Point de restauration virolé, dernière aide avant formatage

Bonjour, j'en viens à ce forum en dernier recours et j'espère bien y trouver une solution à mon problème qui commence à devenir très embettant.

Il y a deux jours j'ai été infecté par un virus qui a immédiatement supprimé (dumoins de ma vue, puisque je peux y accéder via le mode sans échec) la totalité de mes programmes et de mes dossiers. le virus a également empêché le CTRL + ALT + Suppr, et s'est surtout attaqué à ma Restauration du Système. En effet ayant attrapé ce virus, mon anti-virus venait de tomber en rade il y a un mois pour la petite histoire, j'ai tout de suite essayé la restauration du système et là je ne peux plus accéder au mois, aux jours précédent, je peux juste accéder à un point de restauration Last Known good configs 19:41:53. Sachant que j'ai attrappé mon virus à 19:35, j'imagine que le virus veut que j'essaye en boucle de restaurer ce point de restauration.

J'ai ensuite essayé de télécharger avast! puis de faire de multiples recherches via le mode sans échec et aux rédemarrages rien n'y fait malgré que j'ai environ déjà supprimé 30 Trojans et Malware en tout genre, et venir sur ce forum est ma dernière chance avant le reformatage total.

J'aimerais donc pouvoir retrouver mon ordinateur soit dans l'état Windows précédent (Restauration du système), soit du moins garder mes fichiers et programmes via quelques choses comme une réinstallation windows.

Merci de m'éclaircir au plus vite.
Lucas Lehericy

Salut Lucas.l


On va vérifier tous cela :

Télécharge Hijackthis V 2.02 sur le bureau :

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


- Double clique sur HJTInstall.exe sur le bureau

- Clique sur Install ensuite sur I Accept

- ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

- lancer HJT et clic sur Do a system scan and save a logfile

Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.


Dans ta prochaine réponse, faire un clic droit et coller.


Aide : http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)


@++

Tout d'abord je te remercie de ta réponse rapide, et je m'exuse du laps de temps que j'ai eu pour répondre dufait que je passais la tondeuse. Voici donc le rapport hijackthis.log qui s'est ouvert dans le bloc notes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:23, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: qalkfxor - {EA06F4CB-4B01-498C-B0C1-2414E5817D28} - C:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Efface Historique 2.1] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\VIE6C4.exe] C:\Windows\System32\VIE6C4.exe
O4 - HKLM\..\Run: [\VIE6C5.exe] C:\Windows\System32\VIE6C5.exe
O4 - HKLM\..\Run: [\VIE6C6.exe] C:\Windows\System32\VIE6C6.exe
O4 - HKLM\..\Run: [\VIE6C7.exe] C:\Windows\System32\VIE6C7.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIE550.exe] C:\Windows\System32\VIE550.exe
O4 - HKLM\..\Run: [\VIE551.exe] C:\Windows\System32\VIE551.exe
O4 - HKLM\..\Run: [\VIE552.exe] C:\Windows\System32\VIE552.exe
O4 - HKLM\..\Run: [\VIE553.exe] C:\Windows\System32\VIE553.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [0c1d1e95] rundll32.exe "C:\WINDOWS\system32\vvprjdfb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti(...)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/pc/resources/activex/Ephoto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: rlppte.dll mykpaz.dll tnurfe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11105 bytes


Merci d'avance pour la suite à la résolution de ce problème

Salut Lucas.l


Peux-tu faire le rapport en mode normal SVP

Rends toi dans le dossier C:\Program Files\Trend Micro\ HijackThis < == ce dossier

Faire un clique droit sur HijackThis.exe et le renommé en scan.exe


Refais un scan avec HijackThis modifié et poste le rapport


@++

Voila le rapport apparu à la suite de la manipulation que tu m'as dis de faire :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:14, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: QXK Olive - {3641FF3E-C5C4-4BEB-9FFB-DCB0A07C4649} - C:\WINDOWS\rodqgpvlrgq.dll (file missing)
O2 - BHO: {469983a8-e6ec-998b-a9e4-fc73cf76ceb3} - {3bec67fc-37cf-4e9a-b899-ce6e8a389964} - C:\WINDOWS\system32\tnurfe.dll
O2 - BHO: (no name) - {86B4C086-0758-4E94-8E93-1C01B34ACAD8} - C:\WINDOWS\system32\vtUmKbAS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FEEAD861-8455-42F3-8A7E-B7756084BB36} - C:\WINDOWS\system32\iiffEtuu.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: qalkfxor - {EA06F4CB-4B01-498C-B0C1-2414E5817D28} - C:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Efface Historique 2.1] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\VIE6C4.exe] C:\Windows\System32\VIE6C4.exe
O4 - HKLM\..\Run: [\VIE6C5.exe] C:\Windows\System32\VIE6C5.exe
O4 - HKLM\..\Run: [\VIE6C6.exe] C:\Windows\System32\VIE6C6.exe
O4 - HKLM\..\Run: [\VIE6C7.exe] C:\Windows\System32\VIE6C7.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIE550.exe] C:\Windows\System32\VIE550.exe
O4 - HKLM\..\Run: [\VIE551.exe] C:\Windows\System32\VIE551.exe
O4 - HKLM\..\Run: [\VIE552.exe] C:\Windows\System32\VIE552.exe
O4 - HKLM\..\Run: [\VIE553.exe] C:\Windows\System32\VIE553.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [0c1d1e95] rundll32.exe "C:\WINDOWS\system32\vvprjdfb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti(...)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/pc/resources/activex/Ephoto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: rlppte.dll mykpaz.dll tnurfe.dll
O20 - Winlogon Notify: iiffEtuu - iiffEtuu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 12166 bytes

