Forum XP.Net -Sécurité Informatique-

Bonjour.
Oui on en a déjà enlevé mais il se régénère encore donc faut remettre une seconde couche.

Bon tu va faire exactement la même chose que précédemment mais avec le fichier CFScript joint a CE message.
Et tu me remet le rapport Combo + le nouveau HJThis.

voile j'ai tout fait je te remet sa


ComboFix 08-04-12.7 - parison michel 2008-04-14 13:57:19.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.319 [GMT 2:00]
Endroit: C:\Documents and Settings\parison michel\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\parison michel\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\kjlkkjjl.ini
C:\WINDOWS\system32\kjlkkjjl.ini2
C:\WINDOWS\system32\uvxadfii.ini
C:\WINDOWS\system32\uvxadfii.ini2
C:\WINDOWS\system32\wkoldjtd.ini
C:\WINDOWS\system32\yirwskbt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bharebio18
C:\WINDOWS\system32\HBL
C:\WINDOWS\system32\kjlkkjjl.ini
C:\WINDOWS\system32\kjlkkjjl.ini2
C:\WINDOWS\system32\MId2
C:\WINDOWS\system32\qylypafh.ini
C:\WINDOWS\system32\spol3
C:\WINDOWS\system32\uvxadfii.ini
C:\WINDOWS\system32\uvxadfii.ini2
C:\WINDOWS\system32\wkoldjtd.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 11:06 . 2008-04-14 11:06 91,200 --a------ C:\WINDOWS\system32\tbkswriy.dll
2008-04-14 11:03 . 2008-04-14 11:03 97,344 --a------ C:\WINDOWS\system32\sypnrugk.dll
2008-04-14 11:03 . 2008-04-14 11:03 3,648 --a------ C:\WINDOWS\system32\bppgskku.dll
2008-04-14 11:01 . 2008-04-14 11:01 93,248 --a------ C:\WINDOWS\system32\smltpxsc.dll
2008-04-14 10:47 . 2008-04-14 10:47 3,648 --a------ C:\WINDOWS\system32\ncusfhcg.dll
2008-04-14 10:44 . 2008-04-14 10:44 288,768 --a------ C:\WINDOWS\system32\ljjkkljk.dll
2008-04-14 10:44 . 2008-04-14 10:44 93,248 --a------ C:\WINDOWS\system32\vjqotosk.dll
2008-04-13 15:33 . 2008-04-13 15:33 95,808 --a------ C:\WINDOWS\system32\cfxrkrhm.dll
2008-04-13 15:28 . 2008-04-13 15:28 3,648 --a------ C:\WINDOWS\system32\lyyilfwx.dll
2008-04-13 15:27 . 2008-04-13 15:27 93,760 --a------ C:\WINDOWS\system32\ycucenvs.dll
2008-04-13 14:20 . 2008-04-13 14:20 90,688 --a------ C:\WINDOWS\system32\lyxhxkho.dll
2008-04-13 14:17 . 2008-04-13 14:17 95,808 --a------ C:\WINDOWS\system32\vtpqnmgh.dll
2008-04-13 14:14 . 2008-04-13 14:14 93,760 --a------ C:\WINDOWS\system32\tuwnrrff.dll
2008-04-13 14:14 . 2008-04-13 14:14 3,648 --a------ C:\WINDOWS\system32\qxwifysj.dll
2008-04-13 14:06 . 2008-04-13 14:07 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-13 13:38 . 2008-04-13 13:39 <REP> d-------- C:\Program Files\jv16 PowerTools
2008-04-13 11:50 . 2008-04-14 11:06 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-04-12 15:40 . 2008-04-14 13:47 <REP> d-------- C:\Program Files\Everest Poker
2008-04-12 14:14 . 2008-04-12 14:14 3,648 --a------ C:\WINDOWS\system32\vjajimcv.dll
2008-04-11 18:20 . 2008-04-11 18:25 942 --a------ C:\WINDOWS\wininit.ini
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 17:04 . 2008-03-23 12:06 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 17:04 . 2008-03-23 12:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 16:06 . 2008-04-11 17:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 16:06 . 2008-04-11 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 14:49 . 2008-04-11 14:49 <REP> d-------- C:\WINDOWS\system32\Lang
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-11 14:08 . 2008-04-13 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-11 12:34 . 2008-04-11 12:34 3,648 --a------ C:\WINDOWS\system32\lktwnkju.dll
2008-04-10 12:35 . 2008-04-10 12:35 3,648 --a------ C:\WINDOWS\system32\cjoowfpf.dll
2008-04-09 18:34 . 2008-04-13 13:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-09 18:29 . 2008-04-13 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-09 18:26 . 2008-04-13 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-04-09 18:26 . 2008-04-09 18:26 27,683,672 --a------ C:\Program Files\bitdefender_free_v10.exe
2008-04-07 21:30 . 2008-04-07 21:30 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 20:29 . 2008-04-07 20:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 20:29 . 2008-04-07 20:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-07 17:54 . 2008-04-07 17:54 288,256 --------- C:\WINDOWS\system32\iifdaxvu.dll
2008-04-07 17:50 . 2008-04-07 17:50 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-04-07 17:49 . 2008-04-07 17:49 <REP> d-------- C:\Temp\wdlw14
2008-04-07 17:49 . 2008-04-13 15:03 <REP> d-------- C:\Temp
2008-04-07 17:49 . 2008-04-07 17:49 40,960 --------- C:\WINDOWS\system32\opnkkhge.dll
2008-04-07 17:48 . 2008-04-07 17:48 10,240 --a------ C:\Documents and Settings\parison michel\services.exe
2008-04-06 19:19 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\Incomplete
2008-04-06 19:18 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\LimeWire
2008-04-06 16:56 . 2008-04-06 16:56 <REP> d-------- C:\Program Files\Midway Games
2008-04-06 15:52 . 2008-04-14 10:31 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\OpenOffice.org2
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iTunes
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iPod
2008-04-06 15:33 . 2008-04-06 15:44 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:32 <REP> d-------- C:\Program Files\QuickTime
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-06 15:31 . 2008-04-06 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 15:31 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-04-05 15:57 . 2004-01-14 03:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-04-05 15:56 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-05 15:56 . 2008-04-05 15:56 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-04-05 15:54 . 2004-06-15 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2008-04-05 15:54 . 2004-06-04 17:34 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2008-04-05 15:54 . 2004-06-15 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\StartHtmico
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\IP4000,3000
2008-04-05 15:52 . 2008-04-05 15:57 <REP> d-------- C:\Program Files\Canon
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-04 21:21 . 2008-04-04 21:21 <REP> d-------- C:\Program Files\EA GAMES
2008-04-04 21:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-31 14:55 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 14:55 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 11:22 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-29 11:22 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-29 11:22 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-28 20:56 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-28 19:37 . 2008-03-28 19:37 34 --a------ C:\WINDOWS\Kit.ini
2008-03-27 18:40 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 18:40 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-27 18:40 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-24 19:06 . 2005-05-27 11:23 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-03-24 19:06 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-24 19:06 . 2004-08-04 00:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-03-24 19:06 . 2004-08-04 00:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-24 19:06 . 2004-08-04 01:55 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-24 19:06 . 2004-08-04 00:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-24 19:06 . 2004-08-03 23:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\FotoWire
2008-03-24 19:00 . 2005-07-19 18:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 09:06 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-13 11:42 --------- d-----w C:\Program Files\Wanadoo
2008-04-06 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-24 16:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-23 10:58 --------- d-----w C:\Program Files\Windows Live
2008-03-23 10:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 10:43 --------- d-----w C:\Program Files\Alwil Software
2008-03-23 10:35 --------- d-----w C:\Program Files\Wanadoo Messager
2008-03-23 10:33 --------- d-----w C:\Program Files\SAGEM
2008-03-23 10:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-23 10:08 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2gdr\wininet.dll
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2qfe\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2gdr\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2qfe\wininet.dll
2004-08-05 14:00 694784 f6ad4c0f992b3b51c044ad74d9e2e854 C:\WINDOWS\system32\wininet.dll

