Se connecter / S'enregistrer
Votre question

Pop-up et virus au secours ..

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Mars 2008 12:53:33

Bonjour a tous,

J'ai apparement un virus sur mon pc , les symptomes sont assez classique une multitude de pop up s'ouvre avec IE ( j'utilise Firefox comme navigateur par defaut )
Toutes les icones de mon bureau sont et reste en surbrillance , j'ai aussi souvent des messages d'erreurs au demarrage ( probleme avec "Loader.exe " )
Au demarrage Avast me trouve aussi a chaque fois un virus nommé " update.exe "

J'ai fait des scan complet avec Ad-aware Spybob et Avast en mode sans echec et classique mais sans succes , c'est donc pour sa que je vous sollicite

voici mon log HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:58, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\WINDOWS\system32\DeltTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Documents and Settings\gougoule\Application Data\F?nts\s?oolsv.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
D:\DOCUME~1\gougoule\MESDOC~1\SMBOLS~1\msiexec.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\gougoule\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6031C9CB-0525-5DAE-0061-5C00B7C789EA} - C:\WINDOWS\system32\khmvr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
O2 - BHO: (no name) - {D696871A-01E3-4F3D-A14D-570666C9EED9} - C:\WINDOWS\system32\cabine.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [RunDLL32] C:\WINDOWS\system32\ulmrmrmo.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Data Secure] C:\APPS\DATASEC\PBBckupUI.exe /HIDDEN
O4 - HKCU\..\Run: [SfKg6w] D:\Documents and Settings\gougoule\Application Data\Microsoft\Windows\lmmve.exe
O4 - HKCU\..\Run: [Acmw] "D:\DOCUME~1\gougoule\MESDOC~1\SMBOLS~1\msiexec.exe" -vt ndrv
O4 - HKCU\..\Run: [Jom] "D:\Documents and Settings\gougoule\Application Data\F?nts\s?oolsv.exe"
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.servicesalacarte.wanadoo.fr/activex...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Soulseek-Test\visojo.html

--
End of file - 10252 bytes


Un grand merci pour votre aide !

Autres pages sur : pop virus secours

a b 8 Sécurité
3 Mars 2008 14:04:57

Bonjour,

Pas mal d'infections, on va s'en charger ;) 

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    3 Mars 2008 16:30:27

    voila le rapport :

    ComboFix 08-03-03.12 - gougoule 2008-03-03 16:06:09.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.557 [GMT 1:00]
    Endroit: D:\Documents and Settings\gougoule\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Router
    C:\Program Files\Router\UnInstall.exe
    C:\Program Files\Soulseek-Test\visojo.html
    C:\Program Files\Temporary
    C:\Program Files\Temporary\InsiDERInst.exe
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\Conditions générales.url
    C:\Program Files\webmediaplayer\Confidentialité.url
    C:\Program Files\webmediaplayer\resources\languages_v2.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\sqlite3.dll
    C:\Program Files\webmediaplayer\uninst.exe
    C:\Program Files\webmediaplayer\WebMediaPlayer.exe
    C:\Program Files\webmediaplayer\Website.url
    C:\WINDOWS\b153.exe
    C:\WINDOWS\system32\nvs2.inf
    D:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\WebMediaPlayer
    D:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\WebMediaPlayer\Conditions générales.lnk
    D:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\WebMediaPlayer\Confidentialité.lnk
    D:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\WebMediaPlayer\WebMediaPlayer.lnk
    D:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\WebMediaPlayer\Website.lnk
    D:\Documents and Settings\gougoule\Application Data\FNTS~1
    D:\Documents and Settings\gougoule\Application Data\FNTS~1\s?oolsv.exe
    D:\Documents and Settings\gougoule\Application Data\inst.exe
    D:\Documents and Settings\gougoule\Application Data\macromedia\Flash Player\#SharedObjects\47H5N8CG\www.broadcaster.com
    D:\Documents and Settings\gougoule\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    D:\Documents and Settings\gougoule\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    D:\Documents and Settings\gougoule\Application Data\WinTouch
    D:\Documents and Settings\gougoule\Application Data\WinTouch\wintouch.cfg
    D:\Documents and Settings\gougoule\Local Settings\Application Data\xazuuzxke.dat
    D:\Documents and Settings\gougoule\Local Settings\Application Data\xazuuzxke.exe
    D:\Documents and Settings\gougoule\Local Settings\Application Data\xazuuzxke_nav.dat
    D:\Documents and Settings\gougoule\Local Settings\Application Data\xazuuzxke_navps.dat
    D:\Documents and Settings\gougoule\Mes documents\SMBOLS~1
    D:\Documents and Settings\gougoule\Mes documents\SMBOLS~1\msiexec.exe
    D:\Documents and Settings\gougoule\Mes documents\SMBOLS~1\s?mbols\