Salut Lucas.l


Télécharge VundoFix.exe (par Atribune) sur ton bureau :

http://www.atribune.org/ccount/click.php?id=4


Double-clique sur VundoFix.exe afin de le lancer

--Clique sur le bouton Scan for Vundo
--Lorsque le scan est complété et que si une infection est détecté, clique sur le bouton Remove Vundo

--Une invite te demandera si tu veux supprimer les fichiers, clique YES
--Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

--Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
--Copie/colle le contenu du rapport situé dans C:\vundofix.txt.

Note : Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci haut, à partir de "clique sur le bouton Scan for Vundo"

Note2 : Si VundoFix ne détecte pas l’infection, il n’y auras pas de rapport.


------------


Télécharge VirtumundoBegone sur le bureau:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


Double clique sur VirtumundoBeGone.exe et suis les instructions.

Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse.

Note : Ne t'inquiète pas si tu vois un message Écran bleu "Erreur fatale", c'est normal et attendu.


Faire la procédure au complet et au final tu as deux rapports à poster avec un nouveau rapport HijackThis


@++

Alors tout d'abord VundoFix n'a rien trouvé, donc je n'ai pas eu de rapport venant de ce logiciel.

Ensuite voici le rapport VBG.txt :


[08/29/2008, 18:33:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe" )
[08/29/2008, 18:34:01] - Detected System Information:
[08/29/2008, 18:34:01] - Windows Version: 5.1.2600, Service Pack 2
[08/29/2008, 18:34:01] - Current Username: Administrateur (Admin)
[08/29/2008, 18:34:01] - Windows is in SAFE mode.
[08/29/2008, 18:34:01] - Searching for Browser Helper Objects:
[08/29/2008, 18:34:01] - BHO 1: {3641FF3E-C5C4-4BEB-9FFB-DCB0A07C4649} (QXK Olive)
[08/29/2008, 18:34:01] - BHO 2: {3bec67fc-37cf-4e9a-b899-ce6e8a389964} ()
[08/29/2008, 18:34:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2008, 18:34:01] - Checking for HKLM\...\Winlogon\Notify\tnurfe
[08/29/2008, 18:34:01] - Key not found: HKLM\...\Winlogon\Notify\tnurfe, continuing.
[08/29/2008, 18:34:01] - BHO 3: {86B4C086-0758-4E94-8E93-1C01B34ACAD8} ()
[08/29/2008, 18:34:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2008, 18:34:01] - Checking for HKLM\...\Winlogon\Notify\vtUmKbAS
[08/29/2008, 18:34:01] - Key not found: HKLM\...\Winlogon\Notify\vtUmKbAS, continuing.
[08/29/2008, 18:34:01] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/29/2008, 18:34:01] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/29/2008, 18:34:01] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/29/2008, 18:34:01] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/29/2008, 18:34:01] - BHO 8: {FEEAD861-8455-42F3-8A7E-B7756084BB36} ()
[08/29/2008, 18:34:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2008, 18:34:01] - Checking for HKLM\...\Winlogon\Notify\iiffEtuu
[08/29/2008, 18:34:01] - Found: HKLM\...\Winlogon\Notify\iiffEtuu - This is probably Virtumundo.
[08/29/2008, 18:34:01] - Assigning {FEEAD861-8455-42F3-8A7E-B7756084BB36} MSEvents Object
[08/29/2008, 18:34:02] - BHO list has been changed! Starting over...
[08/29/2008, 18:34:02] - BHO 1: {3641FF3E-C5C4-4BEB-9FFB-DCB0A07C4649} (QXK Olive)
[08/29/2008, 18:34:02] - BHO 2: {3bec67fc-37cf-4e9a-b899-ce6e8a389964} ()
[08/29/2008, 18:34:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2008, 18:34:02] - Checking for HKLM\...\Winlogon\Notify\tnurfe
[08/29/2008, 18:34:02] - Key not found: HKLM\...\Winlogon\Notify\tnurfe, continuing.
[08/29/2008, 18:34:02] - BHO 3: {86B4C086-0758-4E94-8E93-1C01B34ACAD8} ()
[08/29/2008, 18:34:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2008, 18:34:02] - Checking for HKLM\...\Winlogon\Notify\vtUmKbAS
[08/29/2008, 18:34:02] - Key not found: HKLM\...\Winlogon\Notify\vtUmKbAS, continuing.
[08/29/2008, 18:34:02] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/29/2008, 18:34:02] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/29/2008, 18:34:02] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/29/2008, 18:34:02] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/29/2008, 18:34:02] - BHO 8: {FEEAD861-8455-42F3-8A7E-B7756084BB36} (MSEvents Object)
[08/29/2008, 18:34:02] - ALERT: Found MSEvents Object!
[08/29/2008, 18:34:02] - Finished Searching Browser Helper Objects
[08/29/2008, 18:34:02] - *** Detected MSEvents Object
[08/29/2008, 18:34:02] - Trying to remove MSEvents Object...
[08/29/2008, 18:34:03] - Terminating Process: IEXPLORE.EXE
[08/29/2008, 18:34:03] - Terminating Process: RUNDLL32.EXE
[08/29/2008, 18:34:03] - Disabling Automatic Shell Restart
[08/29/2008, 18:34:04] - Terminating Process: EXPLORER.EXE
[08/29/2008, 18:34:04] - Suspending the NT Session Manager System Service
[08/29/2008, 18:34:04] - Terminating Windows NT Logon/Logoff Manager
[08/29/2008, 18:34:04] - Re-enabling Automatic Shell Restart
[08/29/2008, 18:34:04] - File to disable: C:\WINDOWS\system32\iiffEtuu.dll
[08/29/2008, 18:34:04] - Removing HKLM\...\Browser Helper Objects\{FEEAD861-8455-42F3-8A7E-B7756084BB36}
[08/29/2008, 18:34:04] - Removing HKCR\CLSID\{FEEAD861-8455-42F3-8A7E-B7756084BB36}
[08/29/2008, 18:34:04] - Adding Kill Bit for ActiveX for GUID: {FEEAD861-8455-42F3-8A7E-B7756084BB36}
[08/29/2008, 18:34:04] - Deleting ATLEvents/MSEvents Registry entries
[08/29/2008, 18:34:04] - Removing HKLM\...\Winlogon\Notify\iiffEtuu
[08/29/2008, 18:34:04] - Searching for Browser Helper Objects:
[08/29/2008, 18:34:04] - BHO 1: {3641FF3E-C5C4-4BEB-9FFB-DCB0A07C4649} (QXK Olive)
[08/29/2008, 18:34:05] - BHO 2: {3bec67fc-37cf-4e9a-b899-ce6e8a389964} ()
[08/29/2008, 18:34:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2008, 18:34:05] - Checking for HKLM\...\Winlogon\Notify\tnurfe
[08/29/2008, 18:34:05] - Key not found: HKLM\...\Winlogon\Notify\tnurfe, continuing.
[08/29/2008, 18:34:05] - BHO 3: {86B4C086-0758-4E94-8E93-1C01B34ACAD8} ()
[08/29/2008, 18:34:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/29/2008, 18:34:05] - Checking for HKLM\...\Winlogon\Notify\vtUmKbAS
[08/29/2008, 18:34:05] - Key not found: HKLM\...\Winlogon\Notify\vtUmKbAS, continuing.
[08/29/2008, 18:34:05] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/29/2008, 18:34:05] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[08/29/2008, 18:34:05] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[08/29/2008, 18:34:05] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[08/29/2008, 18:34:05] - Finished Searching Browser Helper Objects
[08/29/2008, 18:34:05] - Finishing up...
[08/29/2008, 18:34:05] - A restart is needed.
[08/29/2008, 18:34:05] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[08/29/2008, 18:34:14] - Attempting to Restart via STOP error (Blue Screen!)



