mon PC est ultra infecté !!!! help me

Bonjour,

Tu es multi-infecté  

Commence par faire sa :

La procédure est longue et en partie en mode sans échec. Attention, tu n'as pas accès à Internet dans ce mode, enregistre cette page Web (clique sur fichier/enregistrer sous/choisis « Bureau ») ou imprime ce que tu as à faire.

1/ Télécharge SmitfraudFix de S!Ri :

http://siri.urz.free.fr/Fix/SmitfraudFix.php

Tu le dézippes sur le Bureau.

2/ Télécharge la version d'évaluation d'AVG Anti-Spyware 7.5

Installe-le sur ton bureau

- Démarre AVG Anti-Spyware 7.5 avec l'icône qui se trouve sur ton Bureau.
Clique sur Mise à jour.
Sous Mise à jour manuelle clique sur Commencer la mise à jour et attend la fin de cette mise à jour puis ferme le programme.

3/ Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1

Poste le rapport.

4/ Redémarre en mode Sans Échec
(au démarrage, tapote immédiatement la touche F8), puis tu verras un écran avec choix de démarrages :
choisis Mode sans échec avec les flèches du clavier, puis valide avec Entrée.
Choisis ton compte usuel (et non Administrateur).

Si tu n’arrives vraiment pas à redémarrer en mode sans échec je te propose ce lien :

Redémarrer en mode sans échec

5/ Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout, sauvegarde le rapport sur ton bureau.

6/ Lance AVG Anti-Spyware 7.5 et clique sur Analyse et ensuite clique sur Analyse complète du système.
A la fin du scan il affichera une liste des fichiers détectés.
Clique sur le bouton Appliquer toutes les actions.
Clique sur Enregistrer le rapport, puis Enregistrer le rapport sous, je te conseille de le mettre sur ton bureau.

7/ Redémarres normalement et communiques le deuxième rapport de SmitfraudFix, celui AVG Anti-Spyware avec un nouveau rapport Hijackthis.

Ci joint le le rapport


SmitFraudFix v2.128

Rapport fait à 12:02:29,68, 08/12/2006
Executé à partir de C:\Documents and Settings\Steeve FIRMIN\Bureau\nettoie virus\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\comdlg64.dll PRESENT !
C:\WINDOWS\system32\isnotify.exe PRESENT !
C:\WINDOWS\system32\issearch.exe PRESENT !
C:\WINDOWS\system32\ixt?.dll PRESENT !
C:\WINDOWS\system32\ixt??.dll PRESENT !
C:\WINDOWS\system32\mlraakb.dll PRESENT !
C:\WINDOWS\system32\ot.ico PRESENT !
C:\WINDOWS\system32\ts.ico PRESENT !
C:\WINDOWS\system32\z11.exe PRESENT !
C:\WINDOWS\system32\z12.exe PRESENT !
C:\WINDOWS\system32\z15.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Steeve FIRMIN


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Steeve FIRMIN\Application Data

C:\Documents and Settings\Steeve FIRMIN\Application Data\Install.dat PRESENT !
C:\Documents and Settings\Steeve FIRMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

C:\DOCUME~1\STEEVE~1\MENUDM~1\PROGRA~1\Virus-Bursters PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\STEEVE~1\Favoris

C:\DOCUME~1\STEEVE~1\Favoris\Antivirus Test Online.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Safety Bar\ PRESENT !
C:\Program Files\SpySheriff\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"

[HKEY_CLASSES_ROOT\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]
@="C:\WINDOWS\system32\mlraakb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]
@="C:\WINDOWS\system32\mlraakb.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1.0\\adialhk.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

pe386 détecté, utilisez un scanner de Rootkit

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Le probleme que j'ai maintenant c'est qu'en mode sans echec, l'ecran reste noir je ne peux rien faire !!

Le mode sans échec met du temps à arriver. Patiente.

ca fait maintenant 45mn que l'ecran est noire, je crois que le probleme est belle et bien present

Ok.
Fais le en mode normal alors.

le mode normale ne s'affiche plus ca reste en mode sans echec a cause de la procedure redemarer en mode sans echec que tu m'a laisser dans la premiere reponse si le mode sans echec ne fonctionnait pas.

C'était pas moi le premier message  

Démarrer/Exécuter/MSConfig/Boot.INI/Décoche /SAFEBOOT puis valide.

Sinon tape sur l touche F8 ou F5 (dépend des PC) pendant la lecture du BIOS.

c'est exactement ce que j'ai fait ca reste en mode sans echec
et que je sois sur la cession administrateur ou la mienne, il n'y a rien a faire. c'est le meme resultat.
De plus le gestionnaire de tache ne s'affiche pas j'ai le message qu'il est bloque par l'administrateur.
Je ne vois que ma souris et la phrase en haut de l'ecran qui me dit que je suis en mode sans echec !!

Aidez moi s'il vous plait il y a mon memoire dans cet ordinateur !!!

Redémarre manuellement ton PC puis avant l'affichage de l'écran de démarrage appuie sur le touche F8.

g reussi a le redemarrer jpense que je vais formater apres sauvegarde!!

rapport avg 7.5

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 01:21:43 09/12/2006

+ Résultat de l'analyse:



C:\Program Files\Safety Bar -> Adware.Generic : Ignoré.
C:\Program Files\Safety Bar\SafetyBar.dll -> Adware.Generic : Ignoré.
C:\Program Files\Safety Bar\Uninstall.bat -> Adware.Generic : Ignoré.
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0489523.dll -> Adware.SaveNow : Ignoré.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Ignoré.
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Ignoré.
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Ignoré.
HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0490554.dll -> Adware.SearchAssistant : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0490555.dll -> Adware.SearchAssistant : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0490556.dll -> Adware.SearchAssistant : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498591.dll -> Adware.SearchAssistant : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498592.dll -> Adware.SearchAssistant : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498593.dll -> Adware.SearchAssistant : Ignoré.
C:\Program Files\SpySheriff -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\SpySheriff.dvm -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\SpySheriff.exe -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\Uninstall.exe -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\base.avd -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\base001.avd -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\base002.avd -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\found.wav -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\heur000.dll -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\notfound.wav -> Adware.SpySheriff : Ignoré.
C:\Program Files\SpySheriff\removed.wav -> Adware.SpySheriff : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482726.exe -> Adware.Spysheriff : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0497460.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498602.dll -> Adware.Virtumonde : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0496388.exe -> Dialer.GBDialer.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0496811.exe -> Dialer.GBDialer.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498598.exe -> Dialer.GBDialer.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498600.exe -> Dialer.GBDialer.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483100.exe -> Downloader.CWS.af : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483113.exe -> Downloader.CWS.af : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0497583.exe -> Downloader.Delf.aeu : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498605.exe -> Downloader.Delf.aeu : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483097.exe -> Downloader.PurityScan.dc : Ignoré.
C:\Program Files\Μіcrosoft\dvdplay.exe -> Downloader.PurityScan.dt : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483006.exe -> Downloader.Small : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483030.exe -> Downloader.Small.awa : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483090.exe -> Downloader.Small.ctf : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483092.exe -> Downloader.Small.dam : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483093.exe -> Downloader.Small.dam : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483102.exe -> Downloader.Small.dam : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483106.exe -> Downloader.Small.dam : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483104.exe -> Downloader.Small.dgk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483114.exe -> Downloader.Small.dgk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483112.exe -> Downloader.Tiny.et : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483091.exe -> Dropper.Agent.azs : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483088.exe -> Dropper.Delf.va : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483111.exe -> Dropper.Small.atd : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480736.dll -> Hijacker.Agent.hz : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482955.dll -> Hijacker.Agent.hz : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482991.exe -> Hijacker.Agent.hz : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483099.exe -> Hijacker.Agent.hz : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0497585.exe -> Hijacker.Costrat.e : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498607.exe -> Hijacker.Costrat.e : Ignoré.
C:\Documents and Settings\Steeve FIRMIN\Local Settings\Temp\rfbfvptk.dll -> Logger.VBStat.h : Ignoré.
C:\Documents and Settings\Steeve FIRMIN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-11c336b7.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Ignoré.
C:\Documents and Settings\Steeve FIRMIN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-11c336b7.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0484153.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502671.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502677.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502710.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502712.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502718.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z1978.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3141.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3143.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3161.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3192.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3255.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3303.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z337.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3416.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3417.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3427.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3496.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z360.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3603.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3783.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3886.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\WINDOWS\system32\z3909.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480722.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482976.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483003.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483089.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483110.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480735.dll -> Proxy.Agent.df : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0497584.exe -> Proxy.Dlena.at : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498606.exe -> Proxy.Dlena.at : Ignoré.
:mozilla.109:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.53:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.54:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adbrite : Ignoré.
:mozilla.100:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adviva : Ignoré.
:mozilla.15:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Bluestreak : Ignoré.
:mozilla.131:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
:mozilla.132:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
:mozilla.133:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Comclick : Ignoré.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Ignoré.
:mozilla.22:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Doubleclick : Ignoré.
:mozilla.126:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Estat : Ignoré.
:mozilla.92:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Fastclick : Ignoré.
:mozilla.74:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Hotlog : Ignoré.
:mozilla.76:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Hypertracker : Ignoré.
:mozilla.85:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Ivwbox : Ignoré.
:mozilla.82:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Komtrack : Ignoré.
:mozilla.83:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Komtrack : Ignoré.
:mozilla.26:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Mediaplex : Ignoré.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignoré.
:mozilla.43:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.44:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.45:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.46:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.47:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignoré.
:mozilla.57:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Revenue : Ignoré.
:mozilla.59:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Revenue : Ignoré.
:mozilla.65:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Revenue : Ignoré.
:mozilla.119:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.120:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.121:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.122:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.123:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Ignoré.
:mozilla.19:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.20:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.21:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Smartadserver : Ignoré.
:mozilla.75:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Spylog : Ignoré.
:mozilla.86:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Statcounter : Ignoré.
:mozilla.87:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Statcounter : Ignoré.
:mozilla.60:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.61:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Tradedoubler : Ignoré.
:mozilla.38:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Weborama : Ignoré.
:mozilla.84:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignoré.
:mozilla.50:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yadro : Ignoré.
:mozilla.51:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yadro : Ignoré.
:mozilla.55:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
:mozilla.56:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482942.exe -> Trojan.Agent.abx : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483109.dll -> Trojan.Agent.vg : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0494176.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0494177.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0494178.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0494179.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498594.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498595.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498596.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0498597.exe -> Trojan.Conycspa.i : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0481727.exe -> Trojan.Dialer.qs : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482953.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482954.exe -> Trojan.ProcKill.DJ : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483017.dll -> Trojan.Sinowal.bh : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483098.dll -> Trojan.Sinowal.bh : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483105.exe -> Trojan.Sinowal.bh : Ignoré.
C:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Ignoré.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482984.dll -> Worm.Banwarum.f : Ignoré.
C:\WINDOWS\system32\adir.dll -> Worm.Banwarum.f : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480720.dll -> Worm.Locksky.ax : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0481720.dll -> Worm.Locksky.ax : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482741.dll -> Worm.Locksky.ax : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482924.dll -> Worm.Locksky.ax : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483001.dll -> Worm.Locksky.ax : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483018.dll -> Worm.Locksky.ax : Ignoré.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0499620.dll -> Worm.Locksky.ax : Ignoré.


Fin du rapport

desolé mais g du lancer avg spy avant pour permettre a celui ci de nettoyer un peu . je vais le relancer et poster le rapport car g lancer avec l'option 2 :

SmitFraudFix v2.128

Rapport fait à 10:11:53,68, 09/12/2006
Executé à partir de C:\Documents and Settings\Steeve FIRMIN\Bureau\nettoie virus\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"

[HKEY_CLASSES_ROOT\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]
@="C:\WINDOWS\system32\mlraakb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}\InProcServer32]
@="C:\WINDOWS\system32\mlraakb.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"


»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\mlraakb.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\mlraakb.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\isnotify.exe supprimé
C:\WINDOWS\system32\issearch.exe supprimé
Problème suppression C:\WINDOWS\system32\ixt?.dll
Problème suppression C:\WINDOWS\system32\ixt??.dll
C:\WINDOWS\system32\ot.ico supprimé
C:\WINDOWS\system32\ts.ico supprimé
C:\WINDOWS\system32\z11.exe supprimé
C:\WINDOWS\system32\z12.exe supprimé
C:\WINDOWS\system32\z15.exe supprimé
C:\WINDOWS\system32\zlbw.dll supprimé
C:\Documents and Settings\Steeve FIRMIN\Application Data\Install.dat supprimé
C:\Documents and Settings\Steeve FIRMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Virus-Bursters 6.3.lnk supprimé
C:\DOCUME~1\STEEVE~1\Favoris\Antivirus Test Online.url supprimé
C:\DOCUME~1\STEEVE~1\MENUDM~1\PROGRA~1\Virus-Bursters supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé
C:\Program Files\Safety Bar\ supprimé
C:\Program Files\SpySheriff\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"



»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\ixt?.dll supprimé


»»»»»»»»»»»»»»»»»»»»»»»» Fin

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 12:35:10 09/12/2006

+ Résultat de l'analyse:



C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0489523.dll -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502755.dll -> Adware.SaveNow : Nettoyé.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Nettoyé.
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Nettoyé.
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Nettoyé.
HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482726.exe -> Adware.Spysheriff : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0503795.exe -> Adware.Spysheriff : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483100.exe -> Downloader.CWS.af : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483113.exe -> Downloader.CWS.af : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483097.exe -> Downloader.PurityScan.dc : Nettoyé.
C:\Program Files\Μіcrosoft\dvdplay.exe -> Downloader.PurityScan.dt : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483006.exe -> Downloader.Small : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483030.exe -> Downloader.Small.awa : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483090.exe -> Downloader.Small.ctf : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483092.exe -> Downloader.Small.dam : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483093.exe -> Downloader.Small.dam : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483102.exe -> Downloader.Small.dam : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483106.exe -> Downloader.Small.dam : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483104.exe -> Downloader.Small.dgk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483114.exe -> Downloader.Small.dgk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483112.exe -> Downloader.Tiny.et : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483091.exe -> Dropper.Agent.azs : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483088.exe -> Dropper.Delf.va : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483111.exe -> Dropper.Small.atd : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480736.dll -> Hijacker.Agent.hz : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482955.dll -> Hijacker.Agent.hz : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482991.exe -> Hijacker.Agent.hz : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483099.exe -> Hijacker.Agent.hz : Nettoyé.
C:\Documents and Settings\Steeve FIRMIN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-11c336b7.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Nettoyé.
C:\Documents and Settings\Steeve FIRMIN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-1109b54b-11c336b7.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0484153.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502671.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502677.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502710.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502712.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP232\A0502718.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z1978.exe -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3141.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3143.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3161.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3192.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3255.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3303.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z337.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3416.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3417.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3427.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3496.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z360.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3603.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3783.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3886.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\WINDOWS\system32\z3909.dll -> Not-A-Virus.Hoax.Win32.Renos.fk : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480722.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482976.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483003.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483089.exe -> Not-A-Virus.Hoax.Win32.Renos.fl : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483110.exe -> Not-A-Virus.Hoax.Win32.Renos.gc : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480735.dll -> Proxy.Agent.df : Nettoyé.
:mozilla.122:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.73:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.74:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.115:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.23:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.24:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.144:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.145:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.146:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.46:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.139:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.31:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.32:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.92:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Hotlog : Nettoyé.
:mozilla.94:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Hypertracker : Nettoyé.
:mozilla.103:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.100:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Komtrack : Nettoyé.
:mozilla.101:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Komtrack : Nettoyé.
:mozilla.12:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.63:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.64:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.65:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.66:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.67:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\Steeve FIRMIN\Cookies\steeve firmin@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
:mozilla.77:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.79:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.83:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.132:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.133:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.134:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.135:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.136:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.10:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.9:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.93:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Spylog : Nettoyé.
:mozilla.104:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.105:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.47:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.48:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.58:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.102:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.70:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.71:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé.
:mozilla.75:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.76:C:\Documents and Settings\Steeve FIRMIN\Application Data\Mozilla\Firefox\Profiles\eqyei9a6.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482942.exe -> Trojan.Agent.abx : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483109.dll -> Trojan.Agent.vg : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0481727.exe -> Trojan.Dialer.qs : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482953.exe -> Trojan.ProcKill.DJ : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482954.exe -> Trojan.ProcKill.DJ : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483017.dll -> Trojan.Sinowal.bh : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483098.dll -> Trojan.Sinowal.bh : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483105.exe -> Trojan.Sinowal.bh : Nettoyé.
C:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482984.dll -> Worm.Banwarum.f : Nettoyé.
C:\WINDOWS\system32\adir.dll -> Worm.Banwarum.f : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0480720.dll -> Worm.Locksky.ax : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0481720.dll -> Worm.Locksky.ax : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482741.dll -> Worm.Locksky.ax : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0482924.dll -> Worm.Locksky.ax : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483001.dll -> Worm.Locksky.ax : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0483018.dll -> Worm.Locksky.ax : Nettoyé.
C:\System Volume Information\_restore{1A9B7404-6AE2-4AD1-A3BA-19DEBFDC696C}\RP231\A0499620.dll -> Worm.Locksky.ax : Nettoyé.


Fin du rapport

Reposte un rapport Hijackthis maintenant.

Logfile of HijackThis v1.99.1
Scan saved at 07:01:08, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\?ymantec\d?xplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\STEEVE~1\LOCALS~1\Temp\Rar$EX01.406\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BCBD8E1F-31F4-5F05-D229-6D73154F5992} - C:\WINDOWS\system32\redf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cfl] C:\WINDOWS\?ymantec\d?xplore.exe
O4 - HKCU\..\Run: [download curb] C:\DOCUME~1\LOCALS~1\APPLIC~1\DELETE~1\Jump remote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: nHMGwOpxtl - {08A30449-A209-AEE3-AF88-15E24DE784F6} - C:\WINDOWS\system32\op.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau

Double clique combofix.exe.

Tape sur la touche Y (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Télécharge Lopxp.zip
Dézippe le sur le Bureau
Lance le fichier lopxp.bat
Un rapport sera généré, poste son contenu ici.

Steeve FIRMIN - 06-12-11 0:56:45,73 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Steeve FIRMIN\Bureau\nettoie virus"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\CROSOF~1
C:\QooBox\Purity\Program Files\CROSOF~1\??crosoft
C:\QooBox\Purity\WINDOWS\YMANTE~1
C:\QooBox\Purity\WINDOWS\YMANTE~1\d?xplore.exe


((((((((((((((((((((((((((((((( Files Created from 2006-11-11 to 2006-12-11 ))))))))))))))))))))))))))))))))))


2006-12-10 15:12 <REP> d-------- C:\25c6f33822df097958aeca013783
2006-12-10 07:19 <REP> d-------- C:\WINDOWS\network diagnostic
2006-12-10 07:16 <REP> d-------- C:\f3ef8c77e1eeedbf6fdc05cb
2006-12-09 12:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2006-12-09 10:13 4,204 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-08 13:16 <REP> d-------- C:\WINDOWS\pss
2006-12-08 12:01 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-08 12:01 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-08 12:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-08 12:01 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-08 12:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-08 12:01 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-08 11:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-07 23:42 5,120 --a------ C:\WINDOWS\system32\z2613.exe
2006-12-07 23:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2006-12-06 18:30 573,480 ---hs---- C:\WINDOWS\system32\nnnmp.bak2
2006-12-06 15:59 <REP> d-------- C:\Program Files\Grisoft
2006-12-06 04:21 38,069 --a------ C:\WINDOWS\system32\z2895.exe
2006-12-06 03:59 1,194,002 ---hs---- C:\WINDOWS\system32\nnnmp.ini2
2006-12-06 02:46 81,920 --a------ C:\WINDOWS\system32\Packet.dll
2006-12-06 02:46 61,440 --a------ C:\WINDOWS\system32\WanPacket.dll
2006-12-06 02:46 53,299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2006-12-06 02:46 32,512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2006-12-06 02:46 233,472 --a------ C:\WINDOWS\system32\wpcap.dll
2006-12-06 02:35 <REP> d-------- C:\Program Files\DeleteLessMail
2006-12-06 02:35 <REP> d-------- C:\Documents and Settings\Steeve FIRMIN\Application Data\DeleteLessMail
2006-12-06 02:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Copy phone kind hope
2006-12-06 02:34 <REP> d-------- C:\Program Files\Download Plugin
2006-12-06 01:24 276,532 ---hs---- C:\WINDOWS\system32\pmnnn.dll
2006-12-06 01:24 1,193,917 ---hs---- C:\WINDOWS\system32\nnnmp.bak1
2006-12-06 01:18 72,704 --a------ C:\WINDOWS\system32\drvhuz.dll
2006-12-05 22:54 <REP> d-------- C:\Program Files\ESET
2006-11-19 15:09 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-11-19 15:09 635,486 --a------ C:\WINDOWS\system32\divx.dll
2006-11-19 15:09 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-11-19 15:09 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-11-19 15:09 200,704 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-11-19 15:09 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-11-19 15:09 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-11-19 15:09 1,138,688 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-11-19 15:09 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-11-16 11:58 <REP> d-------- C:\Program Files\MSXML 4.0


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-12-11 00:52 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-10 15:04 61584 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-12-10 15:04 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-12-10 14:54 -------- d-------- C:\Program Files\Kaspersky Lab
2006-12-10 06:51 -------- d-------- C:\Program Files\Fichiers communs
2006-12-10 06:29 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-08 16:46 96256 --a------ C:\WINDOWS\system32\drivers\sptd0557.sys
2006-12-08 16:45 -------- d-------- C:\Program Files\x264
2006-12-08 16:45 -------- d-------- C:\Program Files\WinRAR
2006-12-08 16:45 -------- d-------- C:\Program Files\Windows NT
2006-12-08 16:45 -------- d-------- C:\Program Files\Windows Media Player
2006-12-08 16:45 -------- d-------- C:\Program Files\Winamp
2006-12-08 16:45 -------- d-------- C:\Program Files\Warcraft III
2006-12-08 16:45 -------- d-------- C:\Program Files\SuperCopier2
2006-12-08 16:45 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-08 16:45 -------- d-------- C:\Program Files\Services en ligne
2006-12-08 16:44 -------- d-------- C:\Program Files\QuickTime
2006-12-08 16:44 -------- d-------- C:\Program Files\PDFCreator
2006-12-08 16:44 -------- d-------- C:\Program Files\Outlook Express
2006-12-08 16:44 -------- d-------- C:\Program Files\Online Services
2006-12-08 16:44 -------- d-------- C:\Program Files\OfficeUpdate11
2006-12-08 16:44 -------- d-------- C:\Program Files\NetMeeting
2006-12-08 16:44 -------- d-------- C:\Program Files\MSN Messenger
2006-12-08 16:44 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-12-08 16:44 -------- d-------- C:\Program Files\Movie Maker
2006-12-08 16:44 -------- d-------- C:\Program Files\Microsoft Works
2006-12-08 16:44 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-12-08 16:44 -------- d-------- C:\Program Files\Messenger
2006-12-08 16:44 -------- d-------- C:\Program Files\ltmoh
2006-12-08 16:44 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-12-08 16:44 -------- d-------- C:\Program Files\iTunes
2006-12-08 16:44 -------- d-------- C:\Program Files\Internet Explorer
2006-12-08 16:44 -------- d-------- C:\Program Files\Google
2006-12-08 16:44 -------- d-------- C:\Program Files\GIMP-2.0
2006-12-08 16:44 -------- d-------- C:\Program Files\Fichiers communs\System
2006-12-08 16:44 -------- d-------- C:\Program Files\Fichiers communs\Macromedia
2006-12-08 16:44 -------- d-------- C:\Program Files\Fichiers communs\Designer
2006-12-08 16:44 -------- d-------- C:\Program Files\ffdshow
2006-12-08 16:44 -------- d-------- C:\Program Files\eMule
2006-12-08 16:44 -------- d-------- C:\Program Files\DivX
2006-12-08 16:44 -------- d-------- C:\Program Files\DAEMON Tools
2006-12-08 16:44 -------- d-------- C:\Program Files\ConTEXT
2006-12-08 16:44 -------- d-------- C:\Program Files\BitComet
2006-12-08 16:44 -------- d-------- C:\Program Files\Atheros
2006-12-08 16:44 -------- d-------- C:\Program Files\Apoint2K
2006-12-08 16:44 -------- d-------- C:\Program Files\amsn
2006-12-08 16:44 -------- d-------- C:\Program Files\7-Zip
2006-12-06 02:51 -------- d---s---- C:\Documents and Settings\Steeve FIRMIN\Application Data\Microsoft
2006-12-05 22:56 -------- d-------- C:\Program Files\Wanadoo
2006-11-19 00:17 -------- d-------- C:\Documents and Settings\Steeve FIRMIN\Application Data\BSplayer
2006-11-10 22:39 -------- d-------- C:\Program Files\Securitoo
2006-11-08 19:53 -------- d-------- C:\Program Files\Java
2006-11-07 08:52 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-11-07 08:52 -------- d-------- C:\Documents and Settings\Steeve FIRMIN\Application Data\Real
2006-11-06 22:22 -------- d-------- C:\Program Files\Webteh
2006-11-05 16:05 -------- d-------- C:\Program Files\Real
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 19:52 -------- d-------- C:\Program Files\Doom 3
2006-10-14 17:42 -------- d-------- C:\Documents and Settings\Steeve FIRMIN\Application Data\Media Player Classic
2006-10-14 00:19 -------- d-------- C:\Documents and Settings\Steeve FIRMIN\Application Data\vlc
2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 06:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"SuperCopier2.exe"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"Cfl"="C:\\WINDOWS\\?ymantec\\d?xplore.exe"
"download curb"="C:\\DOCUME~1\\LOCALS~1\\APPLIC~1\\DELETE~1\\Jump remote.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"TOSHIBA Accessibility"="C:\\Program Files\\TOSHIBA\\Accessibility\\FnKeyHook.exe"
"HWSetup"="C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"TCtryIOHook"="TCtrlIOHook.exe"
"TPSMain"="TPSMain.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\Utilitaire de zoom TOSHIBA\\SmoothView.exe"
"Tvs"="C:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"
"NDSTray.exe"="NDSTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"TFncKy"="TFncKy.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"nHMGwOpxtl"="{08A30449-A209-AEE3-AF88-15E24DE784F6}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7v3j]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="z1978"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\z1978.exe gdtgh"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CFSServ"
"hkey"="HKLM"
"command"="CFSServ.exe -NoClient"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="drvhuz"
"hkey"="HKLM"
"command"="rundll32.exe C:\\WINDOWS\\system32\\drvhuz.dll,startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kind hope four rect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="64Chic"
"hkey"="HKLM"
"command"="C:\\Documents and Settings\\All Users\\Application Data\\Copy phone kind hope\\64Chic.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Virus-Bursters]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="virus-bursters"
"hkey"="HKLM"
"command"="C:\\Program Files\\Virus-Bursters\\virus-bursters.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ZoomingHook"
"hkey"="HKLM"
"command"="ZoomingHook.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjyp32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A7BEB36C919D2868.job

Completion time: 06-12-11 1:02:47.82
C:\ComboFix.txt ... 06-12-11 01:02

Rapport fait à 1:05:07,00 le 11/12/2006

Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

06/12/2006 14:16 <REP> Lavasoft
06/12/2006 08:23 62 desktop.ini
06/12/2006 08:23 <REP> AdobeUM
06/12/2006 08:23 <REP> Adobe
06/12/2006 08:23 <REP> Identities
06/12/2006 08:23 <REP> Microsoft
06/12/2006 08:23 <REP> Sonic
06/12/2006 08:23 <REP> Symantec
06/12/2006 08:23 <REP> toshiba
06/12/2006 08:23 <REP> .
06/12/2006 08:23 <REP> ..
1 fichier(s) 62 octets
10 R‚p(s) 17353285632 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\All Users\Application Data

09/12/2006 12:42 <REP> Avg7
07/12/2006 23:07 <REP> Kaspersky Lab
06/12/2006 02:35 <REP> Copy phone kind hope
22/09/2006 23:09 <REP> Google
01/05/2006 21:55 <REP> Kaspersky Anti-Virus Personal Pro
13/04/2006 13:38 <REP> Macromedia
04/03/2006 14:54 <REP> Messenger Plus!
20/01/2006 15:34 1339 QTSBandwidthCache
02/12/2005 10:45 <REP> Apple Computer
12/10/2005 08:28 <REP> Windows Genuine Advantage
26/09/2005 17:52 <REP> Spybot - Search & Destroy
15/09/2005 18:29 <REP> Adobe Systems
18/03/2005 09:49 <REP> Symantec
18/03/2005 08:10 <REP> Adobe
17/03/2005 09:13 62 desktop.ini
17/03/2005 09:13 <REP> ..
17/03/2005 09:13 <REP> Microsoft
17/03/2005 09:13 <REP> .
17/03/2005 08:26 <REP> SBSI
2 fichier(s) 1401 octets
17 R‚p(s) 17353285632 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Default User\Application Data

15/09/2005 04:16 <REP> AdobeUM
15/09/2005 04:16 <REP> Adobe
15/09/2005 04:16 <REP> Identities
15/09/2005 04:16 <REP> Symantec
15/09/2005 04:16 <REP> Sonic
15/09/2005 04:16 <REP> toshiba
17/03/2005 09:13 62 desktop.ini
17/03/2005 09:13 <REP> ..
17/03/2005 09:13 <REP> .
17/03/2005 09:13 <REP> Microsoft
1 fichier(s) 62 octets
9 R‚p(s) 17353285632 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Steeve FIRMIN\Application Data

06/12/2006 02:35 <REP> DeleteLessMail
06/11/2006 22:22 <REP> BSplayer
05/11/2006 16:04 <REP> Real
14/10/2006 17:42 <REP> Media Player Classic
14/10/2006 00:19 <REP> vlc
01/09/2006 22:10 <REP> Sony Corporation
07/08/2006 23:41 <REP> Quark
18/05/2006 13:31 <REP> Samsung
15/04/2006 12:02 <REP> Google
13/04/2006 11:59 <REP> Opera
03/04/2006 16:38 <REP> iScreensaver
14/03/2006 13:48 <REP> .BitTornado
12/01/2006 21:43 <REP> InterTrust
30/12/2005 21:53 <REP> Apple Computer
19/12/2005 01:07 <REP> Publish Providers
23/11/2005 19:20 <REP> Sun
23/11/2005 18:04 <REP> Sony
21/11/2005 17:45 <REP> MSNInstaller
03/11/2005 00:57 <REP> Help
14/10/2005 14:59 <REP> .bittorrent
26/09/2005 18:12 <REP> Nvu
26/09/2005 18:07 <REP> Dev-Cpp
26/09/2005 18:04 <REP> PDFCreator
26/09/2005 17:59 0 sversion.ini
26/09/2005 17:51 <REP> Lavasoft
26/09/2005 17:50 <REP> Thunderbird
26/09/2005 17:49 <REP> Mozilla
23/09/2005 12:45 35944 GDIPFONTCACHEV1.DAT
17/09/2005 18:07 <REP> InterVideo
15/09/2005 04:28 <REP> Macromedia
15/09/2005 04:18 62 desktop.ini
15/09/2005 04:18 <REP> Adobe
15/09/2005 04:18 <REP> AdobeUM
15/09/2005 04:18 <REP> Identities
15/09/2005 04:18 <REP> Microsoft
15/09/2005 04:18 <REP> Sonic
15/09/2005 04:18 <REP> Symantec
15/09/2005 04:18 <REP> toshiba
15/09/2005 04:18 <REP> .
15/09/2005 04:18 <REP> ..
3 fichier(s) 36006 octets
37 R‚p(s) 17353281536 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\WINDOWS\Tasks

06/12/2006 02:35 286 A7BEB36C919D2868.job
17/03/2005 08:24 6 SA.DAT
17/03/2005 08:19 <REP> ..
17/03/2005 08:19 <REP> .
17/03/2005 08:06 65 desktop.ini
3 fichier(s) 357 octets
2 R‚p(s) 17ÿ353ÿ281ÿ536 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************

Re,

On attaque Pe386 avant tout.

Télécharge Rustbfix (par ejvindh)
Sauvegarde-le sur ton Bureau.

Double clique rustbfix.exe afin de lancer l'outil.
Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer le PC. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
Suite au(x) redémarrage(s), deux rapports s'ouvriront : (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
Copie/Colle le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis dans ta prochaine réponse.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bfacjnbw

*******************

Script file located at: \??\C:\Program Files\wybgupat.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

************************* Rustock.b-fix -- By ejvindh *************************
12/12/2006 1:22:40,09


******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....
Examine the Avenger-logfile in order to assess the success of the unload-procedure

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No streams found.


******************************* End of Logfile ********************************

Logfile of HijackThis v1.99.1
Scan saved at 01:39:42, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\STEEVE~1\LOCALS~1\Temp\Rar$EX00.532\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BCBD8E1F-31F4-5F05-D229-6D73154F5992} - C:\WINDOWS\system32\redf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cfl] C:\WINDOWS\?ymantec\d?xplore.exe
O4 - HKCU\..\Run: [download curb] C:\DOCUME~1\LOCALS~1\APPLIC~1\DELETE~1\Jump remote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: nHMGwOpxtl - {08A30449-A209-AEE3-AF88-15E24DE784F6} - C:\WINDOWS\system32\op.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

Refais un scan LopXP et on attaque le log.

Rapport fait à 1:05:07,00 le 11/12/2006

Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

06/12/2006 14:16 <REP> Lavasoft
06/12/2006 08:23 62 desktop.ini
06/12/2006 08:23 <REP> AdobeUM
06/12/2006 08:23 <REP> Adobe
06/12/2006 08:23 <REP> Identities
06/12/2006 08:23 <REP> Microsoft
06/12/2006 08:23 <REP> Sonic
06/12/2006 08:23 <REP> Symantec
06/12/2006 08:23 <REP> toshiba
06/12/2006 08:23 <REP> .
06/12/2006 08:23 <REP> ..
1 fichier(s) 62 octets
10 R‚p(s) 17353285632 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\All Users\Application Data

09/12/2006 12:42 <REP> Avg7
07/12/2006 23:07 <REP> Kaspersky Lab
06/12/2006 02:35 <REP> Copy phone kind hope
22/09/2006 23:09 <REP> Google
01/05/2006 21:55 <REP> Kaspersky Anti-Virus Personal Pro
13/04/2006 13:38 <REP> Macromedia
04/03/2006 14:54 <REP> Messenger Plus!
20/01/2006 15:34 1339 QTSBandwidthCache
02/12/2005 10:45 <REP> Apple Computer
12/10/2005 08:28 <REP> Windows Genuine Advantage
26/09/2005 17:52 <REP> Spybot - Search & Destroy
15/09/2005 18:29 <REP> Adobe Systems
18/03/2005 09:49 <REP> Symantec
18/03/2005 08:10 <REP> Adobe
17/03/2005 09:13 62 desktop.ini
17/03/2005 09:13 <REP> ..
17/03/2005 09:13 <REP> Microsoft
17/03/2005 09:13 <REP> .
17/03/2005 08:26 <REP> SBSI
2 fichier(s) 1401 octets
17 R‚p(s) 17353285632 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Default User\Application Data

15/09/2005 04:16 <REP> AdobeUM
15/09/2005 04:16 <REP> Adobe
15/09/2005 04:16 <REP> Identities
15/09/2005 04:16 <REP> Symantec
15/09/2005 04:16 <REP> Sonic
15/09/2005 04:16 <REP> toshiba
17/03/2005 09:13 62 desktop.ini
17/03/2005 09:13 <REP> ..
17/03/2005 09:13 <REP> .
17/03/2005 09:13 <REP> Microsoft
1 fichier(s) 62 octets
9 R‚p(s) 17353285632 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Steeve FIRMIN\Application Data

06/12/2006 02:35 <REP> DeleteLessMail
06/11/2006 22:22 <REP> BSplayer
05/11/2006 16:04 <REP> Real
14/10/2006 17:42 <REP> Media Player Classic
14/10/2006 00:19 <REP> vlc
01/09/2006 22:10 <REP> Sony Corporation
07/08/2006 23:41 <REP> Quark
18/05/2006 13:31 <REP> Samsung
15/04/2006 12:02 <REP> Google
13/04/2006 11:59 <REP> Opera
03/04/2006 16:38 <REP> iScreensaver
14/03/2006 13:48 <REP> .BitTornado
12/01/2006 21:43 <REP> InterTrust
30/12/2005 21:53 <REP> Apple Computer
19/12/2005 01:07 <REP> Publish Providers
23/11/2005 19:20 <REP> Sun
23/11/2005 18:04 <REP> Sony
21/11/2005 17:45 <REP> MSNInstaller
03/11/2005 00:57 <REP> Help
14/10/2005 14:59 <REP> .bittorrent
26/09/2005 18:12 <REP> Nvu
26/09/2005 18:07 <REP> Dev-Cpp
26/09/2005 18:04 <REP> PDFCreator
26/09/2005 17:59 0 sversion.ini
26/09/2005 17:51 <REP> Lavasoft
26/09/2005 17:50 <REP> Thunderbird
26/09/2005 17:49 <REP> Mozilla
23/09/2005 12:45 35944 GDIPFONTCACHEV1.DAT
17/09/2005 18:07 <REP> InterVideo
15/09/2005 04:28 <REP> Macromedia
15/09/2005 04:18 62 desktop.ini
15/09/2005 04:18 <REP> Adobe
15/09/2005 04:18 <REP> AdobeUM
15/09/2005 04:18 <REP> Identities
15/09/2005 04:18 <REP> Microsoft
15/09/2005 04:18 <REP> Sonic
15/09/2005 04:18 <REP> Symantec
15/09/2005 04:18 <REP> toshiba
15/09/2005 04:18 <REP> .
15/09/2005 04:18 <REP> ..
3 fichier(s) 36006 octets
37 R‚p(s) 17353281536 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\WINDOWS\Tasks

06/12/2006 02:35 286 A7BEB36C919D2868.job
17/03/2005 08:24 6 SA.DAT
17/03/2005 08:19 <REP> ..
17/03/2005 08:19 <REP> .
17/03/2005 08:06 65 desktop.ini
3 fichier(s) 357 octets
2 R‚p(s) 17ÿ353ÿ281ÿ536 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************
Rapport fait à 20:03:39,40 le 12/12/2006

Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

06/12/2006 14:16 <REP> Lavasoft
06/12/2006 08:23 62 desktop.ini
06/12/2006 08:23 <REP> AdobeUM
06/12/2006 08:23 <REP> Adobe
06/12/2006 08:23 <REP> Identities
06/12/2006 08:23 <REP> Microsoft
06/12/2006 08:23 <REP> Sonic
06/12/2006 08:23 <REP> Symantec
06/12/2006 08:23 <REP> toshiba
06/12/2006 08:23 <REP> .
06/12/2006 08:23 <REP> ..
1 fichier(s) 62 octets
10 R‚p(s) 16987181056 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\All Users\Application Data

09/12/2006 12:42 <REP> Avg7
07/12/2006 23:07 <REP> Kaspersky Lab
06/12/2006 02:35 <REP> Copy phone kind hope
22/09/2006 23:09 <REP> Google
01/05/2006 21:55 <REP> Kaspersky Anti-Virus Personal Pro
13/04/2006 13:38 <REP> Macromedia
04/03/2006 14:54 <REP> Messenger Plus!
20/01/2006 15:34 1339 QTSBandwidthCache
02/12/2005 10:45 <REP> Apple Computer
12/10/2005 08:28 <REP> Windows Genuine Advantage
26/09/2005 17:52 <REP> Spybot - Search & Destroy
15/09/2005 18:29 <REP> Adobe Systems
18/03/2005 09:49 <REP> Symantec
18/03/2005 08:10 <REP> Adobe
17/03/2005 09:13 62 desktop.ini
17/03/2005 09:13 <REP> ..
17/03/2005 09:13 <REP> Microsoft
17/03/2005 09:13 <REP> .
17/03/2005 08:26 <REP> SBSI
2 fichier(s) 1401 octets
17 R‚p(s) 16987181056 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Default User\Application Data

15/09/2005 04:16 <REP> AdobeUM
15/09/2005 04:16 <REP> Adobe
15/09/2005 04:16 <REP> Identities
15/09/2005 04:16 <REP> Symantec
15/09/2005 04:16 <REP> Sonic
15/09/2005 04:16 <REP> toshiba
17/03/2005 09:13 62 desktop.ini
17/03/2005 09:13 <REP> ..
17/03/2005 09:13 <REP> .
17/03/2005 09:13 <REP> Microsoft
1 fichier(s) 62 octets
9 R‚p(s) 16987176960 octets libres
Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\Documents and Settings\Steeve FIRMIN\Application Data

06/12/2006 02:35 <REP> DeleteLessMail
06/11/2006 22:22 <REP> BSplayer
05/11/2006 16:04 <REP> Real
14/10/2006 17:42 <REP> Media Player Classic
14/10/2006 00:19 <REP> vlc
01/09/2006 22:10 <REP> Sony Corporation
07/08/2006 23:41 <REP> Quark
18/05/2006 13:31 <REP> Samsung
15/04/2006 12:02 <REP> Google
13/04/2006 11:59 <REP> Opera
03/04/2006 16:38 <REP> iScreensaver
14/03/2006 13:48 <REP> .BitTornado
12/01/2006 21:43 <REP> InterTrust
30/12/2005 21:53 <REP> Apple Computer
19/12/2005 01:07 <REP> Publish Providers
23/11/2005 19:20 <REP> Sun
23/11/2005 18:04 <REP> Sony
21/11/2005 17:45 <REP> MSNInstaller
03/11/2005 00:57 <REP> Help
14/10/2005 14:59 <REP> .bittorrent
26/09/2005 18:12 <REP> Nvu
26/09/2005 18:07 <REP> Dev-Cpp
26/09/2005 18:04 <REP> PDFCreator
26/09/2005 17:59 0 sversion.ini
26/09/2005 17:51 <REP> Lavasoft
26/09/2005 17:50 <REP> Thunderbird
26/09/2005 17:49 <REP> Mozilla
23/09/2005 12:45 35944 GDIPFONTCACHEV1.DAT
17/09/2005 18:07 <REP> InterVideo
15/09/2005 04:28 <REP> Macromedia
15/09/2005 04:18 62 desktop.ini
15/09/2005 04:18 <REP> Adobe
15/09/2005 04:18 <REP> AdobeUM
15/09/2005 04:18 <REP> Identities
15/09/2005 04:18 <REP> Microsoft
15/09/2005 04:18 <REP> Sonic
15/09/2005 04:18 <REP> Symantec
15/09/2005 04:18 <REP> toshiba
15/09/2005 04:18 <REP> .
15/09/2005 04:18 <REP> ..
3 fichier(s) 36006 octets
37 R‚p(s) 16987176960 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C s'appelle Xsulfurick
Le num‚ro de s‚rie du volume est 08A3-0448

R‚pertoire de C:\WINDOWS\Tasks

06/12/2006 02:35 286 A7BEB36C919D2868.job
17/03/2005 08:24 6 SA.DAT
17/03/2005 08:19 <REP> ..
17/03/2005 08:19 <REP> .
17/03/2005 08:06 65 desktop.ini
3 fichier(s) 357 octets
2 R‚p(s) 16ÿ987ÿ176ÿ960 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************

Re,

Télécharge KillBox d'Option^Explicit.

Dézippe le dans un dossier ou sur ton bureau (Clique droit puis Extraire Tout).
Selectionne le texte dans le cadre :



---> Clique Droit puis Copier.
----------

-- Ouvre Killbox.exe
-- Choisis "Delete on reboot"
-- Clique sur :
- " File " -> " Paste from Clipboard "
- " All Files "

Pour terminer clique sur .

Une question te sera alors posée :
" File will be Removed on Reboot, Do you want to reboot now ? "

-- Répond par OUI, un compte à rebour s'enclenche, ton PC va redémarrer.
-- Après redémarrage, relance Killbox puis clique sur le menu : Files -> Logs -> Actions History Log, poste ce rapport ici.

NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!"
Redémarre ton PC manuellement.

AIDE : Tuto sur KillBox (Jesses)

Salut
Desolé mais je n'avais pas de connexion internet !!
voici le rapport apres avoir fait tous ce que tu m'a dit !!

Pocket Killbox version 2.0.0.648
Running on Windows XP as Steeve FIRMIN(Administrator)
was started @ jeudi, décembre 14, 2006, 12:41 PM

Killbox Closed(Exit) @ 12:41:50 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Steeve FIRMIN(Administrator)
was started @ jeudi, décembre 14, 2006, 12:46 PM

# 1 [Delete on Reboot]
Path = C:\Documents and Settings\All Users\Application Data\Copy phone kind hope


# 2 [Delete on Reboot]
Path = C:\Documents and Settings\Steeve FIRMIN\Application Data\DeleteLessMail


# 3 [Delete on Reboot]
Path = C:\WINDOWS\Tasks\A7BEB36C919D2868.job


I Rebooted @ 12:49:44 PM
Killbox Closed(Exit) @ 12:49:50 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Steeve FIRMIN(Administrator)
was started @ jeudi, décembre 14, 2006, 12:56 PM

Killbox Closed(Exit) @ 12:56:20 PM
__________________________________________________

Bonjour,

Reposte un nouveau rapport HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 18:00:37, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\STEEVE~1\LOCALS~1\Temp\Rar$EX00.829\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BCBD8E1F-31F4-5F05-D229-6D73154F5992} - C:\WINDOWS\system32\redf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cfl] C:\WINDOWS\?ymantec\d?xplore.exe
O4 - HKCU\..\Run: [download curb] C:\DOCUME~1\LOCALS~1\APPLIC~1\DELETE~1\Jump remote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: nHMGwOpxtl - {08A30449-A209-AEE3-AF88-15E24DE784F6} - C:\WINDOWS\system32\op.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)

Re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.

Redémarre en mode sans échec

Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.

SDFix: Version 1.47
****************

14/12/2006 - 19:07:18,35

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking For Trojan Services...

Service Name:

MsaSvc

File Path:

C:\WINDOWS\system32\msasvc.exe

MsaSvc Deleted...

Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\WINDOWS\SYSTEM32\Z2895.EXE
C:\WINDOWS\emdat.tm
C:\WINDOWS\emdat.tmp

Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Authorized Applications Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\\qlcojek.exe"="C:\\qlcojek.exe:*:Enabled:Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"c:\\qlcojek.exe"="C:\\qlcojek.exe:*:Enabled:Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Files:
------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\WINDOWS\system32\pmnnn.dll
C:\QooBox\Purity\WINDOWS\YMANTE~1\d?xplore.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\system32\448BB76FD9.sys
C:\WINDOWS\system32\nnnmp.tmp

FINISHED!

Logfile of HijackThis v1.99.1
Scan saved at 19:28:42, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\STEEVE~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BCBD8E1F-31F4-5F05-D229-6D73154F5992} - C:\WINDOWS\system32\redf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cfl] C:\WINDOWS\?ymantec\d?xplore.exe
O4 - HKCU\..\Run: [download curb] C:\DOCUME~1\LOCALS~1\APPLIC~1\DELETE~1\Jump remote.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: nHMGwOpxtl - {08A30449-A209-AEE3-AF88-15E24DE784F6} - C:\WINDOWS\system32\op.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

R3 - URLSearchHook: (no name) - {BCBD8E1F-31F4-5F05-D229-6D73154F5992} - C:\WINDOWS\system32\redf.dll (file missing)
O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKCU\..\Run: [Cfl] C:\WINDOWS\?ymantec\d?xplore.exe
O4 - HKCU\..\Run: [download curb] C:\DOCUME~1\LOCALS~1\APPLIC~1\DELETE~1\Jump remote.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O21 - SSODL: nHMGwOpxtl - {08A30449-A209-AEE3-AF88-15E24DE784F6} - C:\WINDOWS\system32\op.dll (file missing)

Clique sur Fix checked (en bas à gauche)

j'ai fait comme dit et voici le rapport :

Logfile of HijackThis v1.99.1
Scan saved at 02:00:46, on 15/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\STEEVE~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

D'autres problèmes ?

merci le probleme est resolu

ALORS MARQUE RESOLU A TON 1ER SUJET EN EDITANT CELUI-CI STP...

merci