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-03 05:42 . 2002-09-12 15:04 88,064 --a------ C:\WINDOWS\system32\ASTAudioFil.dll
    2008-03-01 01:24 . 2008-03-01 01:24 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-29 19:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-02-29 19:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-02-29 19:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-02-28 18:32 . 2008-02-28 18:32 <REP> d-------- C:\Program Files\Smart Projects
    2008-02-28 17:00 . 2008-02-28 17:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2008-02-28 17:00 . 2008-02-28 17:00 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-27 13:05 . 2008-02-27 13:05 <REP> d-------- C:\Program Files\SpyShredder
    2008-02-27 13:05 . 2008-02-27 13:05 1,571 --a------ C:\Uninstall.lnk
    2008-02-26 20:06 . 2008-03-03 11:56 <REP> d-------- C:\Program Files\a-squared Free
    2008-02-26 13:02 . 2004-08-05 13:00 88,064 --a------ C:\WINDOWS\system32\cabine.dll
    2008-02-17 19:32 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-17 19:32 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-17 19:32 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-17 19:32 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-17 19:32 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-17 19:32 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-17 19:32 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-17 12:02 . 2008-02-17 11:59 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-17 12:02 . 2008-02-17 12:02 3,458 --a------ C:\WINDOWS\unins000.dat
    2008-02-16 19:29 . 2008-02-28 22:14 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-02-16 11:03 . 2008-02-16 11:03 <REP> d-------- C:\Program Files\Foxit Software
    2008-02-11 01:52 . 2008-02-11 01:52 <REP> d-------- C:\Program Files\db-audioware
    2008-02-11 00:30 . 2008-02-11 00:30 <REP> d-------- C:\ASIO
    2008-02-11 00:29 . 2008-02-11 00:30 <REP> d-------- C:\Cubase SX 3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-03 15:09 --------- d-----w C:\Program Files\Soulseek-Test
    2008-03-03 11:14 --------- d-----w C:\Program Files\Gabest
    2008-03-03 11:12 --------- d-----w C:\Program Files\Power IE
    2008-03-03 11:11 --------- d-----w C:\Program Files\Team MediaPortal
    2008-03-03 11:11 --------- d-----w C:\Program Files\MeuhMeuhTV Alpha
    2008-03-03 11:09 --------- d-----w C:\Program Files\HTML Template Generator
    2008-03-03 11:08 --------- d-----w C:\Program Files\Java
    2008-03-03 11:07 --------- d-----w D:\Documents and Settings\gougoule\Application Data\ATI
    2008-03-03 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-03 09:27 --------- d-----w C:\Program Files\eMule
    2008-02-29 19:33 --------- d-----r C:\Program Files\VstPlugins
    2008-02-28 21:11 --------- d-----w D:\Documents and Settings\gougoule\Application Data\OpenOffice.org2
    2008-02-28 16:01 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-28 16:00 --------- d-----w C:\Program Files\Windows Live
    2008-02-26 22:02 --------- d-----w C:\Program Files\MessengerDiscovery
    2008-02-21 07:01 --------- d-----w C:\Program Files\Picasa2
    2008-02-17 18:39 --------- d-----w C:\Program Files\AOL 9.0
    2008-02-17 18:32 --------- d-----w C:\Program Files\Alwil Software
    2008-02-17 11:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-14 23:49 --------- d-----w D:\Documents and Settings\gougoule\Application Data\Ableton
    2008-02-14 23:48 --------- d-----w C:\Program Files\Ableton
    2008-02-10 23:26 --------- d-----w C:\Program Files\Syncrosoft
    2008-01-31 11:14 --------- d-----w C:\Program Files\Vanguard
    2008-01-21 09:37 --------- d-----w C:\Program Files\Micro Application
    2008-01-19 20:09 --------- d-----w C:\Program Files\mIRC
    2008-01-17 19:14 --------- d-----w C:\Program Files\Microsoft FrontPage Express
    2008-01-14 18:58 --------- d-----w C:\Program Files\Magix
    2008-01-14 18:25 --------- d-----w C:\Program Files\Pinnacle
    2008-01-07 17:19 --------- d---a-w D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-01-07 17:19 --------- d-----w D:\DOCUME~1\ALLUSE~1\APPLIC~1\DeskShare
    2008-01-07 17:19 --------- d-----w C:\Program Files\Fichiers communs\DeskShare Shared
    2008-01-07 17:19 --------- d-----w C:\Program Files\Deskshare
    2007-10-01 16:45 47,360 ----a-w D:\Documents and Settings\gougoule\Application Data\pcouffin.sys
    2006-11-25 13:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2006-04-30 13:24 22,983 ----a-w D:\Documents and Settings\gougoule\x.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6031C9CB-0525-5DAE-0061-5C00B7C789EA}]
    C:\WINDOWS\system32\khmvr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
    2006-12-22 13:06 126976 --a------ C:\Program Files\BitDownload\TorrentManager.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D696871A-01E3-4F3D-A14D-570666C9EED9}]
    2004-08-05 13:00 88064 --a------ C:\WINDOWS\system32\cabine.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"= C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [ ]

    [HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a}]
    [HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Data Secure"="C:\APPS\DATASEC\PBBckupUI.exe" [2005-01-11 17:31 2257408]
    "Acmw"="D:\DOCUME~1\gougoule\MESDOC~1\SMBOLS~1\msiexec.exe" [ ]
    "Jom"="D:\Documents and Settings\gougoule\Application Data\F?nts\s?oolsv.exe" [ ]
    "MSI Configuration"="msiconf.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DSLAGENTEXE"="dslagent.exe" [2001-09-10 08:56 16384 C:\WINDOWS\system32\dslagent.exe]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "GSICONEXE"="GSICON.EXE" [2001-09-10 08:56 90112 C:\WINDOWS\system32\gsicon.exe]
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-10-27 10:43 1495111]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
    "DeltTray"="DeltTray.exe" [2004-08-26 21:43 56320 C:\WINDOWS\system32\delttray.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 22:44 8429568]
    "nwiz"="nwiz.exe" [2007-04-12 22:44 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 22:44 81920]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RunDLL32"="C:\WINDOWS\system32\ulmrmrmo.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    --a------ 2003-05-02 10:31 24576 c:\apps\ABoard\ABoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    -ra------ 2007-03-01 09:37 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
    C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-09-18 15:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
    --a------ 2004-03-04 04:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    --a------ 2005-10-23 00:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --------- 2005-05-11 13:48 127118 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder]
    --a------ 2008-02-27 13:05 402944 C:\Program Files\SpyShredder\SpyShredder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-10-12 21:21 1271032 C:\Program Files\Valve\Steam\\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-10-30 13:06 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
    D:\Documents and Settings\gougoule\Application Data\WinTouch\WinTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xazuuzxke]
    d:\documents and settings\gougoule\local settings\application data\xazuuzxke.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WebClient"=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$SONY_MEDIAMGR"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "iPodService"=3 (0x3)
    "gusvc"=3 (0x3)
    "CLCapSvc"=2 (0x2)
    "Boonty Games"=3 (0x3)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "aswUpdSv"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "MysqlInventime"=3 (0x3)
    "iPod Service"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Soulseek-Test\\slsk.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
    "C:\\Program Files\\AOL 9.0\\aol.exe"=
    "C:\\Program Files\\EA SPORTS\\FIFA 06\\FIFA06.exe"=
    "C:\\APPS\\skype\\phone\\Skype.exe"=
    "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
    "C:\\web\\EasyPHP1-7\\apache\\apache.exe"=
    "C:\\Program Files\\EA SPORTS\\FIFA 08\\FIFA08.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\juliusss118\\team fortress classic\\hl.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\APPS\\Powercinema\\PowerCinema.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8000:TCP"= 8000:TCP:*:D isabled:lol
    "8000:UDP"= 8000:UDP:*:D isabled:lol2
    "800:TCP"= 800:TCP:gnu
    "14464:TCP"= 14464:TCP:BitComet 14464 TCP
    "14464:UDP"= 14464:UDP:BitComet 14464 UDP

    R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 11:10]
    R2 Tenable Nessus;Tenable Nessus;"C:\Program Files\Tenable\Nessus\nessusd.exe" [2007-03-12 11:02]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 16:04]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    S2 gafwload;GlobeSpan Usb ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-10 08:56]
    S2 LDRVREYT;LDRVREYT;C:\WINDOWS\system32\ldrvreyt.eeq []
    S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 12:44]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-05-12 20:53]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\honqf]
    C:\WINDOWS\system32\honqf.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-03 16:14:03
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background??s

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-03 16:18:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-03 15:18:01
    .
    2008-03-01 00:24:04 --- E O F ---
    Contenus similaires
    3 Mars 2008 16:42:54

    A noter que j'ai plus de fenetre pop up qui s'ouvre apparement et plus de msg d'erreurs au demarrage , il me reste juste les icones du bureau en surbrillance mais je me demande si c'est lié maintenant ou le probleme vien pas d'ailleur ? ça avais apparu en meme temp a peu pres

    Je reposte un log HijackThis au cas ou :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:41:59, on 03/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\DeltTray.exe
    C:\Program Files\Tenable\Nessus\nessusd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Documents and Settings\gougoule\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/fr.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6031C9CB-0525-5DAE-0061-5C00B7C789EA} - C:\WINDOWS\system32\khmvr.dll (file missing)
    O2 - BHO: (no name) - {6F5F56E5-28E6-46EF-9AD1-B454F3B37449} - C:\WINDOWS\system32\cabine.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
    O2 - BHO: (no name) - {D696871A-01E3-4F3D-A14D-570666C9EED9} - C:\WINDOWS\system32\cabine.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [RunDLL32] C:\WINDOWS\system32\ulmrmrmo.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Data Secure] C:\APPS\DATASEC\PBBckupUI.exe /HIDDEN
    O4 - HKCU\..\Run: [Acmw] "D:\DOCUME~1\gougoule\MESDOC~1\SMBOLS~1\msiexec.exe" -vt ndrv
    O4 - HKCU\..\Run: [Jom] "D:\Documents and Settings\gougoule\Application Data\F?nts\s?oolsv.exe"
    O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9943 bytes
    a b 8 Sécurité
    3 Mars 2008 17:15:08

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\cabine.dll
    D:\Documents and Settings\gougoule\x.exe
    C:\WINDOWS\system32\khmvr.dll
    C:\WINDOWS\system32\ulmrmrmo.exe

    Folder::
    C:\PROGRA~1\BFGTOO~1

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6031C9CB-0525-5DAE-0061-5C00B7C789EA}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D696871A-01E3-4F3D-A14D-570666C9EED9}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"=-
    [-HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a}]
    [-HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acmw"=-
    "Jom"=-
    "MSI Configuration"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RunDLL32"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xazuuzxke]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    3 Mars 2008 19:18:10

    voici le rapport combofix :

    ComboFix 08-03-03.12 - gougoule 2008-03-03 18:54:51.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.593 [GMT 1:00]
    Endroit: D:\Documents and Settings\gougoule\Bureau\ComboFix.exe
    Command switches used :: D:\Documents and Settings\gougoule\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\WINDOWS\system32\cabine.dll
    C:\WINDOWS\system32\khmvr.dll
    C:\WINDOWS\system32\ulmrmrmo.exe
    D:\Documents and Settings\gougoule\x.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cabine.dll
    D:\Documents and Settings\gougoule\x.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-03 to 2008-03-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-03 05:42 . 2002-09-12 15:04 88,064 --a------ C:\WINDOWS\system32\ASTAudioFil.dll
    2008-03-01 01:24 . 2008-03-01 01:24 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-02-29 19:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-02-29 19:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-02-29 19:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-02-28 18:32 . 2008-02-28 18:32 <REP> d-------- C:\Program Files\Smart Projects
    2008-02-28 17:00 . 2008-02-28 17:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
    2008-02-28 17:00 . 2008-02-28 17:00 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-27 13:05 . 2008-02-27 13:05 <REP> d-------- C:\Program Files\SpyShredder
    2008-02-27 13:05 . 2008-02-27 13:05 1,571 --a------ C:\Uninstall.lnk
    2008-02-26 20:06 . 2008-03-03 11:56 <REP> d-------- C:\Program Files\a-squared Free
    2008-02-17 19:32 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-17 19:32 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-17 19:32 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-17 19:32 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-17 19:32 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-17 19:32 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-17 19:32 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-17 12:02 . 2008-02-17 11:59 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-02-17 12:02 . 2008-02-17 12:02 3,458 --a------ C:\WINDOWS\unins000.dat
    2008-02-16 19:29 . 2008-02-28 22:14 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
    2008-02-16 11:03 . 2008-02-16 11:03 <REP> d-------- C:\Program Files\Foxit Software
    2008-02-11 01:52 . 2008-02-11 01:52 <REP> d-------- C:\Program Files\db-audioware
    2008-02-11 00:30 . 2008-02-11 00:30 <REP> d-------- C:\ASIO
    2008-02-11 00:29 . 2008-02-11 00:30 <REP> d-------- C:\Cubase SX 3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-03 16:19 --------- d-----w D:\Documents and Settings\gougoule\Application Data\OpenOffice.org2
    2008-03-03 15:09 --------- d-----w C:\Program Files\Soulseek-Test
    2008-03-03 11:14 --------- d-----w C:\Program Files\Gabest
    2008-03-03 11:12 --------- d-----w C:\Program Files\Power IE
    2008-03-03 11:11 --------- d-----w C:\Program Files\Team MediaPortal
    2008-03-03 11:11 --------- d-----w C:\Program Files\MeuhMeuhTV Alpha
    2008-03-03 11:09 --------- d-----w C:\Program Files\HTML Template Generator
    2008-03-03 11:08 --------- d-----w C:\Program Files\Java
    2008-03-03 11:07 --------- d-----w D:\Documents and Settings\gougoule\Application Data\ATI
    2008-03-03 10:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-03 09:27 --------- d-----w C:\Program Files\eMule
    2008-02-29 19:33 --------- d-----r C:\Program Files\VstPlugins
    2008-02-28 16:01 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-28 16:00 --------- d-----w C:\Program Files\Windows Live
    2008-02-26 22:02 --------- d-----w C:\Program Files\MessengerDiscovery
    2008-02-21 07:01 --------- d-----w C:\Program Files\Picasa2
    2008-02-17 18:39 --------- d-----w C:\Program Files\AOL 9.0
    2008-02-17 18:32 --------- d-----w C:\Program Files\Alwil Software
    2008-02-17 11:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-14 23:49 --------- d-----w D:\Documents and Settings\gougoule\Application Data\Ableton
    2008-02-14 23:48 --------- d-----w C:\Program Files\Ableton
    2008-02-10 23:26 --------- d-----w C:\Program Files\Syncrosoft
    2008-01-31 11:14 --------- d-----w C:\Program Files\Vanguard
    2008-01-21 09:37 --------- d-----w C:\Program Files\Micro Application
    2008-01-19 20:09 --------- d-----w C:\Program Files\mIRC
    2008-01-17 19:14 --------- d-----w C:\Program Files\Microsoft FrontPage Express
    2008-01-14 18:58 --------- d-----w C:\Program Files\Magix
    2008-01-14 18:25 --------- d-----w C:\Program Files\Pinnacle
    2008-01-07 17:19 --------- d---a-w D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-01-07 17:19 --------- d-----w D:\DOCUME~1\ALLUSE~1\APPLIC~1\DeskShare
    2008-01-07 17:19 --------- d-----w C:\Program Files\Fichiers communs\DeskShare Shared
    2008-01-07 17:19 --------- d-----w C:\Program Files\Deskshare
    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-07 14:37 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-10-01 16:45 47,360 ----a-w D:\Documents and Settings\gougoule\Application Data\pcouffin.sys
    2006-11-25 13:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
    2006-12-22 13:06 126976 --a------ C:\Program Files\BitDownload\TorrentManager.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Data Secure"="C:\APPS\DATASEC\PBBckupUI.exe" [2005-01-11 17:31 2257408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DSLAGENTEXE"="dslagent.exe" [2001-09-10 08:56 16384 C:\WINDOWS\system32\dslagent.exe]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
    "GSICONEXE"="GSICON.EXE" [2001-09-10 08:56 90112 C:\WINDOWS\system32\gsicon.exe]
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-10-27 10:43 1495111]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
    "DeltTray"="DeltTray.exe" [2004-08-26 21:43 56320 C:\WINDOWS\system32\delttray.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 22:44 8429568]
    "nwiz"="nwiz.exe" [2007-04-12 22:44 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 22:44 81920]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 17:48 77824 C:\WINDOWS\SOUNDMAN.EXE]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
    --a------ 2003-05-02 10:31 24576 c:\apps\ABoard\ABoard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    -ra------ 2007-03-01 09:37 2321600 C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
    C:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-09-18 15:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series]
    --a------ 2004-03-04 04:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
    --a------ 2005-10-23 00:00 385024 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-11-02 18:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    --------- 2005-05-11 13:48 127118 c:\Apps\Powercinema\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-10-19 20:16 286720 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyShredder]
    --a------ 2008-02-27 13:05 402944 C:\Program Files\SpyShredder\SpyShredder.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2007-10-12 21:21 1271032 C:\Program Files\Valve\Steam\\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-10-30 13:06 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
    D:\Documents and Settings\gougoule\Application Data\WinTouch\WinTouch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WebClient"=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$SONY_MEDIAMGR"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "iPodService"=3 (0x3)
    "gusvc"=3 (0x3)
    "CLCapSvc"=2 (0x2)
    "Boonty Games"=3 (0x3)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    "avast! Antivirus"=2 (0x2)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    "aswUpdSv"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "MysqlInventime"=3 (0x3)
    "iPod Service"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Soulseek-Test\\slsk.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\APPS\\Inventime\\my.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
    "C:\\Program Files\\AOL 9.0\\aol.exe"=
    "C:\\Program Files\\EA SPORTS\\FIFA 06\\FIFA06.exe"=
    "C:\\APPS\\skype\\phone\\Skype.exe"=
    "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
    "C:\\web\\EasyPHP1-7\\apache\\apache.exe"=
    "C:\\Program Files\\EA SPORTS\\FIFA 08\\FIFA08.exe"=
    "C:\\Program Files\\mIRC\\mirc.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
    "C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
    "C:\\Program Files\\Valve\\Steam\\Steam.exe"=
    "C:\\Program Files\\Valve\\Steam\\SteamApps\\juliusss118\\team fortress classic\\hl.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\APPS\\Powercinema\\PowerCinema.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8000:TCP"= 8000:TCP:*:D isabled:lol
    "8000:UDP"= 8000:UDP:*:D isabled:lol2
    "800:TCP"= 800:TCP:gnu
    "14464:TCP"= 14464:TCP:BitComet 14464 TCP
    "14464:UDP"= 14464:UDP:BitComet 14464 UDP

