Bonjour,

Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider :

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Clique sur Ok.
Redémarre et essaie de relance SDFix.

ensuite

Télécharge Toolbar-S&D (Eric_71, Angeldark, Sham_Rock et XmichouX) sur ton Bureau.
http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Tutorial Toolbar S&D
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis valide avec la touche "Entrée".
* Choisis l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt) Pourquoi et comment je me fais infecter?

Très bien merci je fais ça toute suite et je reviens

@ bientôt

Re,
je dois partir,mais je me jette sur les rapports en rentrant fin d'aprèm...
donc sois patiente
a tout
@+ Pourquoi et comment je me fais infecter?

Ok je reviendrais plus tard,

J'oubliais qu'il y a toujours au redemarage 3 fenêtres d'erreurs disant :
erreur de chargement de wekateme.dll
,, ,, de tinuhagu.dll
,, ,, de senifetu.dll

Voici le rapport de SDFix :


[b]SDFix: Version 1.240 /b
Run by Marco on 2008-12-10 at 08:26

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\Marco\Local Settings\Temp\696.tmp.exe - Deleted
C:\WINDOWS\system32\~.exe - Deleted





Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

creating catchme.sys error: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
driver loading error catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 08:35:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [1624]

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:65,52,03,ee,a9,c3,17,e9,bd,e6,50,fb,eb,69,8c,05,89,e7,a9,24,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,dd,95,a0,b4,ba,11,50,e4,e5,3a,13,e5,cb,a4,7a,f4,23,..
"khjeh"=hex:d6,b9,64,eb,9e,ea,84,57,24,0c,a9,d1,55,66,d1,d4,33,47,35,be,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:be,64,c4,03,10,3f,55,7e,4d,f8,25,58,cf,1f,30,8f,2e,e3,3b,66,a6,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1016aac2.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\11ffbd10.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\18c5dc15.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\19a6ac6.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1a304ca8.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1aa349d0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1b214c0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\1b66079a.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\242d4812.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2448ca14.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\25b8e8bf.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2697ef34.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\28cc0ce3.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2a6e8026.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2acfc0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2bcb92dc.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2cf2d10.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\2df831d0.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\2e661887.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\560d495.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\6f9069f.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\7c96b44.dll"
Tue 25 Mar 2008 56 ..SHR --- "C:\WINDOWS\system32\8536CB2307.sys"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\c408792.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\c94d7a2.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\e00afe7.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\e5a97a.dll"
Thu 19 Aug 2004 1,689,088 ...H. --- "C:\WINDOWS\system32\ed4aa32.dll"
Thu 19 Aug 2004 82,944 ...H. --- "C:\WINDOWS\system32\efe9e40.dll"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\fatuzabe.dll.tmp"
Tue 25 Mar 2008 3,766 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\mowilufe.dll.tmp"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\nozubube.dll.tmp"
Thu 4 Sep 2008 64,000 A.SH. --- "C:\WINDOWS\system32\sadovujo.dll.tmp"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\tupurevo.dll.tmp"
Sun 7 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\wosesara.dll.tmp"
Sat 10 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 14 Aug 2002 47,826 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 14 Aug 2002 49,750 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

[b]Finished!/b

et celui Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40:34, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers

communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost

2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini:

UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32

\%%%.exe
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad}

- C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion

Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in -

{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program

Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program

Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe

"C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe

"C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe

"c:\windows\system32\senifetu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe

"C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe

"C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search -

res://C:\Program Files\Windows Live

Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel

- res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://speed.travian.fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System

Requirements Lab) -

http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysr

eqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows

Live Photo Upload Control) -

http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPU

pld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c

ab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave

Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/sw

flash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2}

(FlashXControl Object) -

https://signin3.valueactive.com/Register/Branding/olr3313/OCX

/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll

C:\WINDOWS\system32\huwokuse.dll

c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation -

C:\Program Files\Symantec\Norton Ghost

2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. -

C:\Program Files\Fichiers

communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program

Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC

Tools Research Pty Ltd - C:\Program Files\PC Tools

AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone

Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 6267 bytes


Merci beaucoup de ton aide

@ plus tard

Re,
déso d'être si tard...

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau: http://sosvirus.changelog.fr/MSNFix.zip le tuto pour t'aider
http://www.malekal.com/tutorial_MSNFix.php de malekal_morte
ou
http://sosvirus.changelog.fr/

Décompresse-le (clique droit >> Extraire ici) et double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt --
Pourquoi et comment je me fais infecter?

Très bien je m'y met toutes suite

@ tout à l'heure !