-------------



Ensuite voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:21, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\scan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0BA8D4A9-3631-4FA7-8DF4-EAAD28A93120} - C:\WINDOWS\system32\vtUmKbAS.dll
O2 - BHO: QXK Olive - {3641FF3E-C5C4-4BEB-9FFB-DCB0A07C4649} - C:\WINDOWS\rodqgpvlrgq.dll (file missing)
O2 - BHO: {469983a8-e6ec-998b-a9e4-fc73cf76ceb3} - {3bec67fc-37cf-4e9a-b899-ce6e8a389964} - C:\WINDOWS\system32\tnurfe.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: qalkfxor - {EA06F4CB-4B01-498C-B0C1-2414E5817D28} - C:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Efface Historique 2.1] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\VIE6C4.exe] C:\Windows\System32\VIE6C4.exe
O4 - HKLM\..\Run: [\VIE6C5.exe] C:\Windows\System32\VIE6C5.exe
O4 - HKLM\..\Run: [\VIE6C6.exe] C:\Windows\System32\VIE6C6.exe
O4 - HKLM\..\Run: [\VIE6C7.exe] C:\Windows\System32\VIE6C7.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIE550.exe] C:\Windows\System32\VIE550.exe
O4 - HKLM\..\Run: [\VIE551.exe] C:\Windows\System32\VIE551.exe
O4 - HKLM\..\Run: [\VIE552.exe] C:\Windows\System32\VIE552.exe
O4 - HKLM\..\Run: [\VIE553.exe] C:\Windows\System32\VIE553.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [0c1d1e95] rundll32.exe "C:\WINDOWS\system32\vvprjdfb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti(...)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/pc/resources/activex/Ephoto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: rlppte.dll mykpaz.dll tnurfe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11959 bytes



Encore merci.