2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-13_15.23.00.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 13:18:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 12:01:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 12:01:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C74933-8FD8-4B45-8DCA-8A970D930A1E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{177ec23e-9034-4a18-83e7-8c926acce858}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F58D4C4-0786-41C0-B887-773F9965BB19}]
2008-04-07 17:49 40960 --------- C:\WINDOWS\system32\opnkkhge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5263447D-3A1C-4161-BBEE-1FC6D804AA85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{756D767F-6B99-4D31-8658-E37913CC1664}]
2008-04-07 17:54 288256 --------- C:\WINDOWS\system32\iifdaxvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A531FBF-A639-4A57-AB06-78683AB1F78B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{870202f9-24e1-47db-ae77-d88cdb1b8367}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BDE876E-B57C-4178-A713-4806150A413A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b33b2c92-ccda-47ad-84c3-f089d4071693}]
2008-04-14 11:03 97344 --a------ C:\WINDOWS\system32\sypnrugk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9D8DB4A-B035-44F4-BA9D-2B015767379E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"88056540"="C:\WINDOWS\system32\tbkswriy.dll" [2008-04-14 11:06 91200]
"BM8b3656dc"="C:\WINDOWS\system32\smltpxsc.dll" [2008-04-14 11:01 93248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F58D4C4-0786-41C0-B887-773F9965BB19}"= C:\WINDOWS\system32\opnkkhge.dll [2008-04-07 17:49 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhge]
opnkkhge.dll 2008-04-07 17:49 40960 C:\WINDOWS\system32\opnkkhge.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-03-24 18:59 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 18:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Roamvc]
--a------ 2008-03-23 13:03 413184 C:\DOCUME~1\PARISO~1\APPLIC~1\META32~1\SiteMeow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-27 15:49 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{56-65-5E-EF-DW}]
C:\WINDOWS\system32\Rtmp\cegmgr76.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca686ff2-063f-11dd-89f3-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6202aaa-f8cb-11dc-89c7-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-13 13:00:00 C:\WINDOWS\Tasks\AD0CA1AC919B5690.job"
- c:\docume~1\pariso~1\applic~1\meta32~1\extrabarbteam.exe
"2008-04-10 19:27:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 12:18:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"





Logfile of HijackThis v1.99.1
Scan saved at 14:05, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00C74933-8FD8-4B45-8DCA-8A970D930A1E} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {177ec23e-9034-4a18-83e7-8c926acce858} - (no file)
O2 - BHO: (no name) - {4F58D4C4-0786-41C0-B887-773F9965BB19} - C:\WINDOWS\system32\opnkkhge.dll
O2 - BHO: (no name) - {5263447D-3A1C-4161-BBEE-1FC6D804AA85} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {756D767F-6B99-4D31-8658-E37913CC1664} - C:\WINDOWS\system32\iifdaxvu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A531FBF-A639-4A57-AB06-78683AB1F78B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {870202f9-24e1-47db-ae77-d88cdb1b8367} - (no file)
O2 - BHO: (no name) - {8BDE876E-B57C-4178-A713-4806150A413A} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {3961704d-980f-3c48-da74-adcc29c2b33b} - {b33b2c92-ccda-47ad-84c3-f089d4071693} - C:\WINDOWS\system32\sypnrugk.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F9D8DB4A-B035-44F4-BA9D-2B015767379E} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [88056540] rundll32.exe "C:\WINDOWS\system32\tbkswriy.dll",b
O4 - HKLM\..\Run: [BM8b3656dc] Rundll32.exe "C:\WINDOWS\system32\smltpxsc.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6e6290571ac34cd6984344b018bac2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6e6290571ac34cd6984344b018bac2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnkkhge - C:\WINDOWS\SYSTEM32\opnkkhge.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe



voila merci de ton aide

on va essayer une autre manière...
Fait ce qui suit.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
• Clique sur le bouton Scan for Vundo
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
courage.
A+

re ! j'ai fais ce que tu m'avait dit de faire mais la scan reconait aucun virus !!
c'est bizarre ...

Ok cela peut arriver.
J'ai demandé de l'aide a quelqu'un de plus compétent pour accélérer un peu le nettoyage.
j'attends de ses nouvelles d'ici a demain matin.
Voici ce que l'on va faire en attendant.
Désactive tes protections résidentes ( Antivirus ,et le tea timer de spybot) tu les réactivera après le scan

Télécharge Lop S&D < ici

Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )

voila j'ai fait ce que tu m'as demander ...




-----------------------[ Lop S&D 4.1.1-0 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : parison michel ] [ "C:\Lop SD" ]
[ 2008-04-14 | 22:27:49.25 ] [ PC : MICHEL-BF846136 ]
[ MAJ : 14-04-2008 | 20:30 ]

-------------[ Listing des dossiers dans Application Data ]------------

[2008-03-23|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[2008-03-23|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[2008-03-23|15:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[2008-04-11|17:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[2008-04-11|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[2008-04-11|16:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[2008-04-11|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
[2008-04-09|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-04-06|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-04-06|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-04-13|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-04-13|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[2008-03-23|15:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-03-27|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-03-23|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-04-11|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-03-23|13:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Face Camp Shim
[2008-04-07|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-03-28|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[2008-03-23|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-03-23|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[2008-03-23|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[2008-03-23|15:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-03-23|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-03-23|12:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[2008-03-23|12:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[2008-04-07|21:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-03-23|12:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[2008-03-23|12:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[2008-03-23|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-04-13|13:12] C:\DOCUME~1\PARISO~1\APPLIC~1\.
[2008-04-13|13:12] C:\DOCUME~1\PARISO~1\APPLIC~1\..
[2008-04-09|16:35] C:\DOCUME~1\PARISO~1\APPLIC~1\Adobe
[2008-04-06|15:44] C:\DOCUME~1\PARISO~1\APPLIC~1\Apple Computer
[2008-03-23|12:56] C:\DOCUME~1\PARISO~1\APPLIC~1\desktop.ini
[2008-04-08|12:36] C:\DOCUME~1\PARISO~1\APPLIC~1\dvdcss
[2008-03-24|19:00] C:\DOCUME~1\PARISO~1\APPLIC~1\FotoWire
[2008-04-02|15:39] C:\DOCUME~1\PARISO~1\APPLIC~1\Help
[2008-03-23|12:15] C:\DOCUME~1\PARISO~1\APPLIC~1\Identities
[2008-04-12|18:41] C:\DOCUME~1\PARISO~1\APPLIC~1\LimeWire
[2008-03-23|12:38] C:\DOCUME~1\PARISO~1\APPLIC~1\Macromedia
[2008-04-11|15:11] C:\DOCUME~1\PARISO~1\APPLIC~1\Meta 32 Bold
[2008-03-28|20:58] C:\DOCUME~1\PARISO~1\APPLIC~1\Microsoft
[2008-03-23|15:00] C:\DOCUME~1\PARISO~1\APPLIC~1\Mozilla
[2008-04-14|10:31] C:\DOCUME~1\PARISO~1\APPLIC~1\OpenOffice.org2
[2008-03-23|14:31] C:\DOCUME~1\PARISO~1\APPLIC~1\Sun
[2008-03-23|15:34] C:\DOCUME~1\PARISO~1\APPLIC~1\vlc

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-04-10 21:27][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-04-13 14:18][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2008-04-13 15:00][--ah-----] C:\WINDOWS\tasks\AD0CA1AC919B5690.job
[2008-04-13 15:08][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-05 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-04-13|15:09] C:\Program Files\.
[2008-04-13|15:09] C:\Program Files\..
[2008-04-09|16:35] C:\Program Files\Adobe
[2008-03-23|12:43] C:\Program Files\Alwil Software
[2008-04-06|15:31] C:\Program Files\Apple Software Update
[2008-03-23|13:26] C:\Program Files\AxBx
[2008-04-09|18:26] C:\Program Files\bitdefender_free_v10.exe
[2008-04-05|15:57] C:\Program Files\Canon
[2008-04-09|18:47] C:\Program Files\Circle Developement
[2008-03-23|12:07] C:\Program Files\ComPlus Applications
[2008-04-04|21:21] C:\Program Files\EA GAMES
[2008-04-14|20:18] C:\Program Files\Everest Poker
[2008-04-09|18:26] C:\Program Files\Fichiers communs
[2008-04-14|14:05] C:\Program Files\Hijackthis Version Fran‡aise
[2008-04-06|19:19] C:\Program Files\Incomplete
[2008-04-06|15:06] C:\Program Files\InstallShield Installation Information
[2008-03-23|20:02] C:\Program Files\Internet Explorer
[2008-04-06|15:33] C:\Program Files\iPod
[2008-04-06|15:33] C:\Program Files\iTunes
[2008-04-13|14:00] C:\Program Files\Java
[2008-04-13|13:39] C:\Program Files\jv16 PowerTools
[2008-04-06|19:19] C:\Program Files\LimeWire
[2008-03-24|19:00] C:\Program Files\Logitech
[2008-03-23|15:56] C:\Program Files\Messenger
[2008-03-23|13:03] C:\Program Files\Messenger Plus! Live
[2008-03-23|13:03] C:\Program Files\Meta 32 Bold
[2008-03-23|12:10] C:\Program Files\microsoft frontpage
[2008-04-06|16:56] C:\Program Files\Midway Games
[2008-03-23|20:02] C:\Program Files\Movie Maker
[2008-04-14|22:25] C:\Program Files\Mozilla Firefox 3 Beta 4
[2008-04-05|21:15] C:\Program Files\MSN
[2008-03-23|12:06] C:\Program Files\MSN Gaming Zone
[2008-03-23|12:07] C:\Program Files\NetMeeting
[2008-03-23|12:06] C:\Program Files\Online Services
[2008-04-13|14:05] C:\Program Files\OpenOffice.org 2.3
[2008-04-13|14:07] C:\Program Files\OpenOffice.org 2.4
[2008-03-23|20:02] C:\Program Files\Outlook Express
[2008-04-06|15:32] C:\Program Files\QuickTime
[2008-03-23|12:33] C:\Program Files\SAGEM
[2008-03-23|12:08] C:\Program Files\Services en ligne
[2008-04-11|17:49] C:\Program Files\Spybot - Search & Destroy
[2008-03-23|12:15] C:\Program Files\Uninstall Information
[2008-03-23|15:33] C:\Program Files\VideoLAN
[2008-04-14|15:12] C:\Program Files\Wanadoo
[2008-03-23|12:35] C:\Program Files\Wanadoo Messager
[2008-03-23|12:58] C:\Program Files\Windows Live
[2008-03-28|20:57] C:\Program Files\Windows Live Favorites
[2008-03-28|20:57] C:\Program Files\Windows Live Toolbar
[2008-04-07|21:30] C:\Program Files\Windows Media Connect 2
[2008-04-07|21:31] C:\Program Files\Windows Media Player
[2008-03-23|12:06] C:\Program Files\Windows NT
[2008-03-23|12:08] C:\Program Files\WindowsUpdate
[2008-03-23|12:10] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2008-04-09|18:26] C:\Program Files\Fichiers communs\.
[2008-04-09|18:26] C:\Program Files\Fichiers communs\..
[2008-04-06|15:31] C:\Program Files\Fichiers communs\Apple
[2008-03-24|19:00] C:\Program Files\Fichiers communs\FotoWire
[2008-03-24|18:56] C:\Program Files\Fichiers communs\InstallShield
[2008-03-23|14:31] C:\Program Files\Fichiers communs\Java
[2008-03-24|18:59] C:\Program Files\Fichiers communs\Logitech
[2008-03-23|12:57] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-03-23|12:07] C:\Program Files\Fichiers communs\MSSoap
[2008-03-23|03:55] C:\Program Files\Fichiers communs\ODBC
[2008-03-23|12:07] C:\Program Files\Fichiers communs\Services
[2008-04-13|13:12] C:\Program Files\Fichiers communs\Softwin
[2008-03-23|03:55] C:\Program Files\Fichiers communs\SpeechEngines
[2008-03-23|12:07] C:\Program Files\Fichiers communs\System
[2008-03-23|12:57] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Face Camp Shim
C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Face Camp Shim\media tick.exe
C:\Program Files\Circle Developement
C:\WINDOWS\Tasks\AD0CA1AC919B5690.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 22:30:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\uvxadfii.ini2
! VUNDO Possible !


/!\ [Fich:132][Doss:3] C:\DOCUME~1\PARISO~1\LOCALS~1\Temp
/!\ [Fich:32][Doss:0] C:\DOCUME~1\PARISO~1\Cookies
/!\ [Fich:302][Doss:4] C:\DOCUME~1\PARISO~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 22:30:49.15 ]----------------------




merci d'avance

Ok, merci de ta confiance et désolée du temps que cela prends...

AVANT TOUT désactive le Teatimer de Spybot et ton antivirus.
pense a les réactiver quand tu aura fini.

Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )


On repasse a Combofix.
-> Assure-toi que l'outil ComboFix.exe soit sur le Bureau (important).

-> Télécharge le fichier CFScript.txt joint a ce post,
..et sauvegarde-le sur ton Bureau.

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

-> Poste le nouveau rapport HijackThis! avec le rapport Lop S&D et le dernier Combofix ensuite dis-nous comment se comporte ton ordi.

voila j'ai fais ce que tu 'as demander id moi ce que tu en penses je te met les 3 rapport de scan ...