Au fait,

tu ne m'as pas mis le rapport toolbar S&D Pourquoi et comment je me fais infecter?

OUPSS pas vu cette étape désoler voici le rapport de ToolBar :


-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Version 1.00
USER : Marco ( Administrator )
BOOT : Normal boot
Antivirus : PC Tools AntiVirus 4.0.0.26 4.0.0.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:48 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 2008-12-10|18:28 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Hotbar
C:\Program Files\Hotbar\bin
C:\Program Files\Hotbar\bin\10.2.217.0

-----------\\ Extensions

(Marco) - {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} => imacros


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.ca/"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Marco\Bureau\Nouveau dossier\windows xp\Windows XP Professional Keygen by CaFo.exe
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS1L.TIF
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS2L.TIF
C:\DOCUME~1\Marco\Favoris\torrent\BioShock CRACK WORK ONLY PLUS MINI IMAGE PLUS INFO torrent download.url
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen.rar
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\loulou\Crack
C:\DOCUME~1\Marco\Mes documents\loulou\Crack\Photoshop.exe



1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|18:30 - Option : [1]

-----------\\ Fin du rapport a 18:30:45,24

Ensuite celui di MSNFIX :

[C:\WINDOWS\system32\winchat.exe] 2A99260794224489F29B628717B7947E
[C:\WINDOWS\system32\WinFXDocObj.exe] A251B726EED494F2FD9E5C6B1205BDB0
[C:\WINDOWS\system32\winhlp32.exe] 577624F19D0441C9111F2AF26C81E04D
[C:\WINDOWS\system32\winlogon.exe] 123EEA158F74D0F67A51DCDF065D1091
[C:\WINDOWS\system32\winmine.exe] EA682C022F7204CC8E8C9EF5DCE29356
[C:\WINDOWS\system32\winmsd.exe] 7EBF8A4B608AFB79C67F4E4A9C5885BB
[C:\WINDOWS\system32\winspool.exe] 0B4B94B78123E8035B84105BC024F9F8
[C:\WINDOWS\system32\winver.exe] 9CD9DB5CCEE972A162C31239F16E0925


et l' Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:39, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3c58f64b-ffa8-47fd-9673-4df517638fad} - C:\WINDOWS\system32\fetilari.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKLM\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s
O4 - HKLM\..\Run: [346e5c34] rundll32.exe "C:\WINDOWS\system32\tinuhagu.dll",b
O4 - HKLM\..\Run: [CPM375d6fa8] Rundll32.exe "c:\windows\system32\senifetu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [jiyalonunu] Rundll32.exe "C:\WINDOWS\system32\wekateme.dll",s (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://speed.travian.fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: c:\windows\system32\pebudure.dll C:\WINDOWS\system32\huwokuse.dll c:\windows\system32\senifetu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 6318 bytes


petite note : Toujours les 3 modules, que recherche après le redémarage à l'apparition du bureau.

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
*** Ne ferme pas la fenêtre lors de la suppression ***
Un rapport sera créé, poste son contenu ici. Pourquoi et comment je me fais infecter?

Le voici


-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Version 1.00
USER : Marco ( Administrator )
BOOT : Normal boot
Antivirus : PC Tools AntiVirus 4.0.0.26 4.0.0.26 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:48 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 2008-12-10|19:03 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Hotbar\bin
Supprime! - C:\Program Files\Hotbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Marco) - {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} => imacros


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.ca/"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Marco\Bureau\Nouveau dossier\windows xp\Windows XP Professional Keygen by CaFo.exe
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS1L.TIF
C:\DOCUME~1\Marco\Bureau\Picture Textures\STONE\CRACKS2L.TIF
C:\DOCUME~1\Marco\Favoris\torrent\BioShock CRACK WORK ONLY PLUS MINI IMAGE PLUS INFO torrent download.url
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Local Settings\Application Data\Microsoft\Messenger\airdelavie@msn.com\Sharing Folders\narayama222@hotmail.com\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen.rar
C:\DOCUME~1\Marco\Mes documents\download1\WinRAR 3.00 FINAL - Incl. Keygen\wrar300.exe
C:\DOCUME~1\Marco\Mes documents\loulou\Crack
C:\DOCUME~1\Marco\Mes documents\loulou\Crack\Photoshop.exe



1 - "C:\ToolBar SD\TB_1.txt" - 2008-12-10|18:30 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-12-10|19:05 - Option : [2]

-----------\\ Fin du rapport a 19:05:54,62

Bon bin,
faut que tu vires tes cracks...ces eux qui foutent la merde

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes

Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

-----------------------------------------------------

installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)

Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:

http://support.microsoft.com/kb/310994

descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.

enregistre le sur ton bureau.

fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Combofix va installer la console de récupération sur ton pc

a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.

--------------------------------------------------------------------- Pourquoi et comment je me fais infecter?

Très bien je me au travail ^^

Cela dis,je regarde demain a tète reposée car la,je dors sur le clavier
donc moi dodo

au cas ou tu n'installes evidement pas la console de récupération si elle y est déja...

a tantot
++ Pourquoi et comment je me fais infecter?

Me revoilà,

Voici le premier rapport du combos :
ComboFix 08-12-09.03 - Marco 2008-12-10 19:36:32.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2670 [GMT -5:00]
Lancé depuis: c:\documents and settings\Marco\Bureau\Nouveau dossier\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Windows Live\Messenger\msimg32.dll
c:\windows\system32\%%%.exe
c:\windows\system32\abokewas.ini
c:\windows\system32\akorekad.ini
c:\windows\system32\amotamud.ini
c:\windows\system32\dakeroka.dll
c:\windows\system32\dumatoma.dll
c:\windows\system32\lobodido.dll
c:\windows\system32\nadejafi.dll
c:\windows\system32\orehonap.ini
c:\windows\system32\sawekoba.dll
c:\windows\system32\ugahunit.ini
c:\windows\system32\upizatul.ini
c:\windows\system32\uveyulid.ini
c:\windows\system32\uyukupew.ini

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.

2008-12-10 19:21 . 2008-12-10 19:21 <REP> d-------- c:\windows\LastGood.Tmp
2008-12-10 18:27 . 2008-12-10 19:05 <REP> d-------- C:\ToolBar SD
2008-12-10 08:23 . 2008-12-10 08:23 <REP> d-------- c:\windows\ERUNT
2008-12-10 08:15 . 2008-12-10 08:38 <REP> d-------- C:\SDFix
2008-12-06 17:38 . 2008-12-07 00:52 <REP> d-------- c:\program files\UNI2
2008-11-17 18:28 . 2008-11-17 18:28 <REP> d--hs---- c:\windows\ftpcache
2008-11-13 14:29 . 2008-11-25 10:13 <REP> d-------- c:\program files\MindArk

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 00:56 9,936,928 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 00:21 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-10 23:20 117,248 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 13:17 1,399,296 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-10 06:43 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-09 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\pkdyhobi
2008-12-07 12:23 3,614,208 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-06 06:32 --------- d-----w c:\program files\AxBx
2008-12-05 20:10 1,390,080 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-12-05 14:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:28 --------- d-----w c:\program files\PC Tools AntiVirus
2008-11-21 02:20 1,368,576 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-11-14 19:54 --------- d-----w c:\documents and settings\Marco\Application Data\dvdcss
2008-11-14 15:31 2,783,744 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-05 23:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-05 00:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 20:17 2,901,504 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-11-03 02:38 --------- d-----w c:\program files\directx
2008-11-03 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 02:33 --------- d-----w c:\program files\Micro Application
2008-11-01 19:40 --------- d-----w c:\program files\epson
2008-10-27 17:46 1,211,392 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-10-24 18:28 1,339,392 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-10-24 02:00 1,605,120 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-10-24 02:00 1,337,344 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-10-23 23:15 1,936,099 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-23 08:38 373,760 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-10-23 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-22 22:05 963,584 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-10-21 13:10 248,832 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-10-21 03:24 1,031,680 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-10-19 20:00 1,749,504 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-10-19 03:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-18 09:57 650,752 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-10-17 17:14 169,984 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-10-17 13:23 2,131,456 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-16 09:11 671,232 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-15 21:57 --------- d-----w c:\program files\QuickTime
2008-10-15 21:43 449,024 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-15 16:32 --------- d-----w c:\program files\Zone Labs
2008-03-25 18:44 56 --sh--r c:\windows\system32\8536CB2307.sys
2008-03-25 18:46 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"UniMessenger"="c:\program files\UNI2\UNI2.exe" [2007-10-31 82432]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 01:42 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
--a------ 2002-12-11 23:14 46592 c:\windows\system32\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 10:58 94208 c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GOlive]
--a------ 2008-10-01 15:53 827392 c:\progra~1\GOlive\GOlive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2008-03-05 08:37 1238928 c:\program files\PC Tools AntiVirus\PCTAV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-10 01:43 1809648 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-01-30 13:54 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 oflpydin;oflpydin;\??\c:\docume~1\Marco\LOCALS~1\Temp\oflpydin.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-10 c:\windows\Tasks\At10.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At11.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At12.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At13.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At15.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At16.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At17.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At18.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At19.job
- c:\windows\system32\330cywTb.exe []

2008-12-11 c:\windows\Tasks\At20.job
- c:\windows\system32\330cywTb.exe []

2008-12-11 c:\windows\Tasks\At21.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At22.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At23.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At24.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At3.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At4.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At5.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At6.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At7.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At8.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At9.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{3c58f64b-ffa8-47fd-9673-4df517638fad} - c:\windows\system32\fetilari.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-jiyalonunu - c:\windows\system32\wekateme.dll
HKLM-Run-346e5c34 - c:\windows\system32\tinuhagu.dll
HKLM-Run-CPM375d6fa8 - c:\windows\system32\senifetu.dll
Notify-WgaLogon - (no file)
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-ATI Launchpad - c:\program files\ATI Multimedia\main\launchpd.exe
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-BDMCon - c:\program files\Softwin\BitDefender8\bdmcon.exe
MSConfigStartUp-BDNewsAgent - c:\program files\Softwin\BitDefender8\bdnagent.exe
MSConfigStartUp-Flash Media - c:\windows\system32\%%%.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-MSFox - c:\docume~1\Marco\LOCALS~1\Temp\video241.cfg.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
FireFox -: Profile - c:\documents and settings\Marco\Application Data\Mozilla\Firefox\Profiles\tjt0dnef.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://fastdial/content/fastdial.html
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 19:58:28
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(808)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools AntiVirus\PCTAVSvc.exe
.
**************************************************************************
.
Heure de fin: 2008-12-10 20:02:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-11 01:02:45

Avant-CF: 52 438 790 144 octets libres
Après-CF: 52,406,087,680 octets libres

284 --- E O F --- 2008-04-04 18:37:03

ensuite 2 iem rapport quand j'ai glissé du reboot de sevice pack2 sur le combos :

ComboFix 08-12-09.03 - Marco 2008-12-10 20:06:30.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2672 [GMT -5:00]
Lancé depuis: c:\documents and settings\Marco\Bureau\Nouveau dossier\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Marco\Bureau\Nouveau dossier\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 ))))))))))))))))))))))))))))))))))))
.

2008-12-10 18:27 . 2008-12-10 19:05 <REP> d-------- C:\ToolBar SD
2008-12-10 08:23 . 2008-12-10 08:23 <REP> d-------- c:\windows\ERUNT
2008-12-10 08:15 . 2008-12-10 08:38 <REP> d-------- C:\SDFix
2008-12-06 17:38 . 2008-12-07 00:52 <REP> d-------- c:\program files\UNI2
2008-11-17 18:28 . 2008-11-17 18:28 <REP> d--hs---- c:\windows\ftpcache
2008-11-13 14:29 . 2008-11-25 10:13 <REP> d-------- c:\program files\MindArk

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 01:09 9,941,024 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-12-11 00:21 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-10 23:20 117,248 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-12-10 13:17 1,399,296 ----a-w c:\windows\Internet Logs\xDB14.tmp
2008-12-10 06:43 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-09 13:16 --------- d-----w c:\documents and settings\All Users\Application Data\pkdyhobi
2008-12-07 12:23 3,614,208 ----a-w c:\windows\Internet Logs\xDB13.tmp
2008-12-06 06:32 --------- d-----w c:\program files\AxBx
2008-12-05 20:10 1,390,080 ----a-w c:\windows\Internet Logs\xDB12.tmp
2008-12-05 14:28 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:28 --------- d-----w c:\program files\PC Tools AntiVirus
2008-11-21 02:20 1,368,576 ----a-w c:\windows\Internet Logs\xDB11.tmp
2008-11-14 19:54 --------- d-----w c:\documents and settings\Marco\Application Data\dvdcss
2008-11-14 15:31 2,783,744 ----a-w c:\windows\Internet Logs\xDB10.tmp
2008-11-05 23:18 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-05 00:44 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 20:17 2,901,504 ----a-w c:\windows\Internet Logs\xDBF.tmp
2008-11-03 02:38 --------- d-----w c:\program files\directx
2008-11-03 02:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 02:33 --------- d-----w c:\program files\Micro Application
2008-11-01 19:40 --------- d-----w c:\program files\epson
2008-10-27 17:46 1,211,392 ----a-w c:\windows\Internet Logs\xDBE.tmp
2008-10-24 18:28 1,339,392 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-10-24 02:00 1,605,120 ----a-w c:\windows\Internet Logs\xDBB.tmp
2008-10-24 02:00 1,337,344 ----a-w c:\windows\Internet Logs\xDBC.tmp
2008-10-23 23:15 1,936,099 ----a-w c:\windows\Internet Logs\tvDebug.zip
2008-10-23 08:38 373,760 ----a-w c:\windows\Internet Logs\xDBA.tmp
2008-10-23 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-22 22:05 963,584 ----a-w c:\windows\Internet Logs\xDB9.tmp
2008-10-21 13:10 248,832 ----a-w c:\windows\Internet Logs\xDB8.tmp
2008-10-21 03:24 1,031,680 ----a-w c:\windows\Internet Logs\xDB7.tmp
2008-10-19 20:00 1,749,504 ----a-w c:\windows\Internet Logs\xDB6.tmp
2008-10-19 03:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-18 09:57 650,752 ----a-w c:\windows\Internet Logs\xDB5.tmp
2008-10-17 17:14 169,984 ----a-w c:\windows\Internet Logs\xDB4.tmp
2008-10-17 13:23 2,131,456 ----a-w c:\windows\Internet Logs\xDB3.tmp
2008-10-16 09:11 671,232 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-10-15 21:57 --------- d-----w c:\program files\QuickTime
2008-10-15 21:43 449,024 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-10-15 16:32 --------- d-----w c:\program files\Zone Labs
2008-03-25 18:44 56 --sh--r c:\windows\system32\8536CB2307.sys
2008-03-25 18:46 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-10 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"UniMessenger"="c:\program files\UNI2\UNI2.exe" [2007-10-31 82432]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-10 01:42 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 09:43 57344 c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
--a------ 2002-12-11 23:14 46592 c:\windows\system32\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2002-08-19 10:58 94208 c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GOlive]
--a------ 2008-10-01 15:53 827392 c:\progra~1\GOlive\GOlive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 16:33 563984 c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 16:37 2178832 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 11:22 7700480 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2008-03-05 08:37 1238928 c:\program files\PC Tools AntiVirus\PCTAV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-12-10 01:43 1809648 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 00:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-12-13 18:27 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-01-30 13:54 1622016 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 oflpydin;oflpydin;\??\c:\docume~1\Marco\LOCALS~1\Temp\oflpydin.sys []
.
Contenu du dossier 'Tâches planifiées'

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-10 c:\windows\Tasks\At10.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At11.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At12.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At13.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At14.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At15.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At16.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At17.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At18.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At19.job
- c:\windows\system32\330cywTb.exe []

2008-12-11 c:\windows\Tasks\At20.job
- c:\windows\system32\330cywTb.exe []

2008-12-11 c:\windows\Tasks\At21.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At22.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At23.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At24.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At3.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At4.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At5.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At6.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At7.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At8.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\At9.job
- c:\windows\system32\330cywTb.exe []

2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
FireFox -: Profile - c:\documents and settings\Marco\Application Data\Mozilla\Firefox\Profiles\tjt0dnef.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.sweetim.com/search.asp?src=2&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://fastdial/content/fastdial.html
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 20:09:12
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(808)
c:\program files\Fichiers communs\PC Tools\Lsp\PCTLsp.dll
.
Heure de fin: 2008-12-10 20:10:45
ComboFix-quarantined-files.txt 2008-12-11 01:10:41
ComboFix2.txt 2008-12-11 01:02:52

Avant-CF: 52 369 539 072 octets libres
Après-CF: 52,354,854,912 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

241 --- E O F --- 2008-04-04 18:37:03

et finnalement le Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:12, on 2008-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UniMessenger] C:\Program Files\UNI2\UNI2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://speed.travian.fr
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-334fe76f1d584793.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
End of file - 5308 bytes

Repose toi bien et merci pour tout,

@ demain

Super,

combofix a bien travailler

tu connais ceci
http://speed.travian.fr Pourquoi et comment je me fais infecter?

OUII je crois que tu as bien résolu le problème, enfin ils ont été suprimé...
Je t'en remercie beaucoup de ta patience, j'aime bien de travailler avec vous sur les virus, j'en apprend à chaque fois mais je commence à bien situé les problèmes de virus qui affectent mon ordi.

Oui je connais très bien Travian je t'ai envoyé un MP sur se sujet ^^

Merci encore et je vous souhaite de très Joyeuses Fêtes à toi et ta famillle.

@ bientôt

Attend,c'est pas fini...

y a encore un ou deux trucs a vérifier si tu veux bien


Rends toi sur ce site :
http://www.virustotal.com/
Clique sur parcourir et cherche ce fichier : c:\windows\system32\330cywTb.exe

Clique sur "Send File".
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.

En cas de problèmes: http://pageperso.aol.fr/loraline60/virus_total.htm Pourquoi et comment je me fais infecter?

AHH okk je fais ça toutes suite ^^