Salut Lucas.l


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe



==> Sauvegarde et ferme toutes les fenêtres actives, il va y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée pour lancer le scan

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++

Voici donc le rapport de Combofix:

ComboFix 08-08-28.06 - Administrateur 2008-08-29 19:05:12.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.781 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\bfdjrpvv.ini
C:\WINDOWS\system32\iixvpklg.ini
C:\WINDOWS\system32\liarcwho.dll
C:\WINDOWS\system32\mykpaz.dll
C:\WINDOWS\system32\ofmdolrb.ini
C:\WINDOWS\system32\rlppte.dll
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\SYSTEM32\SAbKmUtv.ini
C:\WINDOWS\SYSTEM32\SAbKmUtv.ini2
C:\WINDOWS\system32\tnurfe.dll
C:\WINDOWS\system32\vvprjdfb.dll
C:\WINDOWS\SYSTEM32\ygihohoj.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 18:09 . 2008-08-29 18:09 <REP> d-------- C:\VundoFix Backups
2008-08-29 16:41 . 2008-08-29 16:41 <REP> d-------- C:\Program Files\Trend Micro
2008-08-28 22:54 . 2008-08-28 22:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Notepad++
2008-08-28 17:36 . 2008-08-28 17:36 <REP> d-------- C:\Program Files\Alwil Software
2008-08-28 13:48 . 2008-08-28 13:48 <REP> d-------- C:\Documents and Settings\lou\.housecall6.6
2008-08-28 13:43 . 2008-08-28 21:51 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-08-28 12:39 . 2004-08-24 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-08-28 12:39 . 2004-08-24 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-28 12:39 . 2004-08-24 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-08-28 12:39 . 2008-08-29 16:48 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-28 12:39 . 2004-08-24 10:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-08-28 12:39 . 2004-08-24 10:30 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-28 12:39 . 2008-08-29 19:03 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-28 12:39 . 2004-08-24 11:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-08-28 12:39 . 2004-08-24 11:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-08-28 12:39 . 2004-08-24 11:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Jasc Software Inc
2008-08-28 12:39 . 2004-11-19 12:23 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AOL
2008-08-28 12:39 . 2008-08-28 12:39 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-28 12:17 . 2008-08-28 12:17 <REP> d-------- C:\Documents and Settings\pascale\.housecall6.6
2008-08-27 21:41 . 2008-08-27 21:41 <REP> d-------- C:\Documents and Settings\lucas\Application Data\U3
2008-08-27 19:40 . 2008-08-27 19:40 321,536 --a------ C:\WINDOWS\SYSTEM32\vtUmKbAS.dll
2008-08-27 19:35 . 2008-08-27 19:35 <REP> d-------- C:\Documents and Settings\lucas\Application Data\TmpRecentIcons
2008-08-26 19:22 . 2008-08-26 19:22 <REP> d-------- C:\Program Files\Dyyno
2008-08-20 18:37 . 2008-08-20 18:37 39,060 --ah----- C:\WINDOWS\SYSTEM32\mlfcache.dat
2008-08-20 14:15 . 2008-08-20 14:15 <REP> d-------- C:\Program Files\Macromedia
2008-08-13 00:08 . 2008-08-13 00:08 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 17:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 17:08 --------- d-----w C:\Program Files\Steam
2008-08-27 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-26 18:32 --------- d-----w C:\Program Files\HLSW
2008-08-26 18:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-26 18:10 --------- d-----w C:\Program Files\CALLOF~1
2008-08-20 13:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 12:17 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-08-20 10:26 --------- d-s---w C:\Program Files\Xfire
2008-08-19 13:09 --------- d-----w C:\Program Files\eMule
2008-08-19 12:40 --------- d-----w C:\Program Files\Electronic Arts
2008-08-01 21:33 --------- d-----w C:\Program Files\iTunes
2008-07-23 15:38 --------- d-----w C:\Program Files\Safari
2008-07-17 22:08 --------- d-----w C:\Program Files\Bonjour
2008-07-17 22:07 --------- d-----w C:\Program Files\QuickTime
2008-07-17 22:06 --------- d-----w C:\Program Files\Apple Software Update
2008-07-17 22:04 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-03 21:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-26 10:57 22,328 ----a-w C:\Documents and Settings\lucas\Application Data\PnkBstrK.sys
2007-06-25 05:13 47,104 ----a-w C:\Program Files\Brevet_session_2007.doc
2007-06-25 05:13 12,288 ----a-w C:\Program Files\DNB_calcul_points_2007.xls
2007-06-24 14:33 315,392 ----a-w C:\Program Files\une_jolie_lecon11.pps
2007-06-24 14:30 3,611,136 ----a-w C:\Program Files\Fleurscohabiter.pps
2007-06-01 18:03 1,851,756,544 ----a-w C:\Program Files\WiC_closedMPBeta.exe
2007-01-27 12:07 303,104 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BA8D4A9-3631-4FA7-8DF4-EAAD28A93120}]
2008-08-27 19:40 321536 --a------ C:\WINDOWS\system32\vtUmKbAS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 19:30 270336]
"FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [2004-11-04 12:03 16451]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20 86016]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" [2004-12-22 10:28 118832]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-01-25 17:13 684032]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" [2005-03-16 15:45 208896]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2004-05-06 14:21 372736]
"Efface Historique 2.1"="C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE" [2004-04-01 02:01 322560]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24 257088]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 18:40 159744]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rlppte.dll mykpaz.dll tnurfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\8520111\\Program\\fspex.exe"=
"C:\\Program Files\\America's Army\\System\\Server.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\TS2Serv\\server_windows.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\ricochet\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\CALLOF~1\\CoDUOMP.exe"=
"C:\\Program Files\\CALLOF~1\\CoDMP.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Documents and Settings\\pascale\\Local Settings\\Temp\\Rar$EX15.344\\evolution-script\\mirc.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8767:TCP"= 8767:TCP:mon serveur
"8767:UDP"= 8767:UDP:*:Disabled:mon serveur
"8768:UDP"= 8768:UDP:mon servudp
"4534:TCP"= 4534:TCP:monservtcp
"51234:TCP"= 51234:TCP:monserv