ComboFix 08-04-12.7 - parison michel 2008-04-15 13:04:57.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.193 [GMT 2:00]
Endroit: C:\Documents and Settings\parison michel\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\parison michel\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\Documents and Settings\parison michel\services.exe
C:\WINDOWS\system32\bppgskku.dll
C:\WINDOWS\system32\cfxrkrhm.dll
C:\WINDOWS\system32\cjoowfpf.dll
C:\WINDOWS\system32\iifdaxvu.dll
C:\WINDOWS\system32\ljjkkljk.dll
C:\WINDOWS\system32\lktwnkju.dll
C:\WINDOWS\system32\lyxhxkho.dll
C:\WINDOWS\system32\lyyilfwx.dll
C:\WINDOWS\system32\ncusfhcg.dll
C:\WINDOWS\system32\opnkkhge.dll
C:\WINDOWS\system32\qxwifysj.dll
C:\WINDOWS\system32\smltpxsc.dll
C:\WINDOWS\system32\sypnrugk.dll
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\tbkswriy.dll
C:\WINDOWS\system32\tuwnrrff.dll
C:\WINDOWS\system32\vjajimcv.dll
C:\WINDOWS\system32\vjqotosk.dll
C:\WINDOWS\system32\vtpqnmgh.dll
C:\WINDOWS\system32\ycucenvs.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\parison michel\services.exe
C:\Temp
C:\Temp\wdlw14\maxN1bo.log
C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bppgskku.dll
C:\WINDOWS\system32\cfxrkrhm.dll
C:\WINDOWS\system32\cjoowfpf.dll
C:\WINDOWS\system32\fuhuwodc.ini
C:\WINDOWS\system32\iifdaxvu.dll
C:\WINDOWS\system32\ljjkkljk.dll
C:\WINDOWS\system32\lktwnkju.dll
C:\WINDOWS\system32\lyxhxkho.dll
C:\WINDOWS\system32\lyyilfwx.dll
C:\WINDOWS\system32\ncusfhcg.dll
C:\WINDOWS\system32\opnkkhge.dll
C:\WINDOWS\system32\qxwifysj.dll
C:\WINDOWS\system32\smltpxsc.dll
C:\WINDOWS\system32\sypnrugk.dll
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\tuwnrrff.dll
C:\WINDOWS\system32\uvxadfii.ini
C:\WINDOWS\system32\uvxadfii.ini2
C:\WINDOWS\system32\vjajimcv.dll
C:\WINDOWS\system32\vjqotosk.dll
C:\WINDOWS\system32\vtpqnmgh.dll
C:\WINDOWS\system32\ycucenvs.dll
C:\WINDOWS\system32\yirwskbt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bharebio18
C:\WINDOWS\system32\HBL
C:\WINDOWS\system32\kjlkkjjl.ini
C:\WINDOWS\system32\kjlkkjjl.ini2
C:\WINDOWS\system32\MId2
C:\WINDOWS\system32\qylypafh.ini
C:\WINDOWS\system32\spol3
C:\WINDOWS\system32\uvxadfii.ini
C:\WINDOWS\system32\uvxadfii.ini2
C:\WINDOWS\system32\wkoldjtd.ini
C:\WINDOWS\system32\yirwskbt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 22:27 . 2008-04-15 12:34 <REP> d-------- C:\Lop SD
2008-04-14 19:05 . 2008-04-14 19:05 <REP> d-------- C:\VundoFix Backups
2008-04-14 14:15 . 2008-04-14 14:15 91,200 --a------ C:\WINDOWS\system32\cdowuhuf.dll
2008-04-14 14:09 . 2008-04-14 14:09 97,344 --a------ C:\WINDOWS\system32\urdyrswh.dll
2008-04-14 14:06 . 2008-04-14 14:06 93,248 --a------ C:\WINDOWS\system32\dcnroojr.dll
2008-04-14 14:06 . 2008-04-14 14:06 3,648 --a------ C:\WINDOWS\system32\welistih.dll
2008-04-13 14:06 . 2008-04-13 14:07 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-13 13:38 . 2008-04-13 13:39 <REP> d-------- C:\Program Files\jv16 PowerTools
2008-04-13 11:50 . 2008-04-14 14:05 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-04-12 15:40 . 2008-04-15 12:19 <REP> d-------- C:\Program Files\Everest Poker
2008-04-11 18:20 . 2008-04-11 18:25 942 --a------ C:\WINDOWS\wininit.ini
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 17:04 . 2008-03-23 12:06 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 17:04 . 2008-03-23 12:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 16:06 . 2008-04-11 17:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 16:06 . 2008-04-11 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 14:49 . 2008-04-11 14:49 <REP> d-------- C:\WINDOWS\system32\Lang
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-11 14:08 . 2008-04-13 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 18:34 . 2008-04-13 13:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-09 18:29 . 2008-04-13 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-09 18:26 . 2008-04-13 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-04-09 18:26 . 2008-04-09 18:26 27,683,672 --a------ C:\Program Files\bitdefender_free_v10.exe
2008-04-07 21:30 . 2008-04-07 21:30 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 20:29 . 2008-04-07 20:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 20:29 . 2008-04-07 20:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-06 19:19 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\Incomplete
2008-04-06 19:18 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\LimeWire
2008-04-06 16:56 . 2008-04-06 16:56 <REP> d-------- C:\Program Files\Midway Games
2008-04-06 15:52 . 2008-04-14 10:31 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\OpenOffice.org2
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iTunes
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iPod
2008-04-06 15:33 . 2008-04-06 15:44 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:32 <REP> d-------- C:\Program Files\QuickTime
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-06 15:31 . 2008-04-06 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 15:31 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-04-05 15:57 . 2004-01-14 03:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-04-05 15:56 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-05 15:56 . 2008-04-05 15:56 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-04-05 15:54 . 2004-06-15 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2008-04-05 15:54 . 2004-06-04 17:34 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2008-04-05 15:54 . 2004-06-15 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\StartHtmico
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\IP4000,3000
2008-04-05 15:52 . 2008-04-05 15:57 <REP> d-------- C:\Program Files\Canon
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-04 21:21 . 2008-04-04 21:21 <REP> d-------- C:\Program Files\EA GAMES
2008-04-04 21:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-31 14:55 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 14:55 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 11:22 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-29 11:22 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-29 11:22 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-28 20:56 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-28 19:37 . 2008-03-28 19:37 34 --a------ C:\WINDOWS\Kit.ini
2008-03-27 18:40 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 18:40 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-27 18:40 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-24 19:06 . 2005-05-27 11:23 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-03-24 19:06 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-24 19:06 . 2004-08-04 00:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-03-24 19:06 . 2004-08-04 00:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-24 19:06 . 2004-08-04 01:55 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-24 19:06 . 2004-08-04 00:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-24 19:06 . 2004-08-03 23:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\FotoWire
2008-03-24 19:00 . 2005-07-19 18:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-03-24 18:59 . 2008-03-24 18:59 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-03-24 18:58 . 2008-03-24 18:58 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-03-24 18:57 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Logitech
2008-03-23 20:05 . 2004-08-04 01:55 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-23 20:05 . 2001-08-17 21:19 72,832 --a------ C:\WINDOWS\system32\drivers\cwbwdm.sys
2008-03-23 20:05 . 2004-08-04 00:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-03-23 20:05 . 2001-07-22 03:49 8,225 --a------ C:\WINDOWS\system32\drivers\cwbaudio.bin
2008-03-23 20:05 . 2004-08-03 23:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-03-23 20:05 . 2004-08-04 00:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-23 20:05 . 2004-08-03 23:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-03-23 20:05 . 2004-08-03 23:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-03-23 20:05 . 2004-08-04 01:54 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-23 20:05 . 2001-08-17 21:19 3,072 --a------ C:\WINDOWS\system32\drivers\cwbase.sys
2008-03-23 17:14 . 2008-03-23 17:16 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-23 16:58 . 2004-08-04 00:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-03-23 16:00 . 2004-08-05 14:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm93w.dll
2008-03-23 16:00 . 2004-08-05 14:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smierrsy.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 08:50 --------- d-----w C:\Program Files\Wanadoo
2008-04-14 12:05 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-06 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-24 16:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-23 10:58 --------- d-----w C:\Program Files\Windows Live
2008-03-23 10:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 10:43 --------- d-----w C:\Program Files\Alwil Software
2008-03-23 10:35 --------- d-----w C:\Program Files\Wanadoo Messager
2008-03-23 10:33 --------- d-----w C:\Program Files\SAGEM
2008-03-23 10:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-23 10:08 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2gdr\wininet.dll
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2qfe\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2gdr\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2qfe\wininet.dll
2004-08-05 14:00 694784 f6ad4c0f992b3b51c044ad74d9e2e854 C:\WINDOWS\system32\wininet.dll

