Trojan.Win32.Patche.m

Bonjour mOe,

merci pour ton aide, je vais suivre tes instructions, et je t'envoie les rapports dès que c'est fini, j'aurais peut-être pas le temps de tout faire cette après midi, mais je vais faire au mieux.

Merci encore

C'est bon je pense avoir tout fait donc voici les rapports que tu voulais.

Tout d'abord le rapport de ProcessExplorer pour winlogon:

Process PID CPU Description Company Name
System Idle Process 0 75.90
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 580 Windows NT Session Manager Microsoft Corporation
csrss.exe 632 Client Server Runtime Process Microsoft Corporation
winlogon.exe 656 1.20
services.exe 704 1.20 Applications Services et Contrôleur Microsoft Corporation
svchost.exe 896 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 996 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1188 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1220 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1328 Spooler SubSystem App Microsoft Corporation
alg.exe 560 Application Layer Gateway Service Microsoft Corporation
ati2evxx.exe 572
SERVIC~1.EXE 608
fspex.exe 756
fsgk32st.exe 664 fsgk32st F-Secure Corp.
fsgk32.exe 912 7.23 Gatekeeper Handler II F-Secure Corp.
fssm32.exe 1072 7.23 fssm32 F-Secure Corp.
fsbwsys.exe 720 fsbwsys F-Secure Corp.
FSMA32.EXE 940 F-Secure Management Agent F-Secure Corporation
FSMB32.EXE 976 F-Secure Message Broker F-Secure Corporation
FCH32.EXE 1464 F-Secure Configuration Handler F-Secure Corporation
FAMEH32.EXE 1864 F-Secure Alert and Management Extension Handler F-Secure Corporation
FSAV32.exe 2052 FSAV Handler F-Secure Corporation
incdsrv.exe 972 incdsrv AHEAD Software
slserv.exe 1568 User-Level Modem Service
sp_rsser.exe 1348 Spyware Terminator Realtime Shield Service Crawler.com
PAStiSvc.exe 160
svchost.exe 192 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 236 Windows User Mode Driver Manager Microsoft Corporation
iPodService.exe 2616 Module iPodService Apple Computer, Inc.
fsdfwd.exe 2688 F-Secure Anti-Virus Internet Shield daemon F-Secure Corporation
svchost.exe 424 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 716 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1556 Explorateur Windows Microsoft Corporation
atiptaxx.exe 1636 ATI Desktop Control Panel ATI Technologies, Inc.
jusched.exe 1648
InCD.exe 1668 InCD Ahead Software AG
iTunesHelper.exe 1676 Module iTunesHelper Apple Computer, Inc.
E_FATIACE.EXE 1684 EPSON Status Monitor 3 SEIKO EPSON CORPORATION
qttask.exe 1808 Apple Computer, Inc.
Spywareterminatorshield.Exe 1880 Spyware Terminator Realtime Shield Crawler.com
ctfmon.exe 204 CTF Loader Microsoft Corporation
TeaTimer.exe 240 1.20 System settings protector Safer Networking Limited
msnmsgr.exe 1084 Messenger Microsoft Corporation
firefox.exe 3008 Firefox Mozilla Corporation
procexp.exe 2548 6.02 Sysinternals Process Explorer Sysinternals
fsguiexe.exe 3116 gui standby component

Process: winlogon.exe Pid: 656

Name Description Company Name Version
advapi32.dll API avancées Windows 32 Microsoft Corporation 5.01.2600.1106
authz.dll Authorization Framework Microsoft Corporation 5.01.2600.0000
clbcatq.dll Microsoft Corporation 2001.12.4414.0042
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2800.1106
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2800.1106
comdlg32.dll DLL commune de boîtes de dialogues Microsoft Corporation 6.00.2800.1106
comres.dll Microsoft Corporation 2001.12.4414.0042
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.1123
cscdll.dll Agent réseau hors connexion Microsoft Corporation 5.01.2600.0000
cscui.dll IU de cache côté client Microsoft Corporation 5.01.2600.1106
ctype.nls
fsdc.dll F-Secure Dial-up Control for Windows NT F-Secure Corporation 5.70.0600.0000
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.1221
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.1106
kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation 5.01.2600.1106
locale.nls
midimap.dll Mappeur MIDI Microsoft Microsoft Corporation 5.01.2600.0000
mpr.dll DLL de routeur de fournisseurs multiples Microsoft Corporation 5.01.2600.0000
msacm32.dll Filtre audio ACM Microsoft Microsoft Corporation 5.01.2600.0000
msacm32.drv Mappeur de sons Microsoft Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.1274
msgina.dll Ouverture de session Windows NT GINA DLL Microsoft Corporation 5.01.2600.1106
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.1106
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.1106
nddeapi.dll APIs de gestion du partage DDE réseau Microsoft Corporation 5.01.2600.0000
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.1106
ntdll.dll DLL Couche NT Microsoft Corporation 5.01.2600.1221
ntmarta.dll Fournisseur MARTA Windows NT Microsoft Corporation 5.01.2600.1106
ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.520.9042.0000
odbcint.dll Microsoft Data Access - Ressources ODBC Microsoft Corporation 3.520.7713.0000
ole32.dll Microsoft OLE pour Windows Microsoft Corporation 5.01.2600.1263
oleaut32.dll Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems Microsoft Corporation 3.50.5016.0000
profmap.dll Userenv Microsoft Corporation 5.01.2600.0000
psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.1106
R000000000015.clb
regapi.dll Registry Configuration APIs Microsoft Corporation 5.01.2600.1106
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.1254
rsaenh.dll Microsoft Base Cryptographic Provider Microsoft Corporation 5.01.2600.1029
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.1106
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.1106
serwvdrv.dll Pilote son série Unimodem Microsoft Corporation 5.01.2600.0000
setupapi.dll Installation de L'API Windows Microsoft Corporation 5.01.2600.1106
sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.0000
sfc_os.dll Protection de fichiers Windows Microsoft Corporation 5.01.2600.1106
shell32.dll DLL commune du shell Windows Microsoft Corporation 6.00.2800.1233
SHLWAPI.DLL Bibliothèque d'utilitaires légers du Shell Microsoft Corporation 6.00.2800.1400
shsvcs.dll Dll des services Windows Shell Microsoft Corporation 6.00.2800.1106
sortkey.nls
sorttbls.nls
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.1106
umdmxfrm.dll Unimodem Tranform Module Microsoft Corporation 5.01.2600.0000
unicode.nls
user32.dll DLL client de l'API Utilisateur de Windows XP Microsoft Corporation 5.01.2600.1255
userenv.dll Userenv Microsoft Corporation 5.01.2600.1106
uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation 6.00.2800.1106
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.0000
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.0000
winlogon.exe
winmm.dll DLL API MCI Microsoft Corporation 5.01.2600.1106
winscard.dll API Microsoft Smart Card Microsoft Corporation 5.01.2600.0000
winspool.drv Pilote de spouleur Windows Microsoft Corporation 5.01.2600.1106
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.1106
wintrust.dll API Microsoft de vérification de la confiance Microsoft Corporation 5.131.2600.0000
wldap32.dll DLL API LDAP Win32 Microsoft Corporation 5.01.2600.1106
wlnotify.dll DLL commune de réception des notifications Winlogon Microsoft Corporation 5.01.2600.1106
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.0000
ws2help.dll Application d'assistance de Windows Socket 2.0 pour Windows NT Microsoft Corporation 5.01.2600.0000
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.1106

Maintenant le rapport hijackthis de la startuplist:

StartupList report, 07-04-24, 15:43:44
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Nadia\Bureau\logiciels de sécurité\hijackthis\abcde.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nadia\Bureau\logiciels de sécurité\hijackthis\abcde.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
InCD = C:\Program Files\Ahead\InCD\InCD.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
EPSON Stylus DX3800 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
F-Secure Manager = "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
F-Secure TNB = "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
F-Secure Startup Wizard = "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot
News Service = "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"
FSASWREG = "C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe"
QuickTime Task = "C:\WINDOWS\System32\qttask.exe" -atboottime
SpywareTerminator = "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Scheduled scanning task.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[UnoCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\WINDOWS\SYSTEM32\WINLOGON.EXE.$DIS => C:\WINDOWS\SYSTEM32\WINLOGON.EXE|C:\PROGRA~1\SPYWAR~1\sptcontmenu.dll.old


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
SystemCheck2: *Registry key not found*

--------------------------------------------------
End of report, 7,869 bytes
Report generated in 0.312 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Pour Deckard system scanner j'ai 3 rapport différents qui s'affiche:

Tout d'abord un qui se nomme main.txt:

Deckard's System Scanner v20070423.42
Run by Nadia on 2007-04-24 at 15:46:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2007-04-24 13:46:20 UTC - RP340 - Deckard's System Scanner Restore Point
27: 2007-04-09 18:31:44 UTC - RP339 - Point de vérification système
26: 2007-04-08 17:58:25 UTC - RP338 - Point de vérification système
25: 2007-04-04 19:13:24 UTC - RP337 - Point de vérification système
24: 2007-03-28 09:58:46 UTC - RP336 - Spyware Terminator - restore point


-- First Restore Point --
1: 2007-02-01 15:00:09 UTC - RP313 - Point de vérification système


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Nadia.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:48, on 07-04-24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nadia\Bureau\logiciels de sécurité\dss.exe
C:\DOCUME~1\Nadia\Bureau\LOGICI~1\HIJACK~1\Nadia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield; 5.74 Build 20; 5.74.20>
R1 sp_rsdrv2 (Spyware Terminator Driver 2) - c:\windows\system32\drivers\sp_rsdrv2.sys
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\securitoo\av_fw\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\securitoo\av_fw\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\securitoo\av_fw\anti-virus\win2k\fsrec.sys
R2 UacFlt (Philips Composite Class Filter Driver) - c:\windows\system32\drivers\uacbflt.sys <Not Verified; Micronas GmbH; UAC355x; 1, 1, 0, 0; 1, 2, 0, 22>
R3 DP83815 (National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver) - c:\windows\system32\drivers\dp83815.sys <Verified; National Semiconductor Corp.; National Semiconductor Corp. DP83815/816 10/100 MacPhyter PCI Adapter; 5.00.137.2; 5.00.137.2>
R3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Verified; ; Modem; 3.20.04; 3.20.04>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell; 2, 5, 0, 201; 2, 5, 0, 201>
R3 Slntamr (SmartLink AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Verified; ; Modem; ; Mar 17 2003 09:16:38>
R3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Verified; Vireo Software; Driver::Works; 1.00; 1.00>

S2 Ca533av (Icatch(IV) Video Camera Device) - c:\windows\system32\drivers\ca533av.sys (file missing)
S3 ac97intc (Service d'installation du pilote audio Intel(r) 82801 (WDM)) - c:\windows\system32\drivers\ac97intc.sys <Verified; Intel Corporation; Intel(r) Integrated Controller Hub Audio Driver; 5.10.3523; 5.10.3523 built by: WinDDK>
S3 FA312 (Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR) - c:\windows\system32\drivers\fa312nd5.sys <Verified; NETGEAR Corp.; NETGEAR FA312 Fast Ethernet NDIS 5.0 Miniport Driver; 5.00.119.0; 5.00.119.0>
S3 Mtlstrm - c:\windows\system32\drivers\mtlstrm.sys <Verified; ; Modem; ; Mar 17 2003 08:47:08>
S3 NSCIRDA (Pilote de périphérique infrarouge NSC) - c:\windows\system32\drivers\nscirda.sys <Verified; National Semiconductor Corporation; NSC Fast Infrared Driver.; 1,0,0,0; 5,01,00,006 (xpclient.010817-1148)>
S3 NtMtlFax - c:\windows\system32\drivers\ntmtlfax.sys <Verified; ; Modem; 3.20.03; 3.20.03>
S3 PAC207 (SoC PC-Camer@) - c:\windows\system32\drivers\pfc027.sys
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys (file missing)
S3 psa500 (Sound Agent 2 for Audio Set (WDM)) - c:\windows\system32\drivers\psa500.sys (file missing)
S3 QsndEnum (QSound Virtual Audio Devices Bus Enumerator) - c:\windows\system32\drivers\qsndenum.sys (file missing)
S3 RecAgent - c:\windows\system32\drivers\recagent.sys <Not Verified; ; Modem; 3.20.03; 3.20.03>
S3 SlNtHal - c:\windows\system32\drivers\slnthal.sys <Verified; ; Modem; 3.20.04; 3.20.04>
S3 USBCamera (Icatch(IV) Still Camera Device) - c:\windows\system32\drivers\bulk533.sys (file missing)
S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:\windows\system32\zdcndis5.sys (file missing)
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys (file missing)
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Verified; Mylex Corporation; Mylex Disk Array Controller Driver; 6.00-21; 6.00-21 (XPClient.010817-1148)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BackWeb Plug-in - 8520111 (Securitoo Antivirus Firewall) - c:\progra~1\securi~1\av_fw\backweb\8520111\program\servic~1.exe
R2 fsbwsys - "c:\program files\securitoo\av_fw\backweb\8520111\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb; 6.70; 6.70.738>
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\securitoo\av_fw\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service; 1, 0, 7360, 56; 1, 0, 7360, 0>
R2 FSMA (F-Secure Management Agent) - "c:\program files\securitoo\av_fw\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent; 5.62 Build 7676; 5.62.7676>
R2 SLService (SmartLinkService) - slserv.exe <Verified; ; Modem; 2.80.00; 2.80.00(24Apr2000)>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - c:\program files\spyware terminator\sp_rsser.exe <Not Verified; Crawler.com; Crawler Spyware Terminator; ; 1.8.2.121>
R2 STI Simulator - c:\windows\system32\pastisvc.exe
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\securitoo\av_fw\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield; 5.70 Build 600; 5.70.600>


-- Scheduled Tasks -------------------------------------------------------------

2007-04-24 09:28:10 588 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job


-- Files created between 2007-03-24 and 2007-04-24 -----------------------------

2007-04-24 10:37:20 0 d-------- C:\Documents and Settings\Nadia\Pavark
2007-04-22 18:17:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-22 17:30:13 0 d-------- C:\VundoFix Backups
2007-04-22 16:47:40 0 d--h----- C:\WINDOWS\PIF
2007-04-03 10:43:30 135936 --a------ C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
2007-04-03 10:41:02 0 d-------- C:\Documents and Settings\Nadia\Application Data\Spyware Terminator
2007-04-03 10:41:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-04-03 10:40:58 0 d-------- C:\Program Files\Spyware Terminator
2007-03-28 11:39:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
2007-03-27 15:55:38 6656 --a------ C:\WINDOWS\System32\drivers\RKPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver; 1, 0, 0, 4; 1, 0, 0, 4>


-- Find3M Report ---------------------------------------------------------------

2007-04-24 10:20:34 447222 --a------ C:\WINDOWS\System32\perfh00C.dat
2007-04-24 10:20:34 64922 --a------ C:\WINDOWS\System32\perfc00C.dat
2007-03-25 19:11:10 520704 -----n--- C:\WINDOWS\System32\winlogon.exe
2007-03-15 22:38:47 6114 --a------ C:\WINDOWS\System32\EPPICResdb0000
2007-03-15 22:38:47 117 --a------ C:\WINDOWS\System32\EPPICResdb


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB002\" /M \"Stylus DX3800\""
"F-Secure Manager"="\"C:\\Program Files\\Securitoo\\Av_Fw\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Securitoo\\Av_Fw\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Securitoo\\Av_Fw\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Securitoo\\Av_Fw\\FSGUI\\ispnews.exe\""
"FSASWREG"="\"C:\\Program Files\\Securitoo\\Av_Fw\\Anti-Spyware\\fsaswreg.exe\""
"QuickTime Task"="\"C:\\WINDOWS\\System32\\qttask.exe\" -atboottime"
"SpywareTerminator"="\"C:\\PROGRA~1\\SPYWAR~1\\SpywareTerminatorShield.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"SystemCheck2"="{54645654-2225-4455-44A1-9F4543D34546}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ECMFQMLSCULF
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_FKYSPXOBBEHO
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_PHOOKS


-- End of Deckard's System Scanner: finished at 2007-04-24 at 15:49:47 ---------



Puis un autre nommé extra.txt:


Deckard's System Scanner v20070423.42
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 1.0
Architecture: X86; Language: French

CPU 0: Intel(R) Celeron(R) CPU 2.80GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 255.36 MiB / 75.84 MiB
Pagefile Memory (total/avail): 618.22 MiB / 381.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.9 MiB

C: is Fixed (NTFS) - 27.94 GiB total, 3.52 GiB free.
D: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Nadia\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=SAMANTHA
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Nadia
LOGONSERVER=\\SAMANTHA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Satsuki Decoder Pack\filtres\divers
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Nadia\LOCALS~1\Temp
TMP=C:\DOCUME~1\Nadia\LOCALS~1\Temp
USERDOMAIN=SAMANTHA
USERNAME=Nadia
USERPROFILE=C:\Documents and Settings\Nadia
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Nadia [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\Securitoo\Av_Fw\fsuninst.exe" /UninstRegKey:"News Service"
--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.7 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BSPlayer (remove only) --> "C:\Program Files\BSPlayer\uninstall-bsplay.EXE"
Canon S300 --> C:\WINDOWS\System32\CNMS300.EXE -@C:\WINDOWS\IsUn040c.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\DeIsL1.isu" -pCanon S300-c"C:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\bjinst.dll
Correctif Windows XP - KB823182 -->
Correctif Windows XP - KB824076 -->
Correctif Windows XP - KB824105 -->
Correctif Windows XP - KB824141 -->
Correctif Windows XP - KB825119 -->
Correctif Windows XP - KB826939 -->
Correctif Windows XP - KB828012 -->
Correctif Windows XP - KB828028 --> C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
Correctif Windows XP - KB828035 -->
DivX 5.0.2 Pro Bundle --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DP8381x 10/100 PCI Network Adapter Driver --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{35AC8A61-6D0C-4B36-9DFA-86B5276AE38D} /l1036
DVD TO AVI V1.4 --> "C:\Program Files\Dvd-to-avi\unins000.exe"
EPSON Attach To Email --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Image Clip Palette --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
ESDX3800 Guide d'utilisation --> C:\Program Files\EPSON\TPMANUAL\ESDX3800\USE_G\DOCUNINS.EXE
ffdshow --> "C:\Program Files\Satsuki Decoder Pack\filtres\ffds\uninstall.exe"
Haali Media Splitter --> "C:\Program Files\Satsuki Decoder Pack\filtres\haali\uninstall.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Nadia\Bureau\Nouveau dossier (2)\Nouveau dossier\HijackThis.exe /uninstall
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Q832894 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q832894.inf
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c
lphant v2.01 --> "C:\Program Files\lphant\unins000.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Works 7.0 --> MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Mozilla Firefox (1.5.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.11 (fr)"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 SE --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Outlook Express Update Q330994 --> C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
PC Camer@ --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68AD7668-834F-49BC-94AB-28F94A5D93D5} /l1036
PIF DESIGNER --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
PowerArchiver 2004 v9.25 French --> "C:\Program Files\PowerArchiver\unins000.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Satsuki Decoder Pack --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Securitoo AntiSpyware --> "C:\Program Files\Securitoo\Av_Fw\FSuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Standalone"
Securitoo AntiVirus Firewall --> C:\PROGRA~1\SECURI~1\Av_Fw\Common\fsbwih.exe /uninstall
Smart Link 56K Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
VIA Audio Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -f"C:\PROGRA~1\VIATEC~1\VIAAUD~1/Uninst.isu"
Windows Live Messenger --> MsiExec.exe /I{E22885AB-B503-46E2-8437-73BBC6BC5487}
XnView 1.82.4 --> "C:\Program Files\XnView\unins000.exe"
Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-04-24 at 15:49:47 ---------

Et enfin un troisème et dernier document appelé moved.txt :


Directories/Files moved to C:\Deckard\System Scanner\backup

2006-10-05 12:40:24 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\Adobe
2007-01-20 00:54:07 17929072 --ah----- C:\DOCUME~1\Nadia\LOCALS~1\Temp\BITB7.tmp <Verified; Microsoft Corporation; Messenger; 8.1.0178; 8.1.0178.00>
2007-04-24 10:16:12 0 d---s---- C:\DOCUME~1\Nadia\LOCALS~1\Temp\Cookies
2007-04-24 10:16:12 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\Default
2007-03-23 15:33:47 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\F-Secure
2006-09-13 23:56:51 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\ff_temp
2006-05-12 13:05:50 0 d---s---- C:\DOCUME~1\Nadia\LOCALS~1\Temp\Historique
2007-04-09 19:50:32 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\hsperfdata_Nadia
2007-04-24 10:16:12 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\IXP000.TMP
2007-04-24 10:31:43 440 --a------ C:\DOCUME~1\Nadia\LOCALS~1\Temp\jusched.log
2007-04-24 13:58:32 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\MessengerCache
2007-04-24 14:58:16 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\msoclip1
2007-04-24 10:16:14 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\pft78.tmp
2006-10-06 13:21:41 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\plugtmp
2006-11-10 14:35:38 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\plugtmp-1
2007-03-27 11:39:42 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\plugtmp-2
2006-05-12 13:05:50 0 d---s---- C:\DOCUME~1\Nadia\LOCALS~1\Temp\Temporary Internet Files
2007-04-04 11:14:41 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\VBE
2007-04-24 10:16:17 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\WERE.tmp.dir00
2007-04-24 10:16:17 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\Word8.0
2007-04-24 10:16:17 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\Yahoo!
2004-10-25 22:16:23 0 d-------- C:\DOCUME~1\Nadia\LOCALS~1\Temp\_ISTMP1.DIR
2007-04-24 10:16:12 0 d---s---- C:\WINDOWS\temp\Cookies
2004-09-28 20:27:55 0 d---s---- C:\WINDOWS\temp\Historique
2007-04-24 10:16:12 0 d-------- C:\WINDOWS\temp\NVC11
2007-04-24 10:18:32 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat
2007-04-24 10:18:49 0 --a------ C:\WINDOWS\temp\T30DebugLogFile.txt
2004-09-28 20:27:55 0 d---s---- C:\WINDOWS\temp\Temporary Internet Files
2002-07-25 18:13:12 196608 --a------ C:\WINDOWS\Downloaded Program Files\dwusplay.exe <Not Verified; InstallShield Software Corporation; InstallShield Update Service; 1, 20; 1, 20, 100, 1203>
2002-07-25 18:13:18 24576 --a------ C:\WINDOWS\Downloaded Program Files\dwusplay.dll <Not Verified; InstallShield Software Corporation; InstallShield Update Service; 1, 20; 1, 20, 100, 1203>
2006-11-23 00:22:42 372736 --a------ C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll <Not Verified; Microsoft; UNO Messenger; 1.0.0.1; 1, 0, 1123, 1>
2002-07-25 18:05:32 172032 --a------ C:\WINDOWS\Downloaded Program Files\isusweb.dll <Not Verified; InstallShield Software Corporation; InstallShield Update Service; 1, 20; 1, 20, 100, 1203>
2003-05-29 15:00:20 160864 --a------ C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll <Verified; Microsoft Corporation; MSN® Games by Zone.com; 7.1.9502.1; 7.1.9502.1>
2007-02-22 23:41:12 304544 --a------ C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll <Verified; Microsoft Corporation; MSN® Games by Zone.com; 9.5.6907.1; 9.5.6907.1>
2003-05-29 15:00:18 77408 --a------ C:\WINDOWS\Downloaded Program Files\msgrchkr.dll <Verified; Microsoft Corporation; MSN® Games by Zone.com; 7.1.9502.1; 7.1.9502.1>

-*- End of Logfile -*-



Voilà j'espère que ce problème te parlera plus qu'à moi car je nage littéralement...merci :-)

oops j'oubliais le contenu de dossier C:\WINDOWS\temp, il semblerait qu'il n'y ai que cela:

Perflib.Perfdata_748.dat

mais je dois peut etre redémarré mon ordi pour que les fichiers caché apparaissent.

encore un grand merci pour ton aide

Cher mOe
Le virus trojan c est infiltrer dans mon ordi mais il n est pas encore trop tard peut tu me donner un site pour telecharger un antivirus gratuit et non avec des prix exhorbitants.je t en serai tres reconaissent.....

Salut Balltrap

Ouep, ça fait un bail, c'est vrai !
Content de te relire et j'espère que tu croules toujours sous les réparations :-)
Ca va être difficile pour le mail, je n'ai plus de connection au net à partir de Lundi car j'ai résilié mon abonnement...
Je suis désolé.

Que non lol !, ni forums français, ni US...
J'ai juste eu le bol de tomber sur quelques variantes de cette infection, en VM il y a un mois, dont deux pas encore totalement détectées par les AV.
Bah, c'est dur pour tout le monde je crois bien, les infections sont de plus en plus tordues, récemment je suis tombé sur un post italien qui réunissait gromozon, pe386, et la même infection que serduchko en plus agressif, le tout choppé sur la même url.
Avec des alliances de ce genre, nettoyer un pc va bientôt devenir une vrai prise de tête lol !

Bon vent à toi, Gé :-)