Pubs Security center, safety center , etc... [resolu]

Bonsoir  

Télécharge Hijackthis <- ici sur ton Bureau

lance le programme , clique sur do a system scan and save a logfile
copie / colle le rapport généré

>> Tuto HiJackThis v2.0.2 <<

merci  

voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:53:36 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Customer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rjagihzq.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

--
End of file - 9531 bytes

Re ,
Tu es infecté ,

Télécharge VundoFix <- ici
sur ton Bureau

Double-clique VundoFix.exe pour le lancer
lorsque il se lance à nouveau , clique sur Scan for Vundo
à la fin du scan , clique sur Remove Vundo
il te demandera si tu veux supprimer les fichiers , clique sur YES
ton Bureau va disparaitre lors de la suppression des fichiers
ensuite , il va t'annoncer que ton PC va s'éteindre , clique OK
Redémarre ton PC

Copie/colle le rapport ( C:\vundofix.txt )
et un nouveau rapport HijackThis

Il est possible que VundoFix ne puisse pas supprimer un fichier , dans ce cas, il se relancera au prochain redémarrage , il suffit de recommencer à partir de clique sur Scan for Vundo

Rapport vundo :


VundoFix V6.6.1

Checking Java version...

Scan started at 3:46:17 PM 11/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\rjagihzq.dll
C:\WINDOWS\system32\ssqopnn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rjagihzq.dll
C:\WINDOWS\system32\rjagihzq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqopnn.dll
C:\WINDOWS\system32\ssqopnn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqopnn.dll
C:\WINDOWS\system32\ssqopnn.dll Has been deleted!

Performing Repairs to the registry.
Done!







Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:58 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Customer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fmjvwryu.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe

--
End of file - 9692 bytes

Re ,

Télécharge ComboFix <- ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape 1 puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Un rapport est généré , Copie / Colle le dans ta réponse
Tu peux aussi trouver ce rapport ici : C:\Combofix.txt

ComboFix 07-11-08.1 - Customer 2007-11-16 16:49:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.126 [GMT -5:00]
Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Customer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Customer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Customer\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\fmjvwryu.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pssru.bak1
C:\WINDOWS\system32\pssru.bak2
C:\WINDOWS\system32\pssru.ini
C:\WINDOWS\system32\pssru.ini2
C:\WINDOWS\system32\pssru.tmp
C:\WINDOWS\system32\rjagihzq.dllbox
C:\WINDOWS\system32\urssp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-16 16:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 16:23 81,984 --a------ C:\WINDOWS\system32\dlpaoxga.dll
2007-11-16 16:17 85,056 --a------ C:\WINDOWS\system32\nfdqpitn.dll
2007-11-16 16:15 145,984 --a------ C:\WINDOWS\system32\fmjvwryu.dll
2007-11-16 16:14 145,984 --a------ C:\WINDOWS\system32\muvmqhwp.dll
2007-11-16 16:12 71,232 --a------ C:\WINDOWS\system32\uoicjfbm.exe
2007-11-16 15:46 <DIR> d-------- C:\VundoFix Backups
2007-11-16 15:46 81,984 --a------ C:\WINDOWS\system32\jebfnasv.dll
2007-11-16 15:43 85,056 --a------ C:\WINDOWS\system32\fqisbcrg.dll
2007-11-16 15:37 71,232 --a------ C:\WINDOWS\system32\qsdkbxfd.exe
2007-11-15 15:45 85,056 --a------ C:\WINDOWS\system32\irfrqgkq.dll
2007-11-15 15:42 79,936 --a------ C:\WINDOWS\system32\dycqldqh.dll
2007-11-15 15:36 71,232 --a------ C:\WINDOWS\system32\cbdsuqyo.exe
2007-11-15 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-14 15:46 79,424 --a------ C:\WINDOWS\system32\vhivkeet.dll
2007-11-14 15:37 85,056 --a------ C:\WINDOWS\system32\kgptcdjk.dll
2007-11-14 15:35 71,232 --a------ C:\WINDOWS\system32\ybdlgskq.exe
2007-11-13 15:39 80,448 --a------ C:\WINDOWS\system32\hxnaweja.dll
2007-11-13 15:36 85,056 --a------ C:\WINDOWS\system32\utraqjhb.dll
2007-11-12 16:07 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-12 16:07 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-12 16:07 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-12 16:07 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-12 16:07 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-12 16:07 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-12 16:07 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-12 16:07 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-12 13:57 81,472 --a------ C:\WINDOWS\system32\rygvsowf.dll
2007-11-12 04:51 144,314 --a------ C:\WINDOWS\system32\rjmivcnq.dll
2007-11-11 16:38 <DIR> d-------- C:\WINDOWS\system32\rMa02yy
2007-11-11 16:38 <DIR> d-------- C:\TEMP\abW9
2007-11-09 12:15 <DIR> d-------- C:\Program Files\iPod
2007-11-08 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-07 22:15 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-07 22:15 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-07 22:13 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-07 22:04 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-07 22:02 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-07 21:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-07 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-03 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2007-11-03 16:56 <DIR> d-------- C:\Program Files\Last.fm
2007-11-02 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-01 12:23 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-01 12:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-01 12:23 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-01 12:23 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-31 15:42 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Skype
2007-10-31 15:41 <DIR> d-------- C:\Program Files\Skype
2007-10-31 15:41 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-31 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 21:45 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\vlc
2007-10-28 21:45 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\dvdcss
2007-10-28 21:41 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-28 21:38 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\InterVideo
2007-10-23 00:17 <DIR> d-------- C:\Program Files\Windows Live
2007-10-23 00:17 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-10-22 11:42 <DIR> d-------- C:\Program Files\iTunes
2007-10-17 11:59 <DIR> d-------- C:\Program Files\eMule
2007-10-16 16:21 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2007-10-16 16:16 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2007-10-16 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-10-16 16:13 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2007-10-16 16:13 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Sony Corporation
2007-10-16 15:53 <DIR> d-------- C:\Program Files\Sony
2007-10-16 15:53 90,112 --------- C:\WINDOWS\snymsico.dll
2007-10-16 15:53 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2007-10-16 15:53 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2007-10-16 15:53 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 20:24 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-13 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-09 17:12 --------- d-----w C:\Program Files\QuickTime
2007-10-22 02:32 --------- d-----w C:\Documents and Settings\Customer\Application Data\Apple Computer
2007-10-16 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-14 22:08 --------- d-----w C:\Program Files\Apple Software Update
2007-10-14 22:07 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-14 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-12 15:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-16 16:15 145984 --a------ C:\WINDOWS\system32\fmjvwryu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\fmjvwryu.dll [2007-11-16 16:15 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 12:01 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 15:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 15:08]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 23:10]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 15:50]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2003-05-12 19:33]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 19:55]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 12:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 15:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQDFWAG"=C:\WINDOWS\Cpqdiag\CpqDfwAg.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-12 13:42:00]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-03 16:56:49]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 13:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fmjvwryu]
fmjvwryu.dll 2007-11-16 16:15 145984 C:\WINDOWS\system32\fmjvwryu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urssp.dll

R1 ClntMgmt;HP Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys
R2 cpqWebDmi;Insight Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 21:34:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 17:00:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 17:03:08 - machine was rebooted
.
--- E O F ---

Bonjour  

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

Bonjour!

Voila le rapport :

ComboFix 07-11-08.1 - Customer 2007-11-17 11:10:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.141 [GMT -5:00]
Running from: C:\Documents and Settings\Customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Customer\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\cbdsuqyo.exe
C:\WINDOWS\system32\dlpaoxga.dll
C:\WINDOWS\system32\dycqldqh.dll
C:\WINDOWS\system32\fmjvwryu.dll
C:\WINDOWS\system32\fqisbcrg.dll
C:\WINDOWS\system32\hxnaweja.dll
C:\WINDOWS\system32\irfrqgkq.dll
C:\WINDOWS\system32\jebfnasv.dll
C:\WINDOWS\system32\kgptcdjk.dll
C:\WINDOWS\system32\muvmqhwp.dll
C:\WINDOWS\system32\nfdqpitn.dll
C:\WINDOWS\system32\qsdkbxfd.exe
C:\WINDOWS\system32\rjmivcnq.dll
C:\WINDOWS\system32\rygvsowf.dll
C:\WINDOWS\system32\uoicjfbm.exe
C:\WINDOWS\system32\utraqjhb.dll
C:\WINDOWS\system32\vhivkeet.dll
C:\WINDOWS\system32\ybdlgskq.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Customer\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Customer\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Customer\Favorites\Online Security Guide.lnk
C:\TEMP\abW9\
C:\VundoFix Backups
C:\VundoFix Backups\rjagihzq.dll.bad
C:\VundoFix Backups\ssqopnn.dll.bad
C:\WINDOWS\system32\cbdsuqyo.exe
C:\WINDOWS\system32\dlpaoxga.dll
C:\WINDOWS\system32\dycqldqh.dll
C:\WINDOWS\system32\fmjvwryu.dll
C:\WINDOWS\system32\fmjvwryu.dllbox
C:\WINDOWS\system32\fqisbcrg.dll
C:\WINDOWS\system32\hxnaweja.dll
C:\WINDOWS\system32\irfrqgkq.dll
C:\WINDOWS\system32\jebfnasv.dll
C:\WINDOWS\system32\kgptcdjk.dll
C:\WINDOWS\system32\muvmqhwp.dll
C:\WINDOWS\system32\nfdqpitn.dll
C:\WINDOWS\system32\qsdkbxfd.exe
C:\WINDOWS\system32\rjmivcnq.dll
C:\WINDOWS\system32\rMa02yy\
C:\WINDOWS\system32\rygvsowf.dll
C:\WINDOWS\system32\uoicjfbm.exe
C:\WINDOWS\system32\utraqjhb.dll
C:\WINDOWS\system32\vhivkeet.dll
C:\WINDOWS\system32\ybdlgskq.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-16 16:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-12 16:07 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-12 16:07 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-12 16:07 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-12 16:07 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-12 16:07 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-12 16:07 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-12 16:07 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-12 16:07 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-09 12:15 <DIR> d-------- C:\Program Files\iPod
2007-11-08 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-07 22:15 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-07 22:15 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-07 22:13 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-11-07 22:04 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-07 22:02 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-07 21:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-07 21:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-03 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2007-11-03 16:56 <DIR> d-------- C:\Program Files\Last.fm
2007-11-02 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-01 12:23 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-01 12:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-01 12:23 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-01 12:23 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-31 15:42 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\Skype
2007-10-31 15:41 <DIR> d-------- C:\Program Files\Skype
2007-10-31 15:41 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-31 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 21:45 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\vlc
2007-10-28 21:45 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\dvdcss
2007-10-28 21:41 <DIR> d-------- C:\Program Files\VideoLAN
2007-10-28 21:38 <DIR> d-------- C:\Documents and Settings\Customer\Application Data\InterVideo
2007-10-23 00:17 <DIR> d-------- C:\Program Files\Windows Live
2007-10-23 00:17 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-10-22 11:42 <DIR> d-------- C:\Program Files\iTunes
2007-10-17 11:59 <DIR> d-------- C:\Program Files\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 20:24 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 21:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-13 21:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-09 17:12 --------- d-----w C:\Program Files\QuickTime
2007-10-22 02:32 --------- d-----w C:\Documents and Settings\Customer\Application Data\Apple Computer
2007-10-16 21:22 --------- d-----w C:\Documents and Settings\Customer\Application Data\Sony Corporation
2007-10-16 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 21:14 --------- d-----w C:\Program Files\Sony
2007-10-16 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-10-16 21:13 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-10-14 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-14 22:08 --------- d-----w C:\Program Files\Apple Software Update
2007-10-14 22:07 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-14 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-12 15:51 --------- d-----w C:\Program Files\Windows Media Connect 2
.

((((((((((((((((((((((((((((( snapshot@2007-11-16_17.02.07.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-17 16:16:03 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 12:01 C:\WINDOWS\AGRSMMSG.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 15:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 15:08]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 23:10]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 15:50]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2003-05-12 19:33]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2003-07-15 19:55]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 12:33]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 06:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 15:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"CPQDFWAG"=C:\WINDOWS\Cpqdiag\CpqDfwAg.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-09-12 13:42:00]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-03 16:56:49]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 13:10:00]

R1 ClntMgmt;HP Client Management Driver;C:\WINDOWS\system32\Drivers\ClntMgmt.sys
R2 cpqWebDmi;Insight Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 04:30:49 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 11:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?`???? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 11:18:19 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 17:03
.
--- E O F ---

Bien , on continue  

Télécharge Smitfraudfix <- ici

Enregistre le sur ton bureau

Double clique sur SmitfraudFix.exe ( le .exe peut ne pas apparaitre )
Choisis ensuite l'Option 1 ( Recherche )

Poste le rapport généré

vooooiiillaaaaa :

SmitFraudFix v2.253

Scan done at 19:37:55.45, Sat 11/17/2007
Run from C:\Documents and Settings\Customer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Customer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Customer\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Customer\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: HP WLAN 802.11a/b/g W500 - Packet Scheduler Miniport
DNS Server Search Order: 68.87.74.162
DNS Server Search Order: 68.87.68.162

HKLM\SYSTEM\CCS\Services\Tcpip\..\{925B22B0-7F40-4FF9-BBC5-2CF596197C55}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{925B22B0-7F40-4FF9-BBC5-2CF596197C55}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{925B22B0-7F40-4FF9-BBC5-2CF596197C55}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Re ,

Remplace Avast par Antivir ( gratuit aussi mais 20 fois meilleur ) :
Télécharge le dans cette page : > Sécuriser son ordinateur <

Fais une analyse complète ( poste de travail ) de préférence en mode sans échec ( plus efficace et moins long ) et poste le rapport

Bonjour. J'ai dl antivir mais comment je fait le rapport? je fait un scan?

Re ,

>> Tuto Antivir <<

AntiVir PersonalEdition Classic
Report file date: Sunday, November 18, 2007 19:17

Scanning for 933576 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: CUSTOMER-30730F

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 18:31:12
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 18:31:12
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 18:31:12
ANTIVIR3.VDF : 7.0.0.227 112128 Bytes 11/18/2007 18:31:12
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 11/18/2007 18:31:13
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 14:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 15:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, November 18, 2007 19:17

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'LastFMHelper.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'HPBMOBIL.EXE' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'WinPatrol.exe' - '1' Module(s) have been scanned
Scan process 'eabservr.exe' - '1' Module(s) have been scanned
Scan process 'Chkadmin.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Cpqdmi.exe' - '1' Module(s) have been scanned
Scan process 'Win32sl.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'CPQDFWAG.EXE' - '1' Module(s) have been scanned
Scan process 'Webdmi.exe' - '1' Module(s) have been scanned
Scan process 'Cpqalert.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\qoobox\Quarantine\catchme2007-11-16_165958.64.zip
[0] Archive type: ZIP
--> urssp.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47b5095d.qua'!
C:\qoobox\Quarantine\catchme2007-11-17_111611.65.zip
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47b50963.qua'!
C:\qoobox\Quarantine\C\VundoFix Backups\rjagihzq.dll.bad.vir
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47a2096f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cbdsuqyo.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47a5096d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dlpaoxga.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b10977.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\dycqldqh.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a40985.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fmjvwryu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47ab0979.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\fqisbcrg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47aa097d.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\hxnaweja.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AS
[INFO] The file was moved to '47af0985.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\irfrqgkq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47a7097f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\jebfnasv.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a30973.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\kgptcdjk.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47b10975.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\muvmqhwp.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47b70983.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\nfdqpitn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47a50975.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\qsdkbxfd.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47a50982.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rjmivcnq.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47ae097a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rygvsowf.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47a8098a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uoicjfbm.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47aa0980.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\urssp.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47b40983.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\utraqjhb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47b30986.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vhivkeet.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47aa097a.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\ybdlgskq.exe.vir
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47a50974.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP106\A0008114.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47710971.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP107\A0008161.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47710975.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008355.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '47710997.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008356.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '46e12bd8.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008357.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47710999.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008358.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '47710998.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008359.dll
[DETECTION] Is the Trojan horse TR/Vundo.AS
[INFO] The file was moved to '46e12bd9.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008360.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '46e12bda.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008361.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4771099b.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008362.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '4771099a.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008363.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '46e12bdb.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008364.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '4771099c.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008365.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '46e12bdc.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008366.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '4771099d.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008367.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '46e12bde.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008368.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '46e12bdd.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008369.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[INFO] The file was moved to '4771099f.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008370.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '46e12be0.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008371.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[INFO] The file was moved to '477109a1.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008375.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '4771099e.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP110\A0008379.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '46e12be2.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP97\A0007389.dll
[DETECTION] Is the Trojan horse TR/Winfixer
[INFO] The file was moved to '47710a95.qua'!
C:\System Volume Information\_restore{24627AB5-EAD5-4282-9A6B-3E971C58FA03}\RP97\A0007391.dll
[DETECTION] Is the Trojan horse TR/Vundo.DQE
[INFO] The file was moved to '47710a96.qua'!


End of the scan: Sunday, November 18, 2007 23:15
Used time: 3:57:34 min

The scan has been done completely.

4046 Scanning directories
137359 Files were scanned
45 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
45 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
137314 Files not concerned
672 Archives were scanned
2 Warnings
0 Notes

Bonjour  

Tu as toujours des problèmes ?

bonjour

non, apparement non  

Re ,

Télécharge ToolsCleaner2 <- ici
Installe le sur ton Bureau
Clique sur Recherche pour lancer le scan
Clique sur Supprimer pour nettoyer les outils utilisés
Clique sur Quitter , ceci va créer un rapport
Poste le rapport ( C:\TCleaner.txt )

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\Customer\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\Customer\Desktop\vundoFix.exe: trouvé !
C:\Documents and Settings\Customer\Desktop\HijackThis.exe: trouvé !
C:\Documents and Settings\Customer\Desktop\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Customer\Desktop\SmitFraudfix: trouvé !
C:\Documents and Settings\Customer\Recent\HijackThis.lnk: trouvé !
C:\qoobox\Quarantine\C\Vundofix backups: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Customer\Desktop\ComboFix.exe: supprimé !
C:\Documents and Settings\Customer\Desktop\vundoFix.exe: supprimé !
C:\Documents and Settings\Customer\Desktop\HijackThis.exe: supprimé !
C:\Documents and Settings\Customer\Desktop\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Customer\Recent\HijackThis.lnk: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\Customer\Desktop\SmitFraudfix: supprimé !

Bien , si tout est OK ,

Clique, dans ton premier message, sur le bouton "Editer"
Ajoute [Résolu] au titre
Clique ensuite sur "Valider votre message"

Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

- Règles du forum <- ici
- Poster un message <- ici ( par Malekal )

Pour t'enregistrer clique sur le bouton register ( en haut )
Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

Tu auras une liste par type d'infection
Si ton infection n'est pas dans la liste crée un message dans Autres infections

Ton infection : Vundo

Merci  

Merci beaucoup!!!!!  

De rien  

Bonne continuation