2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-13_15.23.00.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 13:18:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 11:09:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 11:09:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_44c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C74933-8FD8-4B45-8DCA-8A970D930A1E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{177ec23e-9034-4a18-83e7-8c926acce858}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F58D4C4-0786-41C0-B887-773F9965BB19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5263447D-3A1C-4161-BBEE-1FC6D804AA85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62950522-9F6E-4B88-97B8-F88261E922EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{756D767F-6B99-4D31-8658-E37913CC1664}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A531FBF-A639-4A57-AB06-78683AB1F78B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{870202f9-24e1-47db-ae77-d88cdb1b8367}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BDE876E-B57C-4178-A713-4806150A413A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC1DCB97-9850-49DC-ADC6-AAAA1311DC44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af385520-25a5-4155-9c8b-4df44305a608}]
2008-04-14 14:09 97344 --a------ C:\WINDOWS\system32\urdyrswh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF9164A5-51FD-472C-B169-2A0193F9D3A7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b33b2c92-ccda-47ad-84c3-f089d4071693}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9D8DB4A-B035-44F4-BA9D-2B015767379E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"88056540"="C:\WINDOWS\system32\tbkswriy.dll" [ ]
"BM8b3656dc"="C:\WINDOWS\system32\dcnroojr.dll" [2008-04-14 14:06 93248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhge]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-03-24 18:59 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 18:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-27 15:49 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca686ff2-063f-11dd-89f3-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6202aaa-f8cb-11dc-89c7-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-10 19:27:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 12:18:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"





-----------------------[ Lop S&D 4.1.1-0 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : parison michel ] [ "C:\Lop SD" ]
[ 2008-04-15 | 12:31:02.64 ] [ PC : MICHEL-BF846136 ]
[ MAJ : 14-04-2008 | 20:30 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Face Camp Shim\media tick.exe
Supprimé! - C:\WINDOWS\Tasks\AD0CA1AC919B5690.job
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\That Face Camp Shim
Supprimé! - C:\Program Files\Circle Developement

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans Application Data ]------------

[2008-03-23|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[2008-03-23|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[2008-03-23|15:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[2008-04-11|17:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[2008-04-15|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[2008-04-15|12:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[2008-04-11|14:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
[2008-04-09|16:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[2008-04-06|15:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[2008-04-06|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-04-13|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[2008-04-13|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[2008-03-23|15:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[2008-03-27|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[2008-03-23|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-04-11|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[2008-04-07|20:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-03-28|20:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[2008-03-23|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[2008-03-23|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[2008-03-23|12:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[2008-03-23|15:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[2008-03-23|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[2008-03-23|12:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[2008-03-23|12:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[2008-04-07|21:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[2008-03-23|12:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[2008-03-23|12:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[2008-03-23|12:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[2008-04-13|13:12] C:\DOCUME~1\PARISO~1\APPLIC~1\.
[2008-04-13|13:12] C:\DOCUME~1\PARISO~1\APPLIC~1\..
[2008-04-09|16:35] C:\DOCUME~1\PARISO~1\APPLIC~1\Adobe
[2008-04-06|15:44] C:\DOCUME~1\PARISO~1\APPLIC~1\Apple Computer
[2008-03-23|12:56] C:\DOCUME~1\PARISO~1\APPLIC~1\desktop.ini
[2008-04-08|12:36] C:\DOCUME~1\PARISO~1\APPLIC~1\dvdcss
[2008-03-24|19:00] C:\DOCUME~1\PARISO~1\APPLIC~1\FotoWire
[2008-04-02|15:39] C:\DOCUME~1\PARISO~1\APPLIC~1\Help
[2008-03-23|12:15] C:\DOCUME~1\PARISO~1\APPLIC~1\Identities
[2008-04-15|09:41] C:\DOCUME~1\PARISO~1\APPLIC~1\LimeWire
[2008-03-23|12:38] C:\DOCUME~1\PARISO~1\APPLIC~1\Macromedia
[2008-04-11|15:11] C:\DOCUME~1\PARISO~1\APPLIC~1\Meta 32 Bold
[2008-03-28|20:58] C:\DOCUME~1\PARISO~1\APPLIC~1\Microsoft
[2008-03-23|15:00] C:\DOCUME~1\PARISO~1\APPLIC~1\Mozilla
[2008-04-14|10:31] C:\DOCUME~1\PARISO~1\APPLIC~1\OpenOffice.org2
[2008-03-23|14:31] C:\DOCUME~1\PARISO~1\APPLIC~1\Sun
[2008-03-23|15:34] C:\DOCUME~1\PARISO~1\APPLIC~1\vlc

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[2008-04-10 21:27][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008-04-13 14:18][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[2008-04-13 15:08][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2004-08-05 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[2008-04-15|12:31] C:\Program Files\.
[2008-04-15|12:31] C:\Program Files\..
[2008-04-09|16:35] C:\Program Files\Adobe
[2008-03-23|12:43] C:\Program Files\Alwil Software
[2008-04-06|15:31] C:\Program Files\Apple Software Update
[2008-03-23|13:26] C:\Program Files\AxBx
[2008-04-09|18:26] C:\Program Files\bitdefender_free_v10.exe
[2008-04-05|15:57] C:\Program Files\Canon
[2008-03-23|12:07] C:\Program Files\ComPlus Applications
[2008-04-04|21:21] C:\Program Files\EA GAMES
[2008-04-15|12:19] C:\Program Files\Everest Poker
[2008-04-09|18:26] C:\Program Files\Fichiers communs
[2008-04-14|14:05] C:\Program Files\Hijackthis Version Fran‡aise
[2008-04-06|19:19] C:\Program Files\Incomplete
[2008-04-06|15:06] C:\Program Files\InstallShield Installation Information
[2008-03-23|20:02] C:\Program Files\Internet Explorer
[2008-04-06|15:33] C:\Program Files\iPod
[2008-04-06|15:33] C:\Program Files\iTunes
[2008-04-13|14:00] C:\Program Files\Java
[2008-04-13|13:39] C:\Program Files\jv16 PowerTools
[2008-04-06|19:19] C:\Program Files\LimeWire
[2008-03-24|19:00] C:\Program Files\Logitech
[2008-03-23|15:56] C:\Program Files\Messenger
[2008-03-23|13:03] C:\Program Files\Messenger Plus! Live
[2008-03-23|13:03] C:\Program Files\Meta 32 Bold
[2008-03-23|12:10] C:\Program Files\microsoft frontpage
[2008-04-06|16:56] C:\Program Files\Midway Games
[2008-03-23|20:02] C:\Program Files\Movie Maker
[2008-04-15|12:28] C:\Program Files\Mozilla Firefox 3 Beta 4
[2008-04-05|21:15] C:\Program Files\MSN
[2008-03-23|12:06] C:\Program Files\MSN Gaming Zone
[2008-03-23|12:07] C:\Program Files\NetMeeting
[2008-03-23|12:06] C:\Program Files\Online Services
[2008-04-13|14:05] C:\Program Files\OpenOffice.org 2.3
[2008-04-13|14:07] C:\Program Files\OpenOffice.org 2.4
[2008-03-23|20:02] C:\Program Files\Outlook Express
[2008-04-06|15:32] C:\Program Files\QuickTime
[2008-03-23|12:33] C:\Program Files\SAGEM
[2008-03-23|12:08] C:\Program Files\Services en ligne
[2008-04-11|17:49] C:\Program Files\Spybot - Search & Destroy
[2008-03-23|12:15] C:\Program Files\Uninstall Information
[2008-03-23|15:33] C:\Program Files\VideoLAN
[2008-04-15|10:50] C:\Program Files\Wanadoo
[2008-03-23|12:35] C:\Program Files\Wanadoo Messager
[2008-03-23|12:58] C:\Program Files\Windows Live
[2008-03-28|20:57] C:\Program Files\Windows Live Favorites
[2008-03-28|20:57] C:\Program Files\Windows Live Toolbar
[2008-04-07|21:30] C:\Program Files\Windows Media Connect 2
[2008-04-07|21:31] C:\Program Files\Windows Media Player
[2008-03-23|12:06] C:\Program Files\Windows NT
[2008-03-23|12:08] C:\Program Files\WindowsUpdate
[2008-03-23|12:10] C:\Program Files\xerox

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[2008-04-09|18:26] C:\Program Files\Fichiers communs\.
[2008-04-09|18:26] C:\Program Files\Fichiers communs\..
[2008-04-06|15:31] C:\Program Files\Fichiers communs\Apple
[2008-03-24|19:00] C:\Program Files\Fichiers communs\FotoWire
[2008-03-24|18:56] C:\Program Files\Fichiers communs\InstallShield
[2008-03-23|14:31] C:\Program Files\Fichiers communs\Java
[2008-03-24|18:59] C:\Program Files\Fichiers communs\Logitech
[2008-03-23|12:57] C:\Program Files\Fichiers communs\Microsoft Shared
[2008-03-23|12:07] C:\Program Files\Fichiers communs\MSSoap
[2008-03-23|03:55] C:\Program Files\Fichiers communs\ODBC
[2008-03-23|12:07] C:\Program Files\Fichiers communs\Services
[2008-04-13|13:12] C:\Program Files\Fichiers communs\Softwin
[2008-03-23|03:55] C:\Program Files\Fichiers communs\SpeechEngines
[2008-03-23|12:07] C:\Program Files\Fichiers communs\System
[2008-03-23|12:57] C:\Program Files\Fichiers communs\WindowsLiveInstaller

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

Aucun fichier / dossier Lop trouvé !

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 12:33:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\system32\uvxadfii.ini2
! VUNDO Possible !


/!\ [Fich:650][Doss:4] C:\DOCUME~1\PARISO~1\LOCALS~1\Temp
/!\ [Fich:32][Doss:0] C:\DOCUME~1\PARISO~1\Cookies
/!\ [Fich:332][Doss:4] C:\DOCUME~1\PARISO~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 12:34:08.51 ]----------------------



Logfile of HijackThis v1.99.1
Scan saved at 13:13, on 2008-04-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00C74933-8FD8-4B45-8DCA-8A970D930A1E} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {177ec23e-9034-4a18-83e7-8c926acce858} - (no file)
O2 - BHO: (no name) - {4F58D4C4-0786-41C0-B887-773F9965BB19} - (no file)
O2 - BHO: (no name) - {5263447D-3A1C-4161-BBEE-1FC6D804AA85} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62950522-9F6E-4B88-97B8-F88261E922EC} - (no file)
O2 - BHO: (no name) - {756D767F-6B99-4D31-8658-E37913CC1664} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A531FBF-A639-4A57-AB06-78683AB1F78B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {870202f9-24e1-47db-ae77-d88cdb1b8367} - (no file)
O2 - BHO: (no name) - {8BDE876E-B57C-4178-A713-4806150A413A} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AC1DCB97-9850-49DC-ADC6-AAAA1311DC44} - (no file)
O2 - BHO: {806a5034-4fd4-b8c9-5514-5a52025583fa} - {af385520-25a5-4155-9c8b-4df44305a608} - C:\WINDOWS\system32\urdyrswh.dll
O2 - BHO: (no name) - {AF9164A5-51FD-472C-B169-2A0193F9D3A7} - (no file)
O2 - BHO: (no name) - {b33b2c92-ccda-47ad-84c3-f089d4071693} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F9D8DB4A-B035-44F4-BA9D-2B015767379E} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [88056540] rundll32.exe "C:\WINDOWS\system32\tbkswriy.dll",b
O4 - HKLM\..\Run: [BM8b3656dc] Rundll32.exe "C:\WINDOWS\system32\dcnroojr.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6e6290571ac34cd6984344b018bac2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6e6290571ac34cd6984344b018bac2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnkkhge - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe




voila di moi ce que tu en penses ... mon pc va mieu ?? merci d'avance :)

Il en reste encore mais c'est déja mieux on devrais finir par y arriver.
je détaille ce soir.

Bon on avance mais ce n'est pas encore totalement OK.

Il se peut que Spybot S&D nous géne, peux tu carrément le désinstaller (par ajout supression de programmes)
cela sera plus sur, on le remettra a la fin du nettoyage.

Ensuite tu refait la procédure pour Combofix avec le fichier CFScript qui est dans CE message.

Quand ce sera fait lance HJThis sur "faire un scan" puis coche et corrige les lignes suivantes si elles sont encore présentes.
O2 - BHO: (no name) - {00C74933-8FD8-4B45-8DCA-8A970D930A1E} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {177ec23e-9034-4a18-83e7-8c926acce858} - (no file)
O2 - BHO: (no name) - {4F58D4C4-0786-41C0-B887-773F9965BB19} - (no file)
O2 - BHO: (no name) - {5263447D-3A1C-4161-BBEE-1FC6D804AA85} - (no file)
O2 - BHO: (no name) - {62950522-9F6E-4B88-97B8-F88261E922EC} - (no file)
O2 - BHO: (no name) - {756D767F-6B99-4D31-8658-E37913CC1664} - (no file)
O2 - BHO: (no name) - {7A531FBF-A639-4A57-AB06-78683AB1F78B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {870202f9-24e1-47db-ae77-d88cdb1b8367} - (no file)
O2 - BHO: (no name) - {8BDE876E-B57C-4178-A713-4806150A413A} - (no file)
O2 - BHO: (no name) - {AC1DCB97-9850-49DC-ADC6-AAAA1311DC44} - (no file)
O2 - BHO: {806a5034-4fd4-b8c9-5514-5a52025583fa} - {af385520-25a5-4155-9c8b-4df44305a608} - C:\WINDOWS\system32\urdyrswh.dll
O2 - BHO: (no name) - {AF9164A5-51FD-472C-B169-2A0193F9D3A7} - (no file)
O2 - BHO: (no name) - {b33b2c92-ccda-47ad-84c3-f089d4071693} - (no file)
O2 - BHO: (no name) - {F9D8DB4A-B035-44F4-BA9D-2B015767379E} - (no file)
O4 - HKLM\..\Run: [88056540] rundll32.exe "C:\WINDOWS\system32\tbkswriy.dll",b
O4 - HKLM\..\Run: [BM8b3656dc] Rundll32.exe "C:\WINDOWS\system32\dcnroojr.dll",s
O20 - Winlogon Notify: opnkkhge - C:\WINDOWS\

Redémarre la machine et refait un dernier scan HJTis poste nous le rapport de celui plus le Rapport précédent de Combofix.

Et croisons les doigts.

Bonsoir à vous deux

maxsagaz : je te prie d'attendre le retour d'AgnesD avant d'exécuter le CFScript joint à son post. Nous discutons de cette infection et là je viens de repérer un truc à modifier, qui ne fera qu'améliorer la procédure.

Merci... et bon succès pour la suite

@+

Merci à toi pour ton aide toujours précieuse... et pour ton oeil infaillible aussi.


Bon Maxsagaz on reprend avec les modifs suggérées par QC001

Il se peut que Spybot S&D nous géne, peux tu carrément le désinstaller (par ajout supression de programmes)
cela sera plus sur, on le remettra a la fin du nettoyage.

Ensuite tu refait la procédure pour Combofix avec le fichier CFScript qui est dans CE message.

Quand ce sera fait lance HJThis sur "faire un scan" puis coche et corrige les lignes suivantes si elles sont encore présentes.
O2 - BHO: (no name) - {00C74933-8FD8-4B45-8DCA-8A970D930A1E} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {177ec23e-9034-4a18-83e7-8c926acce858} - (no file)
O2 - BHO: (no name) - {4F58D4C4-0786-41C0-B887-773F9965BB19} - (no file)
O2 - BHO: (no name) - {5263447D-3A1C-4161-BBEE-1FC6D804AA85} - (no file)
O2 - BHO: (no name) - {62950522-9F6E-4B88-97B8-F88261E922EC} - (no file)
O2 - BHO: (no name) - {756D767F-6B99-4D31-8658-E37913CC1664} - (no file)
O2 - BHO: (no name) - {7A531FBF-A639-4A57-AB06-78683AB1F78B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {870202f9-24e1-47db-ae77-d88cdb1b8367} - (no file)
O2 - BHO: (no name) - {8BDE876E-B57C-4178-A713-4806150A413A} - (no file)
O2 - BHO: (no name) - {AC1DCB97-9850-49DC-ADC6-AAAA1311DC44} - (no file)
O2 - BHO: {806a5034-4fd4-b8c9-5514-5a52025583fa} - {af385520-25a5-4155-9c8b-4df44305a608} - C:\WINDOWS\system32\urdyrswh.dll
O2 - BHO: (no name) - {AF9164A5-51FD-472C-B169-2A0193F9D3A7} - (no file)
O2 - BHO: (no name) - {b33b2c92-ccda-47ad-84c3-f089d4071693} - (no file)
O2 - BHO: (no name) - {F9D8DB4A-B035-44F4-BA9D-2B015767379E} - (no file)
O4 - HKLM\..\Run: [88056540] rundll32.exe "C:\WINDOWS\system32\tbkswriy.dll",b
O4 - HKLM\..\Run: [BM8b3656dc] Rundll32.exe "C:\WINDOWS\system32\dcnroojr.dll",s
O20 - Winlogon Notify: opnkkhge - C:\WINDOWS\

Redémarre la machine et refait un dernier scan HJTis poste nous le rapport de celui plus le Rapport précédent de Combofix.

voila j'ai suivi tes instructions .. je te met les 2 rapport que tu m'as demandés ...



ComboFix 08-04-12.7 - parison michel 2008-04-15 22:19:46.8 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.263 [GMT 2:00]
Endroit: C:\Documents and Settings\parison michel\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\parison michel\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\system32\cdowuhuf.dll
C:\WINDOWS\system32\dcnroojr.dll
C:\WINDOWS\system32\urdyrswh.dll
C:\WINDOWS\system32\welistih.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cdowuhuf.dll
C:\WINDOWS\system32\dcnroojr.dll
C:\WINDOWS\system32\urdyrswh.dll
C:\WINDOWS\system32\welistih.dll
.
---- Previous Run -------
.
C:\Documents and Settings\parison michel\services.exe
C:\Temp
C:\Temp\wdlw14\maxN1bo.log
C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bharebio18
C:\WINDOWS\system32\bppgskku.dll
C:\WINDOWS\system32\cfxrkrhm.dll
C:\WINDOWS\system32\cjoowfpf.dll
C:\WINDOWS\system32\fuhuwodc.ini
C:\WINDOWS\system32\HBL
C:\WINDOWS\system32\iifdaxvu.dll
C:\WINDOWS\system32\kjlkkjjl.ini
C:\WINDOWS\system32\kjlkkjjl.ini2
C:\WINDOWS\system32\ljjkkljk.dll
C:\WINDOWS\system32\lktwnkju.dll
C:\WINDOWS\system32\lyxhxkho.dll
C:\WINDOWS\system32\lyyilfwx.dll
C:\WINDOWS\system32\MId2
C:\WINDOWS\system32\ncusfhcg.dll
C:\WINDOWS\system32\opnkkhge.dll
C:\WINDOWS\system32\qxwifysj.dll
C:\WINDOWS\system32\qylypafh.ini
C:\WINDOWS\system32\smltpxsc.dll
C:\WINDOWS\system32\spol3
C:\WINDOWS\system32\sypnrugk.dll
C:\WINDOWS\system32\targetedbanner-uninst.exe
C:\WINDOWS\system32\tuwnrrff.dll
C:\WINDOWS\system32\uvxadfii.ini
C:\WINDOWS\system32\uvxadfii.ini2
C:\WINDOWS\system32\vjajimcv.dll
C:\WINDOWS\system32\vjqotosk.dll
C:\WINDOWS\system32\vtpqnmgh.dll
C:\WINDOWS\system32\wkoldjtd.ini
C:\WINDOWS\system32\ycucenvs.dll
C:\WINDOWS\system32\yirwskbt.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))))))))
.

2008-04-15 20:12 . 2008-04-15 20:12 <REP> d-------- C:\Program Files\MSN ExtenSion DebloKer
2008-04-15 20:11 . 2008-04-15 20:12 <REP> d-------- C:\Program Files\Emoticon +++
2008-04-14 22:27 . 2008-04-15 12:34 <REP> d-------- C:\Lop SD
2008-04-14 19:05 . 2008-04-14 19:05 <REP> d-------- C:\VundoFix Backups
2008-04-13 14:06 . 2008-04-13 14:07 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-13 13:38 . 2008-04-13 13:39 <REP> d-------- C:\Program Files\jv16 PowerTools
2008-04-13 11:50 . 2008-04-15 13:12 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-04-12 15:40 . 2008-04-15 20:45 <REP> d-------- C:\Program Files\Everest Poker
2008-04-11 18:20 . 2008-04-11 18:25 942 --a------ C:\WINDOWS\wininit.ini
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 17:04 . 2008-03-23 12:06 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 17:04 . 2008-03-23 12:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 16:06 . 2008-04-15 19:21 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 16:06 . 2008-04-15 19:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 14:49 . 2008-04-11 14:49 <REP> d-------- C:\WINDOWS\system32\Lang
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-11 14:08 . 2008-04-13 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-09 18:34 . 2008-04-13 13:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-09 18:29 . 2008-04-13 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-09 18:26 . 2008-04-13 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-04-09 18:26 . 2008-04-09 18:26 27,683,672 --a------ C:\Program Files\bitdefender_free_v10.exe
2008-04-07 21:30 . 2008-04-07 21:30 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 20:29 . 2008-04-07 20:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 20:29 . 2008-04-07 20:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-06 19:19 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\Incomplete
2008-04-06 19:18 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\LimeWire
2008-04-06 16:56 . 2008-04-06 16:56 <REP> d-------- C:\Program Files\Midway Games
2008-04-06 15:52 . 2008-04-14 10:31 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\OpenOffice.org2
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iTunes
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iPod
2008-04-06 15:33 . 2008-04-06 15:44 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:32 <REP> d-------- C:\Program Files\QuickTime
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-06 15:31 . 2008-04-06 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 15:31 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-04-05 15:57 . 2004-01-14 03:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-04-05 15:56 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-05 15:56 . 2008-04-05 15:56 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-04-05 15:54 . 2004-06-15 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2008-04-05 15:54 . 2004-06-04 17:34 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2008-04-05 15:54 . 2004-06-15 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\StartHtmico
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\IP4000,3000
2008-04-05 15:52 . 2008-04-05 15:57 <REP> d-------- C:\Program Files\Canon
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-04 21:21 . 2008-04-04 21:21 <REP> d-------- C:\Program Files\EA GAMES
2008-04-04 21:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-31 14:55 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 14:55 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 11:22 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-29 11:22 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-29 11:22 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-28 20:56 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-28 19:37 . 2008-03-28 19:37 34 --a------ C:\WINDOWS\Kit.ini
2008-03-27 18:40 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 18:40 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-27 18:40 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-24 19:06 . 2005-05-27 11:23 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-03-24 19:06 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-24 19:06 . 2004-08-04 00:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-03-24 19:06 . 2004-08-04 00:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-24 19:06 . 2004-08-04 01:55 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-24 19:06 . 2004-08-04 00:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-24 19:06 . 2004-08-03 23:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\FotoWire
2008-03-24 19:00 . 2005-07-19 18:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-03-24 18:59 . 2008-03-24 18:59 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-03-24 18:58 . 2008-03-24 18:58 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-03-24 18:57 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Logitech
2008-03-23 20:05 . 2004-08-04 01:55 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-23 20:05 . 2001-08-17 21:19 72,832 --a------ C:\WINDOWS\system32\drivers\cwbwdm.sys
2008-03-23 20:05 . 2004-08-04 00:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-03-23 20:05 . 2001-07-22 03:49 8,225 --a------ C:\WINDOWS\system32\drivers\cwbaudio.bin
2008-03-23 20:05 . 2004-08-03 23:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-03-23 20:05 . 2004-08-04 00:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-23 20:05 . 2004-08-03 23:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-03-23 20:05 . 2004-08-03 23:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-03-23 20:05 . 2004-08-04 01:54 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-23 20:05 . 2001-08-17 21:19 3,072 --a------ C:\WINDOWS\system32\drivers\cwbase.sys
2008-03-23 17:14 . 2008-03-23 17:16 5,423 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-23 16:58 . 2004-08-04 00:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-03-23 16:00 . 2004-08-05 14:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\sm93w.dll
2008-03-23 16:00 . 2004-08-05 14:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\smierrsy.dll
2008-03-23 15:57 . 2008-03-23 15:57 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-23 15:57 . 2008-03-23 15:57 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 11:12 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-15 08:50 --------- d-----w C:\Program Files\Wanadoo
2008-04-06 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-24 16:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-23 10:58 --------- d-----w C:\Program Files\Windows Live
2008-03-23 10:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 10:43 --------- d-----w C:\Program Files\Alwil Software
2008-03-23 10:35 --------- d-----w C:\Program Files\Wanadoo Messager
2008-03-23 10:33 --------- d-----w C:\Program Files\SAGEM
2008-03-23 10:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-23 10:08 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2gdr\wininet.dll
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2qfe\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2gdr\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2qfe\wininet.dll
2004-08-05 14:00 694784 f6ad4c0f992b3b51c044ad74d9e2e854 C:\WINDOWS\system32\wininet.dll

2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-13_15.23.00.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 13:18:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 20:22:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-15 20:22:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_43c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-03-24 18:59 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 18:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-27 15:49 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca686ff2-063f-11dd-89f3-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6202aaa-f8cb-11dc-89c7-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-10 19:27:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 12:18:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"




Logfile of HijackThis v1.99.1
Scan saved at 22:26, on 2008-04-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6e6290571ac34cd6984344b018bac2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6e6290571ac34cd6984344b018bac2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe




voila merci de ton aide

On dirait bien que c'est clean...

Si tu n'as rien a nous signaler de particulier on va passer a la phase finale.

Remise en ordre.
Désintallation propre de ComboFix et désactivation/réactivation de la Restauration Système avec création d'un nouveau point de restauration.

=> Clique sur le bouton Démarrer, puis sur Exécuter
=> Tape : Combofix /u dans la boîte puis clique OK
**Note bien l'espace juste après Combofix**

=> C'est fini.

Je te conseille fortement d'envisager de remplacer Avast par Antivir qui est de bien meilleure qualité,.
Un vrai pare feu peut être aussi utile ( Comodo Kerio...) à toi de voir celui qui te conviens le mieux mais comme pour les antivirus un seul suffit.

Pour le reste tu peux remettre Spybot, désinstaller Vundofix ainsi que Lop S&D en passant par le menu de desinstallation, et si ce n'est pas disponible en supprimant les dossiers a la racine de C:\
Ce tuto devrait t'aider.
http://forumxp.net.free.fr/phpBB2/voir_ ... .php?id=35

Je t'encourage a lire sur le forum où ailleurs, car c'est ainsi que tu connaitra mieux les moyens d'infection et donc comment parer aux ennuis...
Tu as du remarquer qu'il était plus rapide d'infecter un PC que de le nettoyer...

A bientôt j'espére, mais avec un PC clean.
On est a ta disposition si tu as d'autres questions.


Un gros merci a QC001 qui a passé pas mal de temps a m'aider même si cela ne c'est pas vu sur le forum.

merci beaucoup pour toute ton aide mon pc rame bcp moins !!!
peut tu juste me donner un lien pour telecharge antivirir ?
merci d'avance et a bientot !