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-24 14:01]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 07:46]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 14:11]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-02-02 21:46]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 BackWeb Plug-in - 8520111;Securitoo Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE [2006-01-26 11:57]
S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 18:52]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-03-26 17:58]
S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2003-02-06 14:32]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\pascale\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [2008-08-28 12:16]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 21:15]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-28 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe [2004-05-06 14:18]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3641FF3E-C5C4-4BEB-9FFB-DCB0A07C4649} - C:\WINDOWS\rodqgpvlrgq.dll
Toolbar-{EA06F4CB-4B01-498C-B0C1-2414E5817D28} - C:\WINDOWS\qalkfxor.dll
HKLM-Run-VirusScan - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
HKLM-Run-\VIE6C4.exe - C:\Windows\System32\VIE6C4.exe
HKLM-Run-\VIE6C5.exe - C:\Windows\System32\VIE6C5.exe
HKLM-Run-\VIE6C6.exe - C:\Windows\System32\VIE6C6.exe
HKLM-Run-\VIE6C7.exe - C:\Windows\System32\VIE6C7.exe
HKLM-Run-Antivirus - C:\Program Files\MSA\MSA.exe
HKLM-Run-\VIE550.exe - C:\Windows\System32\VIE550.exe
HKLM-Run-\VIE551.exe - C:\Windows\System32\VIE551.exe
HKLM-Run-\VIE552.exe - C:\Windows\System32\VIE552.exe
HKLM-Run-\VIE553.exe - C:\Windows\System32\VIE553.exe
HKLM-Run-0c1d1e95 - C:\WINDOWS\system32\vvprjdfb.dll
ShellExecuteHooks-{FEEAD861-8455-42F3-8A7E-B7756084BB36} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.euro.dell.com/countries/fr/fra/gen/default.htm

O16 -: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
C:\WINDOWS\Downloaded Program Files\MDM.inf

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

O16 -: {1F83CD9E-505E-4F87-BECE-0832A763E36F} - hxxp://www.mypixmania.com/importer/MypixUploader.cab
C:\WINDOWS\Downloaded Program Files\MypixUploader.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\MypixUploader.ocx

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx

O16 -: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} - hxxp://photos.wanadoo.fr/al/presentation/pc/resources/activex/Ephoto.cab
C:\WINDOWS\Downloaded Program Files\Ephoto.inf
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
C:\WINDOWS\Downloaded Program Files\EphotoAxRes.dll
C:\WINDOWS\Downloaded Program Files\EphotoAx.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 19:15:21
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\VIE6C4.exe"="C:\\Windows\\System32\\VIE6C4.exe"
"\\VIE6C5.exe"="C:\\Windows\\System32\\VIE6C5.exe"
"\\VIE6C6.exe"="C:\\Windows\\System32\\VIE6C6.exe"
"\\VIE6C7.exe"="C:\\Windows\\System32\\VIE6C7.exe"
"\\VIE550.exe"="C:\\Windows\\System32\\VIE550.exe"
"\\VIE551.exe"="C:\\Windows\\System32\\VIE551.exe"
"\\VIE552.exe"="C:\\Windows\\System32\\VIE552.exe"
"\\VIE553.exe"="C:\\Windows\\System32\\VIE553.exe"

.
Temps d'accomplissement: 2008-08-29 19:23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 17:23:17

Pre-Run: 12,072,824,832 octets libres
Post-Run: 12,758,839,296 octets libres

261 --- E O F --- 2008-08-19 21:20:24



----- Je ne sais pas si tu veux un rapport de Hijackthis également donc le voici ca ne peut pas faire de mal de toute façon:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:20, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0BA8D4A9-3631-4FA7-8DF4-EAAD28A93120} - C:\WINDOWS\system32\vtUmKbAS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Efface Historique 2.1] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti(...)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/pc/resources/activex/Ephoto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: rlppte.dll mykpaz.dll tnurfe.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10418 bytes

Salut Lucas.l


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :




- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes


- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :



* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Avec ce rapport, poste moi un nouveau rapport HijackThis


@++

Et bien voila après manipulation le rapport ComboFix.txt

ComboFix 08-08-28.06 - Administrateur 2008-08-29 19:53:50.2 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.778 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\SYSTEM32\vtUmKbAS.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\vtUmKbAS.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 18:09 . 2008-08-29 18:09 <REP> d-------- C:\VundoFix Backups
2008-08-29 16:41 . 2008-08-29 16:41 <REP> d-------- C:\Program Files\Trend Micro
2008-08-28 22:54 . 2008-08-28 22:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Notepad++
2008-08-28 17:36 . 2008-08-28 17:36 <REP> d-------- C:\Program Files\Alwil Software
2008-08-28 13:48 . 2008-08-28 13:48 <REP> d-------- C:\Documents and Settings\lou\.housecall6.6
2008-08-28 13:43 . 2008-08-28 21:51 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-08-28 12:39 . 2004-08-24 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-08-28 12:39 . 2004-08-24 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-08-28 12:39 . 2004-08-24 10:30 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-08-28 12:39 . 2008-08-29 16:48 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-08-28 12:39 . 2004-08-24 10:30 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-08-28 12:39 . 2004-08-24 10:30 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-08-28 12:39 . 2008-08-29 19:53 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-08-28 12:39 . 2004-08-24 11:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-08-28 12:39 . 2004-08-24 11:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-08-28 12:39 . 2004-08-24 11:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Jasc Software Inc
2008-08-28 12:39 . 2004-11-19 12:23 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AOL
2008-08-28 12:39 . 2008-08-28 12:39 <REP> d-------- C:\Documents and Settings\Administrateur
2008-08-28 12:17 . 2008-08-28 12:17 <REP> d-------- C:\Documents and Settings\pascale\.housecall6.6
2008-08-27 21:41 . 2008-08-27 21:41 <REP> d-------- C:\Documents and Settings\lucas\Application Data\U3
2008-08-27 19:35 . 2008-08-27 19:35 <REP> d-------- C:\Documents and Settings\lucas\Application Data\TmpRecentIcons
2008-08-26 19:22 . 2008-08-26 19:22 <REP> d-------- C:\Program Files\Dyyno
2008-08-20 18:37 . 2008-08-20 18:37 39,060 --ah----- C:\WINDOWS\SYSTEM32\mlfcache.dat
2008-08-20 14:15 . 2008-08-20 14:15 <REP> d-------- C:\Program Files\Macromedia
2008-08-13 00:08 . 2008-08-13 00:08 42,320 --a------ C:\WINDOWS\SYSTEM32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 17:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 17:08 --------- d-----w C:\Program Files\Steam
2008-08-27 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-26 18:32 --------- d-----w C:\Program Files\HLSW
2008-08-26 18:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-26 18:10 107,832 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2008-08-26 18:10 --------- d-----w C:\Program Files\CALLOF~1
2008-08-20 13:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-20 12:17 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-08-20 10:26 --------- d-s---w C:\Program Files\Xfire
2008-08-19 13:09 --------- d-----w C:\Program Files\eMule
2008-08-19 12:40 --------- d-----w C:\Program Files\Electronic Arts
2008-08-01 21:33 --------- d-----w C:\Program Files\iTunes
2008-07-23 15:38 --------- d-----w C:\Program Files\Safari
2008-07-17 22:08 --------- d-----w C:\Program Files\Bonjour
2008-07-17 22:07 --------- d-----w C:\Program Files\QuickTime
2008-07-17 22:06 --------- d-----w C:\Program Files\Apple Software Update
2008-07-17 22:04 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-07-10 07:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:31 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-03 21:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 247,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-19 14:11 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2008-06-19 14:09 674,600 ----a-w C:\WINDOWS\SYSTEM32\pbsvc.exe
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-01-26 10:57 22,328 ----a-w C:\Documents and Settings\lucas\Application Data\PnkBstrK.sys
2007-06-25 05:13 47,104 ----a-w C:\Program Files\Brevet_session_2007.doc
2007-06-25 05:13 12,288 ----a-w C:\Program Files\DNB_calcul_points_2007.xls
2007-06-24 14:33 315,392 ----a-w C:\Program Files\une_jolie_lecon11.pps
2007-06-24 14:30 3,611,136 ----a-w C:\Program Files\Fleurscohabiter.pps
2007-06-01 18:03 1,851,756,544 ----a-w C:\Program Files\WiC_closedMPBeta.exe
2007-04-23 12:21 269,824 ----a-w C:\WINDOWS\INF\WG111v3\Vista64\wg111v3.sys
2007-04-23 12:11 224,896 ----a-w C:\WINDOWS\INF\WG111v3\wg111v3.sys
2007-01-27 12:07 303,104 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-12-15 09:30 98,304 ----a-w C:\WINDOWS\INF\WG111v3\UScanM.exe
2006-12-15 09:30 66,048 ----a-w C:\WINDOWS\INF\WG111v3\EAPPkt.sys
2006-12-15 09:30 315,392 ----a-w C:\WINDOWS\INF\WG111v3\InstallDriver.exe
2006-12-15 09:30 28,672 ----a-w C:\WINDOWS\INF\WG111v3\SetDrv.exe
2006-12-15 09:30 212,992 ----a-w C:\WINDOWS\INF\WG111v3\CopyWHQLDriver.exe
2006-12-15 09:30 20,480 ----a-w C:\WINDOWS\INF\WG111v3\RTWUPath.exe
2006-12-15 09:30 19,968 ----a-w C:\WINDOWS\INF\WG111v3\RTWREFU.EXE
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04 122933]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 19:30 270336]
"FSASWREG"="C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe" [2004-11-04 12:03 16451]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-06-15 17:20 86016]
"F-Secure Manager"="C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" [2004-12-22 10:28 118832]
"F-Secure TNB"="C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-01-25 17:13 684032]
"F-Secure Startup Wizard"="C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" [2005-03-16 15:45 208896]
"News Service"="C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe" [2004-05-06 14:21 372736]
"Efface Historique 2.1"="C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE" [2004-04-01 02:01 322560]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-02 16:24 257088]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-05-07 18:40 159744]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"nwiz"="nwiz.exe" [2005-06-15 17:20 1519616 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2006-05-29 20:24:42 1527808]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-09-03 09:36:47 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\Securitoo\\av_fw\\backweb\\8520111\\Program\\fspex.exe"=
"C:\\Program Files\\America's Army\\System\\Server.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\TS2Serv\\server_windows.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\ottowagner\\ricochet\\hl.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\CALLOF~1\\CoDUOMP.exe"=
"C:\\Program Files\\CALLOF~1\\CoDMP.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Documents and Settings\\pascale\\Local Settings\\Temp\\Rar$EX15.344\\evolution-script\\mirc.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"C:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8767:TCP"= 8767:TCP:mon serveur
"8767:UDP"= 8767:UDP:*:Disabled:mon serveur
"8768:UDP"= 8768:UDP:mon servudp
"4534:TCP"= 4534:TCP:monservtcp
"51234:TCP"= 51234:TCP:monserv

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-24 14:01]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-04-12 07:46]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-04-23 14:11]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-02-02 21:46]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 BackWeb Plug-in - 8520111;Securitoo Antivirus Firewall;C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE [2006-01-26 11:57]
S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2003-11-14 18:52]
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSgk.sys [2008-03-26 17:58]
S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2003-02-06 14:32]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\pascale\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [2008-08-28 12:16]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-21 21:15]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-28 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe [2004-05-06 14:18]

2008-08-28 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 19:55:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-29 19:57:47
ComboFix-quarantined-files.txt 2008-08-29 17:57:07
ComboFix2.txt 2008-08-29 17:23:21

Pre-Run: 12,787,560,448 octets libres
Post-Run: 12,772,360,192 octets libres

229 --- E O F --- 2008-08-19 21:20:24


----------------------------


Puis voila celui de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:55, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\av_fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Efface Historique 2.1] C:\PROGRA~1\EFFACE~1\EFFACE~1.EXE -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/acti(...)
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/9.20.0002/OCI/setup.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presentation/pc/resources/activex/Ephoto.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10267 bytes

Si dédétraqué ou quelqu'un pourrait m'aider ?

Salut Lucas.l


On reste patient SVP


As-tu des problèmes avec le démarrage en mode normal?


@++

Bonjour, encore désolé mais mon temps pour résoudre ce problème est très serré.

Alors non je n'ai pas de problèmes au démarrage avec mon ordinateur toutefois depuis que j'ai le virus, je ne peux plus que passer par le mode sans échec pour pouvoir utiliser mon ordinateur. Le F8 ne fonctionnant pas comme voulu au démarrage je suis obligé d'effectué une manipulation qui consiste à éteindre l'ordinateur lorsque Windows se charge au démarrage puis ensuite de redemarrer pour avoir accès à une page noir au démarrage me demandant ce que je veux faire.
Voila !

Encore merci, Lucas.l

Salut Lucas.l


Et pourquoi tu n'arrive pas à utilisé l'ordinateur en mode normal?

J'ai pas tous bien compris!!!


@++

Et bien parceque en mode normal, je n'ai plus aucun programme tous "mangé" par le virus, plus aucun dossier, bref plus rien.

Salut Lucas.l


Et ce n'est pas le cas en mode sans échec?


@++

Apparemment non j'ai tout mes dossiers et tous mes programmes

Salut Lucas.l


Donc le virus n'a pas mangé tes programmes, désolé si je pose des questions, j'essaie de comprendre.

Désinstalle Avast avec cette utilitaire :
http://www.avast.com/fre/avast-uninstall-utility.html

Installe Antivir et poste le rapport aprèes le scan :
http://www.malekal.com/tutorial_antivir.php


@++

Voila le scan bien que je pense qu'il est été inutile car il ne m'a détecté que 3 Spywares avec le nom de Vundo devant (les 3):



Avira AntiVir Personal
Report file date: vendredi 29 août 2008 23:15

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode with network
Username: Administrateur
Computer name: LULU

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 29 août 2008 23:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
16 processes with 16 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '73' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtUmKbAS.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490d7877.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0349331.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48eb79a4.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0352588.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48eb79bb.qua'!


End of the scan: samedi 30 août 2008 00:56
Used time: 1:41:18 Hour(s)

The scan has been done completely.

13346 Scanning directories
348614 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
348610 Files not concerned
2635 Archives were scanned
1 Warnings
3 Notes

Encore Merci!

Salut Lucas.l


Et maintenant pour le mode normal?

As-tu le CD de Windows XP pour la réparation de Windows?


@++

Bonjour,

Alors pour le mode normal, cela ne marchait toujours pas. Par contre en mode sans échec au paravant seul la session Administrateur fonctionnait bien les autres (au nombres de trois dont une bénéficiant des droits d'admins), maintenant elle marche toutte comme auparavant, hors j'aimerai bien retrouver le mode et normal et me débarasser à jamais de cette salo*****

Je ne retrouve plus le CD d'installation Windows (:s) Alors voila..

Avec mes remerciements, lucas.l

J'ai lancé un scan qui sera bientot fini je mettrais donc le rapport, où j'ai décelé plus de 20 infections donc au moins une douzaine dans C:\\System Volum Informations


VOICI LE RAPPORT:



Avira AntiVir Personal
Report file date: samedi 30 août 2008 10:49

Scanning for 1582788 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode with network
Username: Administrateur
Computer name: LULU

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 08:31:53
ANTIVIR3.VDF : 7.0.6.92 195584 Bytes 29/08/2008 08:31:54
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 30/08/2008 08:31:58
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 30/08/2008 08:31:58
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 30/08/2008 08:31:57
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 30/08/2008 08:31:55
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 30/08/2008 08:31:55
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 30 août 2008 10:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mirc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
15 processes with 15 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '73' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\lou\Local Settings\Temporary Internet Files\Content.IE5\45KPC52T\setup_100504_3_[1].exe
[DETECTION] Is the TR/Dldr.Agent.KIT.1 Trojan
[NOTE] The file was moved to '492d0c67.qua'!
C:\Documents and Settings\lou\Local Settings\Temporary Internet Files\Content.IE5\YDEFKDE5\setup_100504_3_[1].exe
[DETECTION] Is the TR/Dldr.Agent.KIT.1 Trojan
[NOTE] The file was moved to '492d0c94.qua'!
C:\Documents and Settings\pascale\Local Settings\Temp\Rar$EX01.656\crack_ver1.454.0.exe
[DETECTION] Is the TR/Dldr.Zlob.Gen Trojan
[NOTE] The file was moved to '491a0ee3.qua'!
C:\Documents and Settings\pascale\Local Settings\Temp\Rar$EX01.656\FRAPS221.EXE
[DETECTION] Is the TR/Agent.640014 Trojan
[NOTE] The file was moved to '48fa0ec7.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP986\A0343288.exe
[DETECTION] Is the TR/Dldr.AntiMaste.1 Trojan
[NOTE] The file was moved to '48ec1ee5.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP986\A0343289.exe
[DETECTION] Is the TR/Clicker.ED Trojan
[NOTE] The file was moved to '48ec1ee9.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP986\A0343291.exe
[DETECTION] Is the TR/VB.dvu Trojan
[NOTE] The file was moved to '48ec1eed.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP986\A0343292.exe
[DETECTION] Is the TR/Dldr.AntiMaste.1 Trojan
[NOTE] The file was moved to '48ec1ef1.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP986\A0343293.exe
[DETECTION] Is the TR/Clicker.ED Trojan
[NOTE] The file was moved to '48ec1ef4.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP986\A0343295.exe
[DETECTION] Is the TR/VB.dvu Trojan
[NOTE] The file was moved to '48ec1ef8.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0344288.dll
[DETECTION] Is the TR/Monder.iyk Trojan
[NOTE] The file was moved to '48ec1eff.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0348288.dll
[DETECTION] Is the TR/Monder.jck Trojan
[NOTE] The file was moved to '48ec1f05.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350332.dll
[DETECTION] Is the TR/Vapsup.krk Trojan
[NOTE] The file was moved to '48ec1f0b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350336.exe
[DETECTION] Is the TR/Vapsup.krl Trojan
[NOTE] The file was moved to '48ec1f0e.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350337.dll
[DETECTION] Is the TR/Vapsup.krk Trojan
[NOTE] The file was moved to '48ec1f10.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350338.exe
[DETECTION] Is the TR/Vapsup.krg Trojan
[NOTE] The file was moved to '48ec1f13.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350349.dll
[DETECTION] Is the TR/Monder.jck Trojan
[NOTE] The file was moved to '48ec1f16.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350354.exe
[DETECTION] Is the TR/Dldr.AntiMaste.1 Trojan
[NOTE] The file was moved to '48ec1f18.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350356.exe
[DETECTION] Is the TR/Clicker.ED Trojan
[NOTE] The file was moved to '48ec1f1a.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350358.exe
[DETECTION] Is the TR/VB.dvu Trojan
[NOTE] The file was moved to '48ec1f1c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350359.exe
[0] Archive type: ZIP SFX (self extracting)
--> MSA.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
[DETECTION] Contains recognition pattern of the DR/FraudTool.SpywarePreventer.C dropper
[NOTE] The file was moved to '48ec1f2b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350360.exe
[DETECTION] Is the TR/Dldr.Agent.133 Trojan
[NOTE] The file was moved to '48ec1f30.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP987\A0350365.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
[NOTE] The file was moved to '48ec1f36.qua'!


End of the scan: samedi 30 août 2008 12:41
Used time: 1:52:13 Hour(s)

The scan has been done completely.

13322 Scanning directories
350343 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
23 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
350318 Files not concerned
2627 Archives were scanned
1 Warnings
23 Notes

Humm certaines, améliorations, le mode normal marche (enfin pas tout), mais j'ai toujours virus alert! dans la barre de lancement rapide ainsi que mon bureau très modifié.

lucas.l

J'ai ensuite réussi à fermer un beau bureau, image blanche et changement de logos.

Je suis parevenue à créer un nouveau compte administrateur via le mode sans échec avec virus, et là le virus ne virole plus rien. Voila j'espère que ca va marcher!

Salut Lucas.l


Vide la quarantaine d'antivir, désactive la restauration système :

- Clique droit sur le Poste de travail sur le bureau, dans propriété tu cliques sur l'onglet Restauration système

- Coche la case désactiver la restauration et applique

Redémarre l’ordinateur et réactive la restauration système.

Tutoriel : http://www.libellules.ch/desactiver_restauration.php

Refais un scan pour vérification


@++