    R1 sdpiosys;sdpiosys;C:\WINDOWS\system32\drivers\sdpiosys.sys [2004-11-30 11:10]
    R2 Tenable Nessus;Tenable Nessus;"C:\Program Files\Tenable\Nessus\nessusd.exe" [2007-03-12 11:02]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 11:51]
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
    R3 ovt530;Webcam Deluxe;C:\WINDOWS\system32\Drivers\ov530vid.sys [2005-03-15 16:04]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    S2 gafwload;GlobeSpan Usb ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-09-10 08:56]
    S2 LDRVREYT;LDRVREYT;C:\WINDOWS\system32\ldrvreyt.eeq []
    S3 MA_CMIDI;%EVOL_USB.SvcDesc%;C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 12:44]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-05-12 20:53]

    *Newly Created Service* - IPOD_SERVICE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\honqf]
    C:\WINDOWS\system32\honqf.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-03 18:58:39
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MsnMsgr = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background??s

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-03 18:59:03
    ComboFix-quarantined-files.txt 2008-03-03 17:59:02
    ComboFix2.txt 2008-03-03 15:18:05
    .
    2008-03-01 00:24:04 --- E O F ---
    3 Mars 2008 19:18:53

    et voila celui de HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:17:49, on 03/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\DeltTray.exe
    C:\Program Files\Tenable\Nessus\nessusd.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Documents and Settings\gougoule\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/fr.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Data Secure] C:\APPS\DATASEC\PBBckupUI.exe /HIDDEN
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9444 bytes
    3 Mars 2008 23:44:13

    voila la suite :D 



    AntiVir PersonalEdition Classic
    Report file date: lundi 3 mars 2008 20:56

    Scanning for 1131710 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: 1046025903176

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:56:13
    ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 19:56:14
    ANTIVIR3.VDF : 7.0.2.225 154112 Bytes 03/03/2008 19:56:14
    AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 03/03/2008 19:56:14
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 03/03/2008 19:56:14
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 3 mars 2008 20:56

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'nessusd.exe' - '1' Module(s) have been scanned
    Scan process 'delttray.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'dslagent.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'MA_CMIDI_Inst.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'HidService.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '32' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\100257\bulk_exe.html
    [DETECTION] Contains detection pattern of the dial-up program DIAL/3110
    [INFO] The file was moved to '48385886.qua'!
    C:\Program Files\eMule\Incoming\ableton live 7 serial keygen(1).rar
    [0] Archive type: RAR
    --> setup.exe
    [DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
    [INFO] The file was moved to '48385d25.qua'!
    C:\Program Files\eMule\Incoming\ableton live 7 serial keygen(2).rar
    [0] Archive type: RAR
    --> setup.exe
    [DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
    [INFO] The file was moved to '49f8ac5e.qua'!
    C:\Program Files\eMule\Incoming\camfrog 3.94 + patch.[sharethefiles.com].rar
    [0] Archive type: RAR
    --> camfrog 3.94 + patch\camfrog.video.chat.3.9x-patch-[maxtreme].exe
    [DETECTION] Is the Trojan horse TR/Agent.57874
    [INFO] The file was moved to '48395d8f.qua'!
    C:\Program Files\eMule\Incoming\camfrog 3.94 + patch.[sharethefiles.com]\camfrog 3.94 + patch\camfrog.video.chat.3.9x-patch-[maxtreme].exe
    [DETECTION] Is the Trojan horse TR/Agent.57874
    [INFO] The file was moved to '48395f17.qua'!
    C:\Program Files\SpyShredder\SpyShredder.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.DrAntispy.AY
    [INFO] The file was moved to '484563ac.qua'!
    C:\Program Files\SpyShredder\SpyShredder1.dll
    [DETECTION] Is the Trojan horse TR/Agent.121856.D
    [INFO] The file was moved to '49fa885d.qua'!
    C:\QooBox\Quarantine\catchme2008-03-03_161315.14.zip
    [0] Archive type: ZIP
    --> msiexec.exe
    [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FK
    [INFO] The file was moved to '484064d8.qua'!
    C:\QooBox\Quarantine\C\Program Files\Router\UnInstall.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.Delf.dlk
    [INFO] The file was moved to '481564e5.qua'!
    C:\QooBox\Quarantine\C\Program Files\Temporary\InsiDERInst.exe.vir
    [DETECTION] Is the Trojan horse TR/Agent.fow
    [INFO] The file was moved to '483f64e5.qua'!
    C:\QooBox\Quarantine\C\Program Files\WebMediaPlayer\uninst.exe.vir
    [DETECTION] Contains detection pattern of the dropper DR/NaviPromo.CE.17
    [INFO] The file was moved to '483564e6.qua'!
    C:\QooBox\Quarantine\D\Documents and Settings\gougoule\Mes documents\SMBOLS~1\msiexec.exe.vir
    [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FK
    [INFO] The file was moved to '483564ec.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0105358.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
    [INFO] The file was moved to '47fd64e6.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0105361.exe
    [DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
    [INFO] The file was moved to '47fd64e7.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP450\A0115887.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Delf.dlk
    [INFO] The file was moved to '47fd6519.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP450\A0115888.exe
    [DETECTION] Is the Trojan horse TR/Agent.fow
    [INFO] The file was moved to '47fd651a.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP450\A0115890.exe
    [DETECTION] Contains detection pattern of the dropper DR/NaviPromo.CE.17
    [INFO] The file was moved to '463d9463.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116114.exe
    [DETECTION] Is the Trojan horse TR/Agent.57874
    [INFO] The file was moved to '47fd651e.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116115.exe
    [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.DrAntispy.AY
    [INFO] The file was moved to '463d9467.qua'!
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116116.dll
    [DETECTION] Is the Trojan horse TR/Agent.121856.D
    [INFO] The file was moved to '47fd651f.qua'!
    C:\WINDOWS\system32\intr32.dll
    [DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
    [INFO] The file was moved to '48406798.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <DATA>
    D:\Avenger\msiexec.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Purity.FK.2
    [INFO] The file was moved to '4835694d.qua'!
    D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC100.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '4835732c.qua'!
    D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC117.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '49f78fa5.qua'!
    D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC118.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '4835732d.qua'!
    D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLageraq.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '483a732c.qua'!
    D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '48467325.qua'!
    D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '49848fae.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22.zip
    [0] Archive type: ZIP
    --> sub7.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Sub7-220.Cli-1.
    --> EditServer.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Sub7-220.EdS.
    --> plugins/icqpwsteal.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.15 Backdoor server programs
    --> plugins/matrix.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.14 Backdoor server programs
    --> plugins/recmic.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Subseven.2.2.plugin Backdoor server programs
    --> plugins/s7advanced.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Subseven.22.A.2 Backdoor server programs
    --> plugins/s7capture.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.03 Backdoor server programs
    --> plugins/s7fun1.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.05 Backdoor server programs
    --> plugins/s7fun2.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.06 Backdoor server programs
    --> plugins/s7keys.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.07 Backdoor server programs
    --> plugins/s7moreinfo.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.08 Backdoor server programs
    --> plugins/s7passwords.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.09 Backdoor server programs
    --> plugins/s7scanner.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.10 Backdoor server programs
    --> plugins/s7sniffer.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.12 Backdoor server programs
    --> plugins/s7takeover.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.11 Backdoor server programs
    --> sin.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.01 Backdoor server programs
    --> server.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-220.Srv Backdoor server programs
    [INFO] The file was moved to '47fe74d8.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\EditServer.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Sub7-220.EdS.
    [INFO] BDC/Sub7-220.EdS:[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components//obvt]
    [INFO] The file was moved to '483577e9.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\server.exe
    [DETECTION] Is the Trojan horse TR/Drop.Jun.c.1.1.A
    [INFO] The file was moved to '483e77ea.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\sin.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.01 Backdoor server programs
    [INFO] The file was moved to '483a77ef.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\sub7.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Sub7-220.Cli-1.
    [INFO] BDC/Sub7-220.Cli-1:[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components//obvt]
    [INFO] The file was moved to '482e77fb.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\icqpwsteal.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.15 Backdoor server programs
    [INFO] The file was moved to '483d77ea.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\matrix.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.14 Backdoor server programs
    [INFO] The file was moved to '484077e8.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\recmic.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Subseven.2.2.plugin Backdoor server programs
    [INFO] The file was moved to '482f77ec.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7advanced.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.02 Backdoor server programs
    [INFO] The file was moved to '482d77be.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7capture.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.03 Backdoor server programs
    [INFO] The file was moved to '482f77bf.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7fun1.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.05 Backdoor server programs
    [INFO] The file was moved to '483277bf.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7fun2.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.06 Backdoor server programs
    [INFO] The file was moved to '49f08b48.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7keys.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.07 Backdoor server programs
    [INFO] The file was moved to '483777bf.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7moreinfo.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.08 Backdoor server programs
    [INFO] The file was moved to '483977c0.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7passwords.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.09 Backdoor server programs
    [INFO] The file was moved to '483c77c0.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7scanner.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.10 Backdoor server programs
    [INFO] The file was moved to '483f77c0.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7sniffer.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.12 Backdoor server programs
    [INFO] The file was moved to '49fd8b49.qua'!
    D:\Documents and Settings\gougoule\Bureau\ss22\plugins\s7takeover.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.11 Backdoor server programs
    [INFO] The file was moved to '484077c1.qua'!
    D:\Nouveau dossier\k\presets\acidPRO\Acid Pro 4.0 keygenerator.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '48357cc0.qua'!
    D:\Nouveau dossier\k\presets\acidPRO\ACID Pro 4.0\Acid keygen.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '48357cc2.qua'!
    D:\RECYCLER\S-1-5-21-124821009-2744496062-1036201687-1006\Dd13.exe
    [DETECTION] Contains detection pattern of the dropper DR/NewDotNet.A.1159
    [INFO] The file was moved to '47fd7d55.qua'!
    D:\RECYCLER\S-1-5-21-124821009-2744496062-1036201687-1006\Dd20.exe
    [DETECTION] Contains detection pattern of the dropper DR/NewDotNet.A.1159
    [INFO] The file was moved to '47fe7d55.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP393\A0095903.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '47fc7d3b.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP395\A0095996.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '47fc7d3d.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP430\A0101107.exe
    [DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpywareSecure.A
    [INFO] The file was moved to '47fd7d50.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0106512.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
    [INFO] The file was moved to '47fd7d57.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP434\A0106513.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
    [INFO] The file was moved to '463d8c20.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0109804.exe
    [DETECTION] Is the Trojan horse TR/Drop.Jun.c.1.1.A
    [INFO] The file was moved to '47fd7d5c.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP435\A0109832.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '47fd7d5d.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP439\A0114236.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [INFO] The file was moved to '47fd7d64.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116118.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Purity.FK.2
    [INFO] The file was moved to '47fd7d69.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116119.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Sub7-220.EdS.
    [INFO] BDC/Sub7-220.EdS:[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components//obvt]
    [INFO] The file was moved to '463d8c12.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116120.exe
    [DETECTION] Is the Trojan horse TR/Drop.Jun.c.1.1.A
    [INFO] The file was moved to '47fd7d6b.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116121.exe
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.01 Backdoor server programs
    [INFO] The file was moved to '463d8c14.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116122.exe
    [DETECTION] Contains detection pattern of the backdoor control software BDC/Sub7-220.Cli-1.
    [INFO] BDC/Sub7-220.Cli-1:[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components//obvt]
    [INFO] The file was moved to '47fd7d6a.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116123.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.15 Backdoor server programs
    [INFO] The file was moved to '463d8c13.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116124.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.14 Backdoor server programs
    [INFO] The file was moved to '47fd7d6c.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116125.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Subseven.2.2.plugin Backdoor server programs
    [INFO] The file was moved to '47fd7d6d.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116126.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.02 Backdoor server programs
    [INFO] The file was moved to '463d8c16.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116127.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.03 Backdoor server programs
    [INFO] The file was moved to '47fd7d6f.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116128.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.05 Backdoor server programs
    [INFO] The file was moved to '463d8c15.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116129.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.06 Backdoor server programs
    [INFO] The file was moved to '47fd7d6e.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116130.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.07 Backdoor server programs
    [INFO] The file was moved to '463d8c17.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116131.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.08 Backdoor server programs
    [INFO] The file was moved to '47fd7d60.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116132.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.09 Backdoor server programs
    [INFO] The file was moved to '463d8c08.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116133.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.10 Backdoor server programs
    [INFO] The file was moved to '47fd7d71.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116134.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.12 Backdoor server programs
    [INFO] The file was moved to '463d8c0a.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116135.dll
    [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Sub7-22.A.11 Backdoor server programs
    [INFO] The file was moved to '47fd7d73.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116136.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '463d8c19.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116137.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '47fd7d62.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116138.exe
    [DETECTION] Contains detection pattern of the dropper DR/NewDotNet.A.1159
    [INFO] The file was moved to '463d8c1b.qua'!
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP452\A0116139.exe
    [DETECTION] Contains detection pattern of the dropper DR/NewDotNet.A.1159
    [INFO] The file was moved to '463d8c1d.qua'!


    End of the scan: lundi 3 mars 2008 23:36
    Used time: 2:39:24 min

    The scan has been done completely.

    22599 Scanning directories
    824479 Files were scanned
    90 viruses and/or unwanted programs were found
    6 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    80 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    824389 Files not concerned
    11465 Archives were scanned
    3 Warnings
    251 Notes

    a b 8 Sécurité
    4 Mars 2008 12:53:00

    Reposte un rapport Hijackthis.
    4 Mars 2008 19:24:35

    salut , pardon pour le retard et surtout merci pour tout ça

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:23:24, on 04/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\DeltTray.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Tenable\Nessus\nessusd.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    D:\Documents and Settings\gougoule\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/fr.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Data Secure] C:\APPS\DATASEC\PBBckupUI.exe /HIDDEN
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9923 bytes
    a b 8 Sécurité
    4 Mars 2008 20:26:34

    Re,

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)


  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    10 Mars 2008 06:04:18

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, March 10, 2008 6:02:56 AM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 9/03/2008
    Enregistrements dans la base antivirus Kaspersky : 561467
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    D:\
    E:\
    G:\
    H:\
    I:\
    J:\
    Z:\

    Statistiques de l'analyse:
    Total d'objets analysés: 371820
    Nombre de virus trouvés: 2
    Nombre d'objets infectés: 3 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 04:10:52

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db L'objet est verrouillé ignoré
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal L'objet est verrouillé ignoré
    C:\Program Files\Tenable\Nessus\logs\server.log L'objet est verrouillé ignoré
    C:\Program Files\Tenable\Nessus\services\services.db L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\tracking.log L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP437\A0112165.exe Infecté : Trojan.Win32.Agent.ggq ignoré
    C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP457\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\511a0f3f9e960fa97de3d0b74adfc574_9025b665-b3e7-4543-8362-faf83dbe9f0c L'objet est verrouillé ignoré
    D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ced52c69a23dc04d81c61daa0eb00525_9025b665-b3e7-4543-8362-faf83dbe9f0c L'objet est verrouillé ignoré
    D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Bureau\ss22\cgi\setup.cgi Infecté : Backdoor.Win32.SubSeven.22.a ignoré
    D:\Documents and Settings\gougoule\Bureau\ss22\cgi\subseven.cgi Infecté : Backdoor.Win32.SubSeven.22.a ignoré
    D:\Documents and Settings\gougoule\Cookies\index.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Messenger\julienk57500@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Messenger\julienk57500@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Messenger\julienk57500@hotmail.fr\SharingMetadata\Working\database_9A0C_AFF7_CAF_CC97\dfsr.db L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Messenger\julienk57500@hotmail.fr\SharingMetadata\Working\database_9A0C_AFF7_CAF_CC97\fsr.log L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Messenger\julienk57500@hotmail.fr\SharingMetadata\Working\database_9A0C_AFF7_CAF_CC97\fsrtmp.log L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Messenger\julienk57500@hotmail.fr\SharingMetadata\Working\database_9A0C_AFF7_CAF_CC97\tmp.edb L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Application Data\Microsoft\Windows Live Contacts\julienK57500@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\temp\~DF73DC.tmp L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\temp\~DF7906.tmp L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\ntuser.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\gougoule\ntuser.dat.LOG L'objet est verrouillé ignoré
    D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    D:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    D:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    D:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré
    D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP457\change.log L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    10 Mars 2008 13:42:46

    Re,

    Supprime ces fichiers :
    D:\Documents and Settings\gougoule\Bureau\ss22\cgi\setup.cgi
    D:\Documents and Settings\gougoule\Bureau\ss22\cgi\subseven.cgi
    10 Mars 2008 15:36:33

    Salut , j'ai supprimer ces 2 fichiers

    je vien de refaire un hijackThis j'en profite pour poster le log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:33:51, on 10/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Tenable\Nessus\nessusd.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dslagent.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\DeltTray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\wuauclt.exe
    D:\Documents and Settings\gougoule\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/APPS/IE/offline/fr.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\Program Files\BitDownload\TorrentManager.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Data Secure] C:\APPS\DATASEC\PBBckupUI.exe /HIDDEN
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.servicesalacarte.wanadoo.fr/activex...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9657 bytes
    a b 8 Sécurité
    10 Mars 2008 18:18:42

    Tu as encore des soucis ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS