Se connecter / S'enregistrer
Votre question

[Résolu] Mon PC se comporte bizarement

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Février 2008 12:35:36

Voila depuis deux trois jours mon PC ne me permet plus de lancer le gestionnaire de tâche ou les invites commandes. A chaque démarage il m'affiche un probléme de "b.exe" et il lance tout un tas d'application non demandé comme internet explorer ou imagesready.

Je vous poste le log de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:35, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\fswsclds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 68.178.211.86 wrhax.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/Da...{896A23A1-5821-4609-A6C6-6D5536C585C9}
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar....
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher....
O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 81.253.149.10
O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
O21 - SSODL: printers - {929F8212-016C-41F2-B3CE-9D7DA12A2A31} - libcintle2.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9946 bytes

Voila en éspérant que vous pourrez m'aider.

Autres pages sur : resolu comporte bizarement

a b 8 Sécurité
5 Février 2008 12:46:36

Un bonjour ?

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    5 Février 2008 13:16:06

    Voici le resultat de VundoFix:


    VundoFix V6.5.1

    Checking Java version...

    Scan started at 15:23:41 26/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awvtq.dll
    C:\WINDOWS\system32\qtvwa.bak1
    C:\WINDOWS\system32\qtvwa.bak2
    C:\WINDOWS\system32\qtvwa.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awvtq.dll
    C:\WINDOWS\system32\awvtq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qtvwa.bak1
    C:\WINDOWS\system32\qtvwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qtvwa.bak2
    C:\WINDOWS\system32\qtvwa.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qtvwa.ini
    C:\WINDOWS\system32\qtvwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.1

    Checking Java version...

    Scan started at 15:57:06 26/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\ehkmp.bak1
    C:\WINDOWS\system32\ehkmp.ini
    C:\WINDOWS\system32\pmkhe.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ehkmp.bak1
    C:\WINDOWS\system32\ehkmp.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ehkmp.ini
    C:\WINDOWS\system32\ehkmp.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmkhe.dll
    C:\WINDOWS\system32\pmkhe.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.1

    Checking Java version...

    Scan started at 18:06:13 26/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\nqtwa.bak1
    C:\WINDOWS\system32\nqtwa.ini

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\awtqn.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\nqtwa.bak1
    C:\WINDOWS\system32\nqtwa.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nqtwa.ini
    C:\WINDOWS\system32\nqtwa.ini Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqn.dll
    C:\WINDOWS\system32\awtqn.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.1

    Checking Java version...

    Scan started at 18:16:13 26/06/2007

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.7.7

    Checking Java version...

    Scan started at 12:49:17 05/02/2008

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...


    Et le nouveau rapport de hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:15:33, on 05/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\fswsclds.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\sstray.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 68.178.211.86 wrhax.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: svchost.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/Da...{896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 81.253.149.10
    O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
    O21 - SSODL: printers - {929F8212-016C-41F2-B3CE-9D7DA12A2A31} - libcintle2.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 9926 bytes



    Je suis terriblement désolé de mon manque de politesse, bien le bonjour Angeldark !
    Contenus similaires
    a b 8 Sécurité
    5 Février 2008 16:01:14

    On continue :) 

    [#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    5 Février 2008 21:57:46

    Il y a un probléme, combofix m'affiche un message d'erreur comme quoi le fichier C:\WINDOWS\System32\kmd.exe est introuvable, que dois je faire ?
    a b 8 Sécurité
    5 Février 2008 22:29:23

    C'est pas cmd ?
    6 Février 2008 12:33:28

    Non non il marque que windows n'as pas pu trouver "kmd.exe".
    a b 8 Sécurité
    6 Février 2008 13:29:44

    Tu as Kazaa d'installé ?
    6 Février 2008 14:40:12

    Non je n'ai pas ce logiciel d'instalé par contre j'ai emule ainsi que limewire.
    a b 8 Sécurité
    6 Février 2008 14:41:29

    Ok. Faudrait se calmer sur le P2P...

    Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

    Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
    - Exécute l'option R.
    -- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

    [#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
    Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

    Poste le rapport situé dans le dossier MSNFix.
    Le nom du rapport correspond au moment de sa création : date_heure.log
    6 Février 2008 14:49:19

    Impossible de lancer le fichier, tout comme l'invité de commande il me dit que le fichier est utilisé par une autre application.
    a b 8 Sécurité
    6 Février 2008 14:58:56

    Tu peux essayer en sans échec ?
    6 Février 2008 15:25:19

    Aprés un redemarage en mode sans echec j'ai pu lancer MSnfix qui a trouvé une infection, je l'ai fait suprimer et voici le rapport:


    MSNFix 1.654

    C:\Documents and Settings\Johann\Bureau\MSNFix
    Fix exécuté le 06/02/2008 - 15:19:33,35 By Johann
    mode sans échec

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\system32\tmp.txt
    ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
    ... C:\Documents and Settings\Johann\new.txt
    ... C:\WINDOWS\b???.exe
    ... C:\WINDOWS\system32\mcrh.tmp

    ************************ Recherche les dossiers présents

    ... C:\Install\
    ... C:\Temp\




    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\tmp.txt
    .. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
    .. OK ... C:\Documents and Settings\Johann\new.txt
    .. OK ... C:\WINDOWS\b???.exe
    .. OK ... C:\WINDOWS\system32\mcrh.tmp


    ************************ Suppression des dossiers

    /!\ ... C:\Install\
    /!\ ... C:\Temp\


    ************************ Nettoyage du registre



    ************************ Fichiers suspects

    Aucun Fichier trouvé


    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06022008_15202465.zip


    Information ...... Information ...... Information ......

    /!\ /!\ MSNFix n'est pas affilié a livekill CleanMessenger /!\ /!\

    Ce pseudo antivirus copie les bases de MSNFix pour se tenir a jour


    /!\ /!\ MSNFix is not affiliated with Livekill CleanMessenger /!\ /!\

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: http://changelog.fr
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    a b 8 Sécurité
    6 Février 2008 16:17:14

    Reposte un rapport Hijackthis.
    6 Février 2008 17:14:30

    Voila le rapport d'hijackthis:




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:13:39, on 06/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\fswsclds.exe
    C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\sstray.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 68.178.211.86 wrhax.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/Da...{896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 81.253.149.9 80.10.246.132
    O20 - AppInit_DLLs: c:\windows\system32\jkkjiji.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 9801 bytes







    J'ai de nouveau accés au gestionnaire de tâche.
    a b 8 Sécurité
    6 Février 2008 17:19:13

    Tu peux tenter Combofix ?
    6 Février 2008 17:31:32

    Combofix a marché voici le rapport:



    ComboFix 08-02.05.3 - Johann 2008-02-06 17:22:14.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.559 [GMT 1:00]
    Endroit: C:\Documents and Settings\Johann\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Florent\new.txt
    C:\Documents and Settings\Florent\ravmonlog
    C:\Documents and Settings\Jean-Marie\new.txt
    C:\Documents and Settings\Jean-Marie\ravmonlog
    C:\Documents and Settings\Johann\ravmonlog
    C:\WINDOWS\system32\nshA7C.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-06 13:58 . 2008-02-06 13:58 <REP> d-------- C:\Temp\WPDNSE
    2008-02-03 15:24 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
    2008-02-02 18:03 . 2004-01-30 12:13 27,888,581 --a------ C:\WINDOWS\RVS_1.0_1.53_FR.RTP
    2008-02-02 18:03 . 2003-11-04 13:30 49,152 --a------ C:\WINDOWS\Iniexpander.exe
    2008-02-02 18:03 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
    2008-02-02 18:03 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
    2008-02-02 17:58 . 2008-02-02 17:58 <REP> d-------- C:\Program Files\Ubi Soft
    2008-02-02 17:52 . 2008-02-03 15:21 <REP> d-------- C:\Program Files\Red Storm Entertainment
    2008-02-01 18:37 . 2008-02-01 18:43 <REP> d-------- C:\vcs5BGEffects
    2008-02-01 18:36 . 2008-02-01 20:18 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
    2008-01-31 18:40 . 2008-02-03 14:16 <REP> d-------- C:\Program Files\Feudalism_at
    2008-01-30 13:47 . 2008-01-30 13:47 <REP> d-------- C:\Program Files\FireFly Studios
    2008-01-26 15:47 . 2008-01-26 15:47 <REP> d-------- C:\Program Files\THQ
    2008-01-23 16:32 . 2008-01-23 16:40 <REP> d-------- C:\Documents and Settings\Johann\Application Data\mIRC
    2008-01-19 23:58 . 2008-02-06 15:37 <REP> d-------- C:\Program Files\S2SaTstrat
    2008-01-18 22:53 . 2008-01-18 22:53 330,489 --a------ C:\WINDOWS\Revolution Script _Source Uninstaller.exe
    2008-01-18 19:32 . 2008-01-18 19:32 <REP> d-------- C:\cstrike
    2008-01-18 19:32 . 2001-08-23 15:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
    2008-01-18 19:32 . 2008-01-18 19:32 86 --a------ C:\WINDOWS\INpact_CSS_Hud_tweaker.INI
    2008-01-17 20:24 . 2008-01-17 20:24 <REP> d-------- C:\Documents and Settings\Florence\Application Data\teamspeak2
    2008-01-16 12:48 . 2008-01-16 12:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-01-16 12:39 . 2008-01-16 12:39 <REP> d-------- C:\Program Files\AxBx
    2008-01-15 12:39 . 2008-01-15 12:39 <REP> d-------- C:\Program Files\CCleaner
    2008-01-11 15:44 . 2008-01-11 15:46 <REP> d-------- C:\Program Files\eMule
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsxA75.tmp
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nshA76.tmp
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsdA78.tmp
    2008-01-11 14:18 . 2008-01-11 14:25 <REP> d-------- C:\Temp\nsqA78.tmp
    2008-01-11 14:03 . 2008-01-11 14:03 <REP> d-------- C:\Temp\isp94E.tmp
    2008-01-10 21:28 . 2008-01-10 21:28 307,200 --a------ C:\Temp\swt-win32-3346.dll
    2008-01-10 21:28 . 2008-01-10 21:28 32,768 --a------ C:\Temp\swt-awt-win32-3346.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-06 16:12 --------- d-----w C:\Program Files\Wanadoo
    2008-02-06 16:12 --------- d-----w C:\Program Files\Steam
    2008-02-06 14:37 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-02-03 14:28 --------- d-----w C:\Program Files\Ubisoft
    2008-02-03 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-30 19:52 --------- d-----w C:\Documents and Settings\Johann\Application Data\LimeWire
    2008-01-27 19:10 --------- d-----w C:\Documents and Settings\Florent\Application Data\LimeWire
    2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\LimeWire
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Johann\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florent\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florence\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-17 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-15 11:30 --------- d-----w C:\Program Files\EA GAMES
    2008-01-02 14:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-02 12:38 --------- d-----w C:\Program Files\Google
    2007-12-27 10:06 --------- d-----w C:\Documents and Settings\Florent\Application Data\Media Player Classic
    2007-12-19 18:37 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-12-19 18:20 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-12-19 17:45 --------- d-----w C:\Documents and Settings\Johann\Application Data\Media Player Classic
    2007-12-19 17:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-12-19 17:08 --------- d-----w C:\Documents and Settings\Johann\Application Data\Ahead
    2007-12-08 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-27 21:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-17 17:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-17 11:48 82,640 ----a-w C:\Documents and Settings\Johann\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-14 12:31 82,640 ----a-w C:\Documents and Settings\Florence\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-14 12:14 82,640 ----a-w C:\Documents and Settings\Jean-Marie\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-09 16:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 20:05 68856]
    "Steam"="c:\program files\steam\steam.exe" [2007-11-30 19:08 1266936]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 13:00 185896]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 10:15 861184]
    "NWEReboot"="" []
    "nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
    "MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 15:47 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
    "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 17:34 135168]
    "LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-10-09 17:07 818688]
    "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:54 160768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

    C:\Documents and Settings\Johann\Menu D‚marrer\Programmes\D‚marrage\
    ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-02-03 15:28:53 28672]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 15:06:34 113664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\jkkjiji.dll

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
    R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2006-01-12 11:56]
    R2 BackWeb Client - 174112;Securitoo AntiVirus;C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE [2007-08-25 16:53]
    R2 F-Secure AVP;F-Secure AVP;C:\Program Files\F-Secure\Anti-Virus\fsavp.sys [2001-05-25 09:44]
    R2 F-Secure F-PROT;F-Secure F-PROT;C:\Program Files\F-Secure\Anti-Virus\fsfp.sys [2007-08-26 07:24]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Common\FSfilter.sys [2001-06-28 02:05]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Common\FSgk.sys [2001-06-28 02:05]
    R2 F-Secure Orion;F-Secure Orion;C:\Program Files\F-Secure\Anti-Virus\fsorion.sys [2007-08-26 07:24]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Common\FSrec.sys [2001-06-28 02:05]
    R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-01-24 17:55]
    R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure\fswsclds.exe [2007-08-26 07:26]
    R2 HPFECP16;HPFECP16;C:\WINDOWS\system32\drivers\HPFECP16.SYS [1998-08-18 13:03]
    S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662b8998-93f0-11db-8a68-0090d0b39625}]
    \Shell\AutoRun\command - G:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-06 15:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-06 17:25:03
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-06 17:27:02
    ComboFix-quarantined-files.txt 2008-02-06 16:26:54
    ComboFix2.txt 2007-06-28 13:21:15
    ComboFix3.txt 2007-06-26 19:56:34
    ComboFix4.txt 2007-06-26 19:15:08
    .
    2008-01-13 17:14:39 --- E O F ---




    On touche au but non ?
    a b 8 Sécurité
    6 Février 2008 17:37:21

    Re,

    [#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\Iniexpander.exe
    C:\Temp\nsxA75.tmp
    C:\Temp\nshA76.tmp
    C:\Temp\nsdA78.tmp
    C:\Temp\nsqA78.tmp
    C:\Temp\isp94E.tmp
    c:\windows\system32\jkkjiji.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    6 Février 2008 18:14:12

    Excuse moi j'ai oublié d'enlever les protections. :whistle: 
    6 Février 2008 18:23:36

    Voilà le rapport combofix:





    ComboFix 08-02.05.3 - Johann 2008-02-06 18:19:23.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.597 [GMT 1:00]
    Endroit: C:\Documents and Settings\Johann\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Johann\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\Temp\isp94E.tmp
    C:\Temp\nsdA78.tmp
    C:\Temp\nshA76.tmp
    C:\Temp\nsqA78.tmp
    C:\Temp\nsxA75.tmp
    C:\WINDOWS\Iniexpander.exe
    c:\windows\system32\jkkjiji.dll
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-06 18:18 . 2008-02-06 18:20 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
    2008-02-06 18:06 . 2004-08-03 23:54 400,896 --a------ C:\kmd.exe
    2008-02-06 13:58 . 2008-02-06 13:58 <REP> d-------- C:\Temp\WPDNSE
    2008-02-03 15:24 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
    2008-02-02 18:03 . 2004-01-30 12:13 27,888,581 --a------ C:\WINDOWS\RVS_1.0_1.53_FR.RTP
    2008-02-02 18:03 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
    2008-02-02 18:03 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
    2008-02-02 17:58 . 2008-02-02 17:58 <REP> d-------- C:\Program Files\Ubi Soft
    2008-02-02 17:52 . 2008-02-03 15:21 <REP> d-------- C:\Program Files\Red Storm Entertainment
    2008-02-01 18:37 . 2008-02-01 18:43 <REP> d-------- C:\vcs5BGEffects
    2008-02-01 18:36 . 2008-02-01 20:18 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
    2008-01-31 18:40 . 2008-02-03 14:16 <REP> d-------- C:\Program Files\Feudalism_at
    2008-01-30 13:47 . 2008-01-30 13:47 <REP> d-------- C:\Program Files\FireFly Studios
    2008-01-26 15:47 . 2008-01-26 15:47 <REP> d-------- C:\Program Files\THQ
    2008-01-23 16:32 . 2008-01-23 16:40 <REP> d-------- C:\Documents and Settings\Johann\Application Data\mIRC
    2008-01-19 23:58 . 2008-02-06 15:37 <REP> d-------- C:\Program Files\S2SaTstrat
    2008-01-18 22:53 . 2008-01-18 22:53 330,489 --a------ C:\WINDOWS\Revolution Script _Source Uninstaller.exe
    2008-01-18 19:32 . 2008-01-18 19:32 <REP> d-------- C:\cstrike
    2008-01-18 19:32 . 2001-08-23 15:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
    2008-01-18 19:32 . 2008-01-18 19:32 86 --a------ C:\WINDOWS\INpact_CSS_Hud_tweaker.INI
    2008-01-17 20:24 . 2008-01-17 20:24 <REP> d-------- C:\Documents and Settings\Florence\Application Data\teamspeak2
    2008-01-16 12:48 . 2008-01-16 12:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-01-16 12:39 . 2008-01-16 12:39 <REP> d-------- C:\Program Files\AxBx
    2008-01-15 12:39 . 2008-01-15 12:39 <REP> d-------- C:\Program Files\CCleaner
    2008-01-11 15:44 . 2008-01-11 15:46 <REP> d-------- C:\Program Files\eMule
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsxA75.tmp
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nshA76.tmp
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsdA78.tmp
    2008-01-11 14:18 . 2008-01-11 14:25 <REP> d-------- C:\Temp\nsqA78.tmp
    2008-01-11 14:03 . 2008-01-11 14:03 <REP> d-------- C:\Temp\isp94E.tmp
    2008-01-10 21:28 . 2008-01-10 21:28 307,200 --a------ C:\Temp\swt-win32-3346.dll
    2008-01-10 21:28 . 2008-01-10 21:28 32,768 --a------ C:\Temp\swt-awt-win32-3346.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-06 17:12 --------- d-----w C:\Program Files\Wanadoo
    2008-02-06 16:12 --------- d-----w C:\Program Files\Steam
    2008-02-06 14:37 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-02-03 14:28 --------- d-----w C:\Program Files\Ubisoft
    2008-02-03 14:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-30 19:52 --------- d-----w C:\Documents and Settings\Johann\Application Data\LimeWire
    2008-01-27 19:10 --------- d-----w C:\Documents and Settings\Florent\Application Data\LimeWire
    2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\LimeWire
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Johann\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florent\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florence\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-17 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-15 11:30 --------- d-----w C:\Program Files\EA GAMES
    2008-01-02 14:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-02 12:38 --------- d-----w C:\Program Files\Google
    2007-12-27 10:06 --------- d-----w C:\Documents and Settings\Florent\Application Data\Media Player Classic
    2007-12-19 18:37 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-12-19 18:20 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-12-19 17:45 --------- d-----w C:\Documents and Settings\Johann\Application Data\Media Player Classic
    2007-12-19 17:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-12-19 17:08 --------- d-----w C:\Documents and Settings\Johann\Application Data\Ahead
    2007-12-08 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-27 21:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-17 17:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-17 11:48 82,640 ----a-w C:\Documents and Settings\Johann\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-14 12:31 82,640 ----a-w C:\Documents and Settings\Florence\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-14 12:14 82,640 ----a-w C:\Documents and Settings\Jean-Marie\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-09 16:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 20:05 68856]
    "Steam"="c:\program files\steam\steam.exe" [2007-11-30 19:08 1266936]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 13:00 185896]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 10:15 861184]
    "NWEReboot"="" []
    "nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
    "MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 15:47 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
    "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 17:34 135168]
    "LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-10-09 17:07 818688]
    "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 23:54 160768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

    C:\Documents and Settings\Johann\Menu D‚marrer\Programmes\D‚marrage\
    ubisoft register.lnk - C:\Program Files\Ubisoft\Register\schedule.exe [2008-02-03 15:28:53 28672]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 15:06:34 113664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
    R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2006-01-12 11:56]
    R2 BackWeb Client - 174112;Securitoo AntiVirus;C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE [2007-08-25 16:53]
    R2 F-Secure AVP;F-Secure AVP;C:\Program Files\F-Secure\Anti-Virus\fsavp.sys [2001-05-25 09:44]
    R2 F-Secure F-PROT;F-Secure F-PROT;C:\Program Files\F-Secure\Anti-Virus\fsfp.sys [2007-08-26 07:24]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Common\FSfilter.sys [2001-06-28 02:05]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Common\FSgk.sys [2001-06-28 02:05]
    R2 F-Secure Orion;F-Secure Orion;C:\Program Files\F-Secure\Anti-Virus\fsorion.sys [2007-08-26 07:24]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Common\FSrec.sys [2001-06-28 02:05]
    R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-01-24 17:55]
    R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure\fswsclds.exe [2007-08-26 07:26]
    R2 HPFECP16;HPFECP16;C:\WINDOWS\system32\drivers\HPFECP16.SYS [1998-08-18 13:03]
    S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{662b8998-93f0-11db-8a68-0090d0b39625}]
    \Shell\AutoRun\command - G:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-06 15:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-06 18:20:19
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-06 18:20:50
    ComboFix-quarantined-files.txt 2008-02-06 17:20:40
    ComboFix2.txt 2008-02-06 17:12:11
    ComboFix3.txt 2008-02-06 16:27:03
    ComboFix4.txt 2007-06-28 13:21:15
    ComboFix5.txt 2007-06-26 19:56:34
    .
    2008-01-13 17:14:39 --- E O F ---






    Et le rapport hijackthis:





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:21:46, on 06/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\fswsclds.exe
    C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\sstray.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.mi
    a b 8 Sécurité
    6 Février 2008 18:28:06

    Recommence avec le script suivant :

    File::
    C:\WINDOWS\PSEXESVC.EXE
    C:\kmd.exe
    C:\Temp\nsxA75.tmp
    C:\Temp\nshA76.tmp
    C:\Temp\nsdA78.tmp
    C:\Temp\nsqA78.tmp
    C:\Temp\isp94E.tmp
    11 Février 2008 17:48:30

    Désolé d ema longue absence mais voici les deux rapports que tu m'a demandé:


    ComboFix 08-02.05.3 - Johann 2008-02-11 14:38:37.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.608 [GMT 1:00]
    Endroit: C:\Documents and Settings\Johann\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Johann\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE
    C:\kmd.exe
    C:\Temp\isp94E.tmp
    C:\Temp\nsdA78.tmp
    C:\Temp\nshA76.tmp
    C:\Temp\nsqA78.tmp
    C:\Temp\nsxA75.tmp
    C:\WINDOWS\PSEXESVC.EXE
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\kmd.exe
    C:\WINDOWS\PSEXESVC.EXE

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 09:34 . 2008-02-11 09:34 <REP> d-------- C:\Temp\WPDNSE
    2008-02-09 12:12 . 2008-02-10 14:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-02-03 15:24 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
    2008-02-02 18:03 . 2004-01-30 12:13 27,888,581 --a------ C:\WINDOWS\RVS_1.0_1.53_FR.RTP
    2008-02-02 18:03 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
    2008-02-02 18:03 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
    2008-02-01 18:37 . 2008-02-01 18:43 <REP> d-------- C:\vcs5BGEffects
    2008-02-01 18:36 . 2008-02-01 20:18 <REP> d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
    2008-01-23 16:32 . 2008-01-23 16:40 <REP> d-------- C:\Documents and Settings\Johann\Application Data\mIRC
    2008-01-19 23:58 . 2008-02-06 15:37 <REP> d-------- C:\Program Files\S2SaTstrat
    2008-01-18 22:53 . 2008-01-18 22:53 330,489 --a------ C:\WINDOWS\Revolution Script _Source Uninstaller.exe
    2008-01-18 19:32 . 2008-01-18 19:32 <REP> d-------- C:\cstrike
    2008-01-18 19:32 . 2001-08-23 15:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
    2008-01-18 19:32 . 2008-01-18 19:32 86 --a------ C:\WINDOWS\INpact_CSS_Hud_tweaker.INI
    2008-01-17 20:24 . 2008-01-17 20:24 <REP> d-------- C:\Documents and Settings\Florence\Application Data\teamspeak2
    2008-01-16 12:48 . 2008-01-16 12:48 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-01-15 12:39 . 2008-01-15 12:39 <REP> d-------- C:\Program Files\CCleaner
    2008-01-11 15:44 . 2008-02-11 13:39 <REP> d-------- C:\Program Files\eMule
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsxA75.tmp
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nshA76.tmp
    2008-01-11 15:35 . 2008-01-11 15:35 <REP> d-------- C:\Temp\nsdA78.tmp
    2008-01-11 14:18 . 2008-01-11 14:25 <REP> d-------- C:\Temp\nsqA78.tmp
    2008-01-11 14:03 . 2008-01-11 14:03 <REP> d-------- C:\Temp\isp94E.tmp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-11 13:37 --------- d-----w C:\Program Files\Wanadoo
    2008-02-11 13:27 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-11 12:38 --------- d-----w C:\Program Files\Steam
    2008-02-09 15:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-09 11:15 --------- d-----w C:\Program Files\Google
    2008-02-06 14:37 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-01-30 19:52 --------- d-----w C:\Documents and Settings\Johann\Application Data\LimeWire
    2008-01-27 19:10 --------- d-----w C:\Documents and Settings\Florent\Application Data\LimeWire
    2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\LimeWire
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Johann\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Jean-Marie\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florent\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\Florence\Application Data\AVG7
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-18 18:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-17 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-02 14:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-27 10:06 --------- d-----w C:\Documents and Settings\Florent\Application Data\Media Player Classic
    2007-12-19 18:37 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
    2007-12-19 18:20 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
    2007-12-19 17:45 --------- d-----w C:\Documents and Settings\Johann\Application Data\Media Player Classic
    2007-12-19 17:44 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2007-12-19 17:08 --------- d-----w C:\Documents and Settings\Johann\Application Data\Ahead
    2007-11-27 21:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-17 17:24 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-10-17 11:48 82,640 ----a-w C:\Documents and Settings\Johann\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-14 12:31 82,640 ----a-w C:\Documents and Settings\Florence\Application Data\GDIPFONTCACHEV1.DAT
    2007-05-14 12:14 82,640 ----a-w C:\Documents and Settings\Jean-Marie\Application Data\GDIPFONTCACHEV1.DAT
    2006-11-09 16:15 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-02 20:05 68856]
    "Steam"="c:\program files\steam\steam.exe" [2007-11-30 19:08 1266936]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-25 13:00 185896]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 10:15 861184]
    "NWEReboot"="" []
    "nForce Tray Options"="sstray.exe" [2002-11-13 08:34 73728 C:\WINDOWS\system32\sstray.exe]
    "MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 15:47 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
    "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2002-07-22 17:34 135168]
    "LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-10-09 17:07 818688]
    "WooCnxMon"="C:\PROGRA~1\Wanadoo\CnxMon.exe" [2003-05-23 08:46 24576]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2003-05-23 08:46 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\TaskbarIcon.exe" [2003-05-23 08:46 53248]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-12 15:06:34 113664]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-09 12:12:03 125624]

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
    R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\si3112r.sys [2006-01-12 11:56]
    R2 BackWeb Client - 174112;Securitoo AntiVirus;C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE [2007-08-25 16:53]
    R2 F-Secure AVP;F-Secure AVP;C:\Program Files\F-Secure\Anti-Virus\fsavp.sys [2001-05-25 09:44]
    R2 F-Secure F-PROT;F-Secure F-PROT;C:\Program Files\F-Secure\Anti-Virus\fsfp.sys [2007-08-26 07:24]
    R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Common\FSfilter.sys [2001-06-28 02:05]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Common\FSgk.sys [2001-06-28 02:05]
    R2 F-Secure Orion;F-Secure Orion;C:\Program Files\F-Secure\Anti-Virus\fsorion.sys [2007-08-26 07:24]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Common\FSrec.sys [2001-06-28 02:05]
    R2 FSpm;F-Secure Policy Manager;C:\Program Files\F-Secure\Common\FSPM.SYS [2002-01-24 17:55]
    R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure\fswsclds.exe [2007-08-26 07:26]
    R2 HPFECP16;HPFECP16;C:\WINDOWS\system32\drivers\HPFECP16.SYS [1998-08-18 13:03]
    S4 Windows Firewall;Windows Firewall;C:\WINDOWS\system32\SVCH0ST.EXE []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-06 15:49:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-11 14:41:20
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-11 14:43:16
    ComboFix-quarantined-files.txt 2008-02-11 13:43:08
    ComboFix2.txt 2008-02-06 17:20:50
    ComboFix3.txt 2008-02-06 17:12:11
    ComboFix4.txt 2008-02-06 16:27:03
    ComboFix5.txt 2007-06-28 13:21:15
    .
    2008-01-13 17:14:39 --- E O F ---















    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:45:20, on 11/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\fswsclds.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\F-Secure\Common\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\sstray.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\SECURI~1\174112\Program\BACKWE~1.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Johann\Mes documents\jm.conchonnet\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 68.178.211.86 wrhax.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/DataServer/Pub/Da...{896A23A1-5821-4609-A6C6-6D5536C585C9}
    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar....
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher....
    O17 - HKLM\System\CCS\Services\Tcpip\..\{933D6120-03DB-416C-8BFF-3A53BCCC5890}: NameServer = 80.10.246.1 81.253.149.2
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 9839 bytes
    a b 8 Sécurité
    11 Février 2008 18:07:54

    Mieux ?
    11 Février 2008 18:21:31

    Oui j'ai vraiment l'impression que mon PC va mieux. J'ai d enouveau accées aux invite d eocmmande et au gestionnaire de tâche.

    Je te remercie de m'avoir aider et te remercie aussi pour ce magnifique post "preventions et protections" que tu as fait.

    Allez je t'invite à manger des crépes !
    a b 8 Sécurité
    11 Février 2008 18:59:19

    Tu as des questions ?
    11 Février 2008 19:39:30

    Je ne pense pas mais si j'en ai je n'hésiterais pas à te demander.
    a b 8 Sécurité
    11 Février 2008 20:10:44

    Ok ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS