S'il vous plait, je n'ai pas le temps...
personne pour m'aider?? svp

Je fait une analyse complete malwarebytes
Qqn peut m'aider, svp svp

Oui moi

poste moi le rapport maleware byte + un nouveau rapport hijackthi stp

Ok merci cedric241 !

De nada

J'ai un pb, malaware a bugé juste à la fin donc j'ai pas de log?
t'a pas une solution rapide pour virer tout ces spywares?
MERCI

Non faut passer maleware byte

fais l examen rapide

C'est ce que je viens de faire mais c'est bizarre quand il termine je vais dans l'onglet resultats/log et ya rien
après je retourne dans recherche et rien non plus, mm pas de log dans C:/
je sais pas quoi faire..

Ok refais un rapport hijackthis stp

Non c'est bon j'ai réussi avc malwarebyte voici le log : ( je supprime la quarantaine?)

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 667

Type de recherche: Examen rapide
Eléments examinés: 38309
Temps écoulé: 9 minute(s), 26 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 51
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
C:\WINDOWS\system32\jnwnw64p.exe (Adware.ZeroSearch) -> Unloaded process successfully.
C:\WINDOWS\system32\ocntokdn.exe (Adware.ZeroSearch) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Unloaded module successfully.
C:\WINDOWS\system32\byxwwvwu.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\qcjhqjgr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\jkkiiffd.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94de2967-3150-42d7-8f23-3ebd53dd3365} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94de2967-3150-42d7-8f23-3ebd53dd3365} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{05bec6ae-09bc-47c4-e3b2-777520557c1b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05bec6ae-09bc-47c4-e3b2-777520557c1b} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{faba076a-478a-4c32-a0a5-c774607901c2} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysidesearchsearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{389626b7-efd5-4894-8142-2746e4bc4988} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389626b7-efd5-4894-8142-2746e4bc4988} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkiiffd (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3540950f-f0fc-41d9-876d-11a84133d940} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SfKg6wIP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E5-55-54-4A-DW} (Adware.ZeroSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\g]eeV\mWhjlnspB (Adware.ZeroSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spa_start (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe7fd6679 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{389626b7-efd5-4894-8142-2746e4bc4988} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxwwvwu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxwwvwu -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Inet_Get_2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\system32\myss_sb.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\byxwwvwu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\uwvwwxyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwvwwxyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kswoawjp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjwaowsk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qcjhqjgr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rgjqhjcq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlhxnnnj.dll_old (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnnnxhlt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\Microsoft\Windows\vuqrdvx.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnwnw64p.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ocntokdn.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\agtlqcxv.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvtTmL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jmijpbwj.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnlihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pdedknot.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rwwnw64d.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yusqsban.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe_old (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMPmbroit.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Temp\tmp16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Temp\uninstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\21OT8X4H\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Temporary Internet Files\Content.IE5\4HUNCXYZ\glas[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Local Settings\Tempmbroit.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\nvcoi\mst.stt (Trojan.Stars) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio18\bharebio182328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner\SpeedRunner.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\ATTALI\Application Data\speedrunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wprmwfos.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkiiffd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yayxwvvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Bon je supprime la quarantaine et je te met le log de hijack

Pour finir la désinfection redémarre le pc

ensuite supprime ce qui a en quarantaine

puis poste moi un rapport hijackthis

Voila hijack après malware :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:50, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 213.251.184.209 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {613E1039-2493-4493-84E3-2E8E21F6FA5E} - C:\WINDOWS\system32\byxwwvwu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {e8a0943a-1138-459a-5ec4-dc6626ad6839} - {9386da62-66cd-4ce5-a954-8311a3490a8e} - C:\WINDOWS\system32\dsvuqnap.dll
O2 - BHO: (no name) - {A22A1728-893A-4414-9EAF-26A5B09A7186} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [e4ce55e5] rundll32.exe "C:\WINDOWS\system32\kgibutdg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Zpe] "C:\Program Files\Common Files\??sks\n?tdde.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\F\Office\OSA9.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
End of file - 8224 bytes

L'ordi est tjs infecté j'ai fait un test de pop up c'est négatif..

Ouais l ordi est encore infecté

fais ça :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Voila:

ComboFix 08-04-20.5 - ATTALI 2008-04-22 0:26:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.104 [GMT 2:00]
Endroit: C:\Documents and Settings\ATTALI\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\sstem~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\auyhtmxm.dll
C:\WINDOWS\system32\bvslveus.dll
C:\WINDOWS\system32\dsvuqnap.dll
C:\WINDOWS\system32\elstcpfp.ini
C:\WINDOWS\system32\gdtubigk.ini
C:\WINDOWS\system32\isvxdciw.ini
C:\WINDOWS\system32\kgibutdg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\npwslvoo.dll
C:\WINDOWS\system32\plcgtlik.dll
C:\WINDOWS\system32\qcjhqjgr.dll
C:\WINDOWS\system32\tnofnbjo.dll
C:\WINDOWS\system32\uwvwwxyb.ini
C:\WINDOWS\system32\uwvwwxyb.ini2
C:\WINDOWS\system32\vlhorfai.dll
C:\WINDOWS\system32\vxmrqyvh.dll
C:\WINDOWS\system32\vyevjewv.ini
C:\WINDOWS\system32\wprmwfos.dll
C:\WINDOWS\system32\wsxvmwkl.ini
C:\WINDOWS\system32\xcxkjvgl.ini
C:\WINDOWS\system32\yaobrvum.dll
C:\WINDOWS\system32\yhukchjh.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 22:43 . 2008-04-21 22:43 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\Malwarebytes
2008-04-21 22:40 . 2008-04-21 22:43 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 22:40 . 2008-04-21 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 16:58 . 2008-04-21 16:58 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 16:50 . 2008-04-21 16:59 9,089,599 --a------ C:\WINDOWS\system32\SBSP.dat
2008-04-21 16:50 . 2008-04-21 16:59 1,100 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-21 16:50 . 2008-04-21 16:51 104 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-20 14:00 . 2008-04-20 15:02 1,434 ---hs---- C:\WINDOWS\system32\shrfnojw.ini
2008-04-19 12:41 . 2008-04-20 13:55 1,314 ---hs---- C:\WINDOWS\system32\xoilpjyu.ini
2008-04-18 14:51 . 2008-04-18 14:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 14:51 . 2008-04-18 14:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-18 12:25 . 2008-04-19 12:41 594 ---hs---- C:\WINDOWS\system32\qcuflscp.ini
2008-04-17 18:30 . 2008-04-17 18:30 298,313 --a------ C:\WINDOWS\system32\gside.exe
2008-04-17 17:59 . 2008-04-17 17:59 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\Sunbelt Software
2008-04-17 17:59 . 2008-04-17 17:59 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-04-17 17:58 . 2008-04-17 17:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2008-04-17 12:24 . 2008-04-18 12:24 1,254 ---hs---- C:\WINDOWS\system32\xwhdibyx.ini
2008-04-17 09:32 . 2008-04-21 23:58 328,704 --------- C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll
2008-04-16 12:56 . 2008-04-17 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 12:05 . 2008-04-16 12:05 105,536 --------- C:\WINDOWS\system32\jacncuch.dll_old
2008-04-16 12:04 . 2008-04-16 12:04 100,928 --------- C:\WINDOWS\system32\jduwdsub.dll_old
2008-04-16 10:53 . 2008-04-16 10:53 105,536 --------- C:\WINDOWS\system32\wtvievaf.dll_old
2008-04-16 10:47 . 2008-04-16 10:47 100,928 --------- C:\WINDOWS\system32\gbukjhxl.dll_old
2008-04-15 11:29 . 2008-04-15 11:29 105,536 --------- C:\WINDOWS\system32\ffqhhsfn.dll_old
2008-04-14 23:44 . 2008-04-16 13:02 <REP> d-------- C:\Program Files\SpywareBlaster
2008-04-14 23:03 . 2008-04-14 23:03 101,952 --------- C:\WINDOWS\system32\usbhswti.dll_old
2008-04-14 19:58 . 2008-04-14 19:58 106,560 --------- C:\WINDOWS\system32\iuqgixjq.dll_old
2008-04-14 19:52 . 2008-04-14 19:52 101,952 --------- C:\WINDOWS\system32\lvjguwfa.dll_old
2008-04-14 18:09 . 2008-04-16 12:56 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-04-14 10:51 . 2008-04-14 10:51 106,560 --------- C:\WINDOWS\system32\jlauvvtw.dll_old
2008-04-14 10:47 . 2008-04-21 22:51 109,785 --a------ C:\WINDOWS\BMe7fd6679.xml
2008-04-14 10:46 . 2008-04-14 10:46 101,952 --------- C:\WINDOWS\system32\irskxpmn.dll_old
2008-04-14 00:27 . 2008-04-14 00:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-04-13 21:30 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-13 21:30 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-13 21:30 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-13 21:30 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-04-13 17:43 . 2008-04-21 23:58 372,224 --------- C:\WINDOWS\system32\byxwwvwu.dll
2008-04-13 17:41 . 2008-04-13 17:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-04-13 17:39 . 2008-04-21 14:26 936 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-13 17:38 . 2008-04-13 17:38 <REP> d-------- C:\WINDOWS\system32\MId2
2008-04-13 17:38 . 2008-04-17 20:48 <REP> d-------- C:\WINDOWS\system32\dtmp
2008-04-13 17:38 . 2008-04-13 17:38 <REP> d-------- C:\WINDOWS\system32\BL
2008-04-13 17:38 . 2008-04-13 17:38 <REP> d-------- C:\Temp\wdlw14
2008-04-13 17:38 . 2008-04-22 00:26 <REP> d-------- C:\Temp
2008-04-13 17:38 . 2008-04-13 17:38 400,571 --a------ C:\WINDOWS\system32\g4.exe
2008-04-13 17:38 . 2008-04-21 14:28 63,890 --a------ C:\WINDOWS\system32\{848f2cad-99e4-cb47-4732-8dcf7f95f535}.dll-uninst.exe
2008-04-13 17:37 . 2008-04-21 23:58 31,232 --------- C:\WINDOWS\system32\jkkiiffd.dll
2008-04-13 17:30 . 2008-04-13 17:30 <REP> d-------- C:\Program Files\VSO
2008-04-13 17:30 . 2008-04-14 11:07 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\Vso
2008-04-13 17:30 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-04-13 17:30 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-04-13 17:30 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll
2008-04-13 17:30 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-04-13 17:30 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-04-13 17:30 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-04-13 17:30 . 2008-04-13 17:30 87,608 --a------ C:\Documents and Settings\ATTALI\Application Data\inst.exe
2008-04-13 17:30 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-04-13 17:30 . 2008-04-13 17:30 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-13 17:30 . 2008-04-13 17:30 47,360 --a------ C:\Documents and Settings\ATTALI\Application Data\pcouffin.sys
2008-04-13 17:25 . 2008-04-17 12:19 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 17:25 . 2008-04-13 17:37 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-13 17:17 . 2008-04-13 17:17 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-13 17:00 . 2008-04-16 12:07 <REP> d-------- C:\Documents and Settings\ATTALI\Application Data\LimeWire
2008-04-11 17:46 . 2008-04-21 23:58 334,848 --------- C:\WINDOWS\system32\myss_sb.dll
2008-03-24 12:09 . 2008-03-24 12:09 <REP> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 10:22 --------- d-----w C:\Program Files\Common Files
2008-04-13 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-09 18:17 --------- d-----w C:\Program Files\Java
2006-09-15 08:37 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1992-03-10 00:10 94,720 ----a-w C:\Program Files\CARDFILE.EXE
1992-03-10 00:10 60,128 ----a-w C:\Program Files\CALENDAR.EXE
2006-09-14 20:57 56 --sh--r C:\WINDOWS\system32\21EB4DD478.sys
2006-09-14 20:57 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{613E1039-2493-4493-84E3-2E8E21F6FA5E}]
2008-04-21 23:58 372224 --------- C:\WINDOWS\system32\byxwwvwu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Orange Desktop Search"="C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2006-11-02 16:08 4937512]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 13:23 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Zpe"="C:\Program Files\Common Files\??sks\n?tdde.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 05:10 450560]
"VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 22:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 08:54 589824]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"ORAHSSStartup"="C:\Program Files\OrangeHSS\Launcher\Launcher.exe" [2007-01-04 11:40 462848]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2007-01-04 11:45 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"g]eeV\mWhjlnspB"="C:\WINDOWS\system32\ocntokdn.exe" [ ]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [ ]
"SBRegRebootCleaner"="C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinSpooler.exe
"WinUpdating"= WinUpdating.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ClearDocsOnExit"= 64 (0x40)
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"C:\\Documents and Settings\\ATTALI\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c6dc0ae-306d-11dc-bfff-001617209024}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7b947ee-0ba3-11dd-80fa-001617209024}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7b947ef-0ba3-11dd-80fa-001617209024}]
\Shell\Auto\command - H:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-18 11:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 00:30:10
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"g]eeV\\mWhjlnspB"="C:\\WINDOWS\\system32\\ocntokdn.exe DWram"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\OrangeHSS\Deskboard\Deskboard.exe
C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\CoreCom.exe
C:\Program Files\OrangeHSS\Connectivity\corecom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0/u\FTCOMModule.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 0:35:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 22:34:54

Pre-Run: 27,993,948,160 octets libres
Post-Run: 28,010,938,368 octets libres

236

Ok un rapport hijackthis stp

Tien :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:47, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {613E1039-2493-4493-84E3-2E8E21F6FA5E} - C:\WINDOWS\system32\byxwwvwu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Zpe] "C:\Program Files\Common Files\??sks\n?tdde.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\F\Office\OSA9.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Unknown owner - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe (file missing)
End of file - 8155 bytes

Supprime ces lignes

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {613E1039-2493-4493-84E3-2E8E21F6FA5E} - C:\WINDOWS\system32\byxwwvwu.dll

O4 - HKLM\..\Run: [g]eeV\mWhjlnspB] C:\WINDOWS\system32\ocntokdn.exe DWram

O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntokdn.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jnwnw64p.exe

pour les supprimer tu les coches ensuite tu clic sur fix checked

apres fais ça :

Démarrer > executer > ' services.msc ' ,

- Clic droit sur le service cité - Sunbelt CounterSpy Antispyware
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : http://www.zebulon.fr/dossiers/31-services.html

2) Supprime le dossier :

Va dans "C:\program files\" trouve & supprime le dossier "Sunbelt Software"

pui refais un scan hijackthis et poste le nouveau rapport