish.bin
    23/03/2008 07:54:36 20974 byte 1 days old -- Arabic.bin
    23/03/2008 07:54:36 26256 byte 1 days old -- Portuguese.bin
    23/03/2008 07:54:36 16404 byte 1 days old -- SimChin.bin
    23/03/2008 07:54:36 21977 byte 1 days old -- Thai.bin
    23/03/2008 07:54:36 21911 byte 1 days old -- English.bin
    23/03/2008 07:54:36 25080 byte 1 days old -- Greek.bin
    23/03/2008 07:54:37 21958 byte 1 days old -- Norwegian.bin
    23/03/2008 07:54:37 25067 byte 1 days old -- Portuguese(Brazil).bin
    23/03/2008 07:54:37 24219 byte 1 days old -- Polish.bin
    23/03/2008 07:54:37 26076 byte 1 days old -- Hungarian.bin
    23/03/2008 07:54:37 24310 byte 1 days old -- Czech.bin
    23/03/2008 07:54:37 22853 byte 1 days old -- Finnish.bin
    23/03/2008 07:54:37 19553 byte 1 days old -- Hebrew.bin
    23/03/2008 07:54:38 22246 byte 1 days old -- Turkish.bin
    23/03/2008 07:57:18 16384 byte 1 days old -- ~DFDB7E.tmp
    23/03/2008 07:58:10 (DIR) 0 byte 1 days old -- KAV Updater update files
    23/03/2008 08:32:26 1309 byte 1 days old -- AB2.wmz
    23/03/2008 10:08:01 211968 byte 1 days old -- ~4B69.tmp
    23/03/2008 10:11:17 4 byte 1 days old -- AVP4DB0.tmp
    23/03/2008 10:11:17 0 byte 1 days old -- AVP4DB1.tmp
    23/03/2008 12:00:03 65536 byte 1 days old -- ~DFD6B7.tmp
    23/03/2008 12:48:15 (DIR) 0 byte 1 days old -- hsperfdata_Alix
    23/03/2008 14:11:27 (DIR) 0 byte 1 days old -- PDFCreator
    23/03/2008 16:00:35 1740 byte 1 days old -- wmplog00.sqm
    23/03/2008 17:19:38 16384 byte 1 days old -- ~DF1A9D.tmp
    23/03/2008 20:06:16 16384 byte 1 days old -- ~DFC2F5.tmp
    24/03/2008 14:02:29 (DIR) 0 byte 0 days old -- WPDNSE
    24/03/2008 14:02:32 (DIR) 0 byte 0 days old -- svfc6.tmp
    24/03/2008 14:08:13 16384 byte 0 days old -- ~DF737C.tmp
    24/03/2008 15:43:57 0 byte 0 days old -- IMG7A.tmp
    24/03/2008 15:44:02 0 byte 0 days old -- npp.4.8.2.Installer.exe
    24/03/2008 16:00:37 36644 byte 0 days old -- AAXA1.tmp
    24/03/2008 16:27:43 16384 byte 0 days old -- ~DFE91.tmp
    24/03/2008 16:27:43 16384 byte 0 days old -- ~DFFF99.tmp
    24/03/2008 17:56:52 36644 byte 0 days old -- AAXCE.tmp
    24/03/2008 18:29:41 2263 byte 0 days old -- jusched.log
    24/03/2008 18:33:47 (DIR) 0 byte 0 days old -- DefaultEmoticons
    24/03/2008 19:32:56 (DIR) 0 byte 0 days old -- plugtmp
    24/03/2008 20:29:57 983040 byte 0 days old -- ~DFE2D.tmp
    24/03/2008 20:29:57 983040 byte 0 days old -- ~DFFF5B.tmp
    24/03/2008 20:38:32 (DIR) 0 byte 0 days old -- MessengerCache
    24/03/2008 20:56:54 (DIR) 0 byte 0 days old -- nsk159.tmp
    24/03/2008 20:56:54 50 byte 0 days old -- systemscan.ini
    24/03/2008 20:56:54 16384 byte 0 days old -- ~DF995C.tmp

    ==========================================
    Scan completed in 0,1 minutes
    End of report


    ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
    SystemScan uses some freeware tools that remain property of their authors:

    * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
    * dumphive (Markus Stephany)--> "Registry scan"
    * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
    * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
    ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

    Thanks to all of them for their hard work

        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS