Virus PC s'eteind tout seul et impossible d'enlever online security Gu

Voilà le rapport que je supose vous aliez demandé


Logfile of HijackThis v1.99.1
Scan saved at 11:23:31, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\PMHandler.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Gilles De Schepper\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qtmsrrxm.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP1-88\EasyPHP.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9619] command /c del "C:\WINDOWS\system32\qtmsrrxm.dllbox"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3034] cmd /c del "C:\WINDOWS\system32\qtmsrrxm.dllbox"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Readme Hold] C:\DOCUME~1\GILLES~1\APPLIC~1\GLUECO~1\MATH FLAG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Documents and Settings\Gilles De Schepper\Bureau\AnyDVD.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5577] command /c del "C:\WINDOWS\system32\qtmsrrxm.dllbox"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/fr/fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

Bonjour  

en effet tu es infecté ,

Télécharge VundoFix <- ici
sur ton Bureau

Double-clique VundoFix.exe pour le lancer
lorsque il se lance à nouveau , clique sur Scan for Vundo
à la fin du scan , clique sur Remove Vundo
il te demandera si tu veux supprimer les fichiers , clique sur YES
ton Bureau va disparaitre lors de la suppression des fichiers
ensuite , il va t'annoncer que ton PC va s'éteindre , clique OK
Redémarre ton PC

Copie/colle le rapport ( C:\vundofix.txt )
et un nouveau rapport HijackThis

Il est possible que VundoFix ne puisse pas supprimer un fichier , dans ce cas, il se relancera au prochain redémarrage , il suffit de recommencer à partir de clique sur Scan for Vundo

----------------------------------------------------------------

Supprime ta version de Hijackthis ( c'est l'ancienne version )

Télécharge Hijackthis <- ici sur ton Bureau

lance le programme , clique sur do a system scan and save a logfile
copie / colle le rapport généré
>> Tuto HiJackThis v2.0.2 <<

Voilà les deux rapport demandé Merci pour la réponse rapide..


VundoFix V6.7.0

Checking Java version...

Scan started at 15:06:43 2/12/2007

Listing files found while scanning....

C:\windows\system32\gouwbfpy.dll
C:\windows\system32\qtmsrrxm.dll
C:\windows\system32\qtmsrrxm.dllbox
C:\windows\system32\ssttt.dll
C:\windows\system32\tttss.ini
C:\windows\system32\tttss.ini2

Beginning removal...

Attempting to delete C:\windows\system32\gouwbfpy.dll
C:\windows\system32\gouwbfpy.dll Has been deleted!

Attempting to delete C:\windows\system32\qtmsrrxm.dll
C:\windows\system32\qtmsrrxm.dll Has been deleted!

Attempting to delete C:\windows\system32\qtmsrrxm.dllbox
C:\windows\system32\qtmsrrxm.dllbox Has been deleted!

Attempting to delete C:\windows\system32\ssttt.dll
C:\windows\system32\ssttt.dll Has been deleted!

Attempting to delete C:\windows\system32\tttss.ini
C:\windows\system32\tttss.ini Has been deleted!

Attempting to delete C:\windows\system32\tttss.ini2
C:\windows\system32\tttss.ini2 Has been deleted!

Performing Repairs to the registry.
Done!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:18, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PMSveH.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PMHandler.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Gilles De Schepper\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP1-88\EasyPHP.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Readme Hold] C:\DOCUME~1\GILLES~1\APPLIC~1\GLUECO~1\MATH FLAG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Documents and Settings\Gilles De Schepper\Bureau\AnyDVD.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5577] command /c del "C:\WINDOWS\system32\qtmsrrxm.dllbox"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/fr/fr
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe

--
End of file - 12033 bytes

re ,

Vundofix en à eu un peu  

Télécharge ComboFix <- ici

Enregistre le sur ton Bureau et pas ailleurs !
Double clique combofix.exe ( le .exe peut ne pas apparaitre )
Pour démarrer , tape 1 puis valide , attend la fin du scan
il peut y avoir un Redémarrage du PC !

Un rapport est généré , Copie / Colle le dans ta réponse
Tu peux aussi trouver ce rapport ici : C:\Combofix.txt

ComboFix 07-12-02.5 - Gilles De Schepper 2007-12-02 17:11:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.52 [GMT 1:00]
Running from: C:\Documents and Settings\Gilles De Schepper\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\Gilles De Schepper\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Gilles De Schepper\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Gilles De Schepper\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Invité\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Invité\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Invité\Favoris\Online Security Guide.lnk
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\dnajlkhx.ini
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\rmmbyokp.exe
C:\WINDOWS\system32\ucjffrmc.dll
C:\WINDOWS\system32\urqnopq.dll
C:\WINDOWS\system32\xhkljand.dll
C:\x.dat
C:\z.dat
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 17:18 . 2007-12-02 17:18 268 --ah----- C:\sqmdata18.sqm
2007-12-02 17:18 . 2007-12-02 17:18 244 --ah----- C:\sqmnoopt18.sqm
2007-12-02 15:49 . 2007-12-02 15:49 336,480 --a------ C:\WINDOWS\system32\awtqn.dll
2007-12-02 15:06 . 2007-12-02 15:06 <REP> d-------- C:\VundoFix Backups
2007-12-02 00:26 . 2007-12-02 00:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-12-02 00:07 . 2007-12-02 00:07 268 --ah----- C:\sqmdata17.sqm
2007-12-02 00:07 . 2007-12-02 00:07 244 --ah----- C:\sqmnoopt17.sqm
2007-12-01 23:06 . 2007-12-01 23:06 268 --ah----- C:\sqmdata16.sqm
2007-12-01 23:06 . 2007-12-01 23:06 244 --ah----- C:\sqmnoopt16.sqm
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Voisinage r‚seau
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Voisinage d'impression
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\ModŠles
2007-12-01 21:56 . 2004-09-17 17:59 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Mes documents
2007-12-01 21:56 . 2004-09-17 17:45 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Menu D‚marrer
2007-12-01 21:56 . 2007-12-02 17:16 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Favoris
2007-12-01 21:56 . 2007-12-02 17:16 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bureau
2007-12-01 21:56 . 2007-07-31 10:37 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bluetooth Software
2007-12-01 21:56 . 2007-07-31 10:53 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Application Data\Symantec
2007-12-01 21:56 . 2007-07-31 10:48 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Application Data\IBM
2007-11-24 19:32 . 2007-11-24 19:39 <REP> d-------- C:\Program Files\Yahoo!
2007-11-24 14:46 . 2007-11-24 14:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-24 14:43 . 2007-11-24 14:43 120 --a------ C:\n.bat
2007-11-24 14:41 . 2007-11-24 18:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 14:14 . 2007-11-24 14:14 <REP> d-------- C:\Documents and Settings\Gilles De Schepper\Application Data\AVS4YOU
2007-11-24 14:14 . 2007-11-24 14:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-24 13:36 . 2007-11-24 13:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-24 13:35 . 2007-11-24 13:37 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-20 18:08 . 2007-11-20 18:08 <REP> d-------- C:\Program Files\VirtualDJ
2007-11-20 17:45 . 2007-11-20 17:45 <REP> d-------- C:\Program Files\DivX
2007-11-18 17:05 . 2007-11-18 17:05 <REP> d-------- C:\Documents and Settings\Gilles De Schepper\Application Data\Ulead Systems
2007-11-18 17:05 . 2007-11-18 17:55 540 --ah----- C:\WINDOWS\system32\ws073247.ocx
2007-11-18 17:05 . 2007-11-18 17:55 540 --ah----- C:\os357577.bin
2007-11-18 16:55 . 2007-11-22 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-18 16:54 . 2007-11-18 16:54 <REP> d-------- C:\Program Files\Ulead Systems
2007-11-18 16:52 . 2007-11-18 16:52 <REP> d-------- C:\WINDOWS\Noslip
2007-11-15 20:38 . 2007-11-18 17:47 <REP> d-------- C:\Program Files\Beneton Movie GIF
2007-11-15 20:17 . 2007-11-15 20:17 <REP> d-------- C:\Program Files\UnFREEz
2007-11-14 23:03 . 2007-11-14 23:03 268 --ah----- C:\sqmdata15.sqm
2007-11-14 23:03 . 2007-11-14 23:03 244 --ah----- C:\sqmnoopt15.sqm
2007-11-11 20:25 . 2007-11-11 20:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tpfmon
2007-11-11 20:21 . 2007-11-22 22:15 <REP> d-------- C:\Program Files\Call Alert
2007-11-03 12:46 . 2007-11-03 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 12:44 . 2007-11-03 12:44 <REP> d-------- C:\WINDOWS\Sun
2007-11-03 12:30 . 2007-11-03 12:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-03 12:28 . 2007-11-03 12:28 <REP> d-------- C:\Program Files\SlySoft
2007-11-03 12:28 . 2007-11-03 12:30 24 ---hs---- C:\WINDOWS\S7A2E5078.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 13:46 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\LimeWire
2007-11-22 21:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 22:48 --------- d-----w C:\Program Files\Java
2007-11-14 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-11 10:10 --------- d-----w C:\Program Files\Dachshund Software
2007-11-03 12:33 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\gtk-2.0
2007-10-28 17:16 96,832 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-10-28 11:44 --------- d-----w C:\Program Files\Xara
2007-10-28 11:40 --------- d-----w C:\Program Files\Pinnacle
2007-10-25 19:49 --------- d-----w C:\Program Files\Codes Postaux
2007-10-25 11:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-24 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-23 17:09 --------- d-----w C:\Program Files\Visicom Media
2007-10-21 13:19 --------- d-----w C:\Program Files\PaSTel
2007-10-18 19:13 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\Apple Computer
2007-10-09 18:46 --------- d-----w C:\Program Files\iTunes
2007-10-09 18:45 --------- d-----w C:\Program Files\iPod
2007-10-09 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-09 18:43 --------- d-----w C:\Program Files\QuickTime
2007-10-09 18:39 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-10-09 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-09 16:37 --------- d-----w C:\Program Files\LimeWire
2007-10-09 16:32 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-11 16:02 557 ---ha-w C:\os847477.bin
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7654FBEE-2827-4BEF-A654-4BB086CB8D3B}]
C:\WINDOWS\system32\ssttt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89BA5947-F563-4C27-A70E-E9B69ABA1CA3}]
2007-12-02 15:49 336480 --a------ C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE1D0424-A8F9-45BE-945C-6CAA179A2524}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7089D94-EFB5-4FE6-BD87-6EBFA22F639B}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 04:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Readme Hold"="C:\DOCUME~1\GILLES~1\APPLIC~1\GLUECO~1\MATH FLAG.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
"AnyDVD"="C:\Documents and Settings\Gilles De Schepper\Bureau\AnyDVD.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB5577"="command /c del C:\WINDOWS\system32\qtmsrrxm.dllbox" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 16:58]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe" [2005-12-20 19:47]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2005-12-10 07:29]
"PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-01-06 08:42]
"tsnp2std"="C:\WINDOWS\system32\tsnp2std.exe" [2005-12-27 21:36]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 13:50 C:\WINDOWS\AGRSMMSG.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 14:25]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 14:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 14:26]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-10-20 13:18]
"ISUSPM Startup"="c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-02-27 23:20]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 19:36]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 00:00]
"cssauthe"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 17:08]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 18:36]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 14:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-05 20:21]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"ISUSScheduler"="c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"EasyPHP"="C:\Program Files\EasyPHP1-88\EasyPHP.exe" [2007-08-25 20:00]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 09:55]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-02-27 23:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-12-20 19:46 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqn.dll

R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 17:22:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\nqtwa.ini 371 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-12-02 17:26:34 - machine was rebooted
.
--- E O F ---

ça fait un bon ménage ,

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

Voilà Voilà merci encore.....

ComboFix 07-12-02.5 - Gilles De Schepper 2007-12-02 19:30:19.2 - NTFSx86
Running from: C:\Documents and Settings\Gilles De Schepper\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gilles De Schepper\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\n.bat
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\WINDOWS\system32\awtqn.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n.bat
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\gouwbfpy.dll.bad
C:\VundoFix Backups\qtmsrrxm.dll.bad
C:\VundoFix Backups\qtmsrrxm.dllbox.bad
C:\VundoFix Backups\ssttt.dll.bad
C:\VundoFix Backups\tttss.ini.bad
C:\VundoFix Backups\tttss.ini2.bad

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 17:26 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
2007-12-02 17:26 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
2007-12-02 17:24 . 2007-12-02 19:34 6,859 --ahs---- C:\WINDOWS\system32\nqtwa.ini2
2007-12-02 17:23 . 2007-12-02 19:35 6,859 --ahs---- C:\WINDOWS\system32\nqtwa.ini
2007-12-02 15:49 . 2007-12-02 15:49 336,480 --a------ C:\WINDOWS\system32\awtqn.VIR
2007-12-02 00:26 . 2007-12-02 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Voisinage r‚seau
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Voisinage d'impression
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\ModŠles
2007-12-01 21:56 . 2004-09-17 17:59 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Mes documents
2007-12-01 21:56 . 2004-09-17 17:45 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Menu D‚marrer
2007-12-01 21:56 . 2007-12-02 17:16 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Favoris
2007-12-01 21:56 . 2007-12-02 17:16 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bureau
2007-12-01 21:56 . 2007-07-31 10:37 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bluetooth Software
2007-12-01 21:56 . 2007-07-31 10:53 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Application Data\Symantec
2007-12-01 21:56 . 2007-07-31 10:48 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Application Data\IBM
2007-11-24 19:32 . 2007-11-24 19:39 <REP> d-------- C:\Program Files\Yahoo!
2007-11-24 14:46 . 2007-11-24 14:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-24 14:41 . 2007-11-24 18:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 14:14 . 2007-11-24 14:14 <REP> d-------- C:\Documents and Settings\Gilles De Schepper\Application Data\AVS4YOU
2007-11-24 14:14 . 2007-11-24 14:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-24 13:36 . 2007-11-24 13:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-24 13:35 . 2007-11-24 13:37 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-20 18:08 . 2007-11-20 18:08 <REP> d-------- C:\Program Files\VirtualDJ
2007-11-20 17:45 . 2007-11-20 17:45 <REP> d-------- C:\Program Files\DivX
2007-11-18 17:05 . 2007-11-18 17:05 <REP> d-------- C:\Documents and Settings\Gilles De Schepper\Application Data\Ulead Systems
2007-11-18 17:05 . 2007-11-18 17:55 540 --ah----- C:\WINDOWS\system32\ws073247.ocx
2007-11-18 17:05 . 2007-11-18 17:55 540 --ah----- C:\os357577.bin
2007-11-18 16:55 . 2007-11-22 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-18 16:54 . 2007-11-18 16:54 <REP> d-------- C:\Program Files\Ulead Systems
2007-11-18 16:52 . 2007-11-18 16:52 <REP> d-------- C:\WINDOWS\Noslip
2007-11-15 20:38 . 2007-11-18 17:47 <REP> d-------- C:\Program Files\Beneton Movie GIF
2007-11-15 20:17 . 2007-11-15 20:17 <REP> d-------- C:\Program Files\UnFREEz
2007-11-11 20:25 . 2007-11-11 20:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tpfmon
2007-11-11 20:21 . 2007-11-22 22:15 <REP> d-------- C:\Program Files\Call Alert
2007-11-03 12:46 . 2007-11-03 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 12:44 . 2007-11-03 12:44 <REP> d-------- C:\WINDOWS\Sun
2007-11-03 12:30 . 2007-11-03 12:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-03 12:28 . 2007-11-03 12:28 <REP> d-------- C:\Program Files\SlySoft
2007-11-03 12:28 . 2007-11-03 12:30 24 ---hs---- C:\WINDOWS\S7A2E5078.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 13:46 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\LimeWire
2007-11-22 21:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 22:48 --------- d-----w C:\Program Files\Java
2007-11-14 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-11 10:10 --------- d-----w C:\Program Files\Dachshund Software
2007-11-03 12:33 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\gtk-2.0
2007-10-28 17:16 96,832 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-10-28 11:44 --------- d-----w C:\Program Files\Xara
2007-10-28 11:40 --------- d-----w C:\Program Files\Pinnacle
2007-10-25 19:49 --------- d-----w C:\Program Files\Codes Postaux
2007-10-25 11:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-24 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-23 17:09 --------- d-----w C:\Program Files\Visicom Media
2007-10-21 13:19 --------- d-----w C:\Program Files\PaSTel
2007-10-18 19:13 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\Apple Computer
2007-10-09 18:46 --------- d-----w C:\Program Files\iTunes
2007-10-09 18:45 --------- d-----w C:\Program Files\iPod
2007-10-09 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-09 18:43 --------- d-----w C:\Program Files\QuickTime
2007-10-09 18:39 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-10-09 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-09 16:37 --------- d-----w C:\Program Files\LimeWire
2007-10-09 16:32 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-11 16:02 557 ---ha-w C:\os847477.bin
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_17.23.49.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-02 16:20:55 16,384 -c----w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-02 18:38:41 16,384 -c----w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-02 16:20:55 32,768 -c----w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-02 18:38:41 32,768 -c----w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-02 16:20:55 65,536 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-02 18:38:41 65,536 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-02 18:38:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_38c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{985DA726-A2F5-43EC-A297-5E9830410390}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 04:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Readme Hold"="C:\DOCUME~1\GILLES~1\APPLIC~1\GLUECO~1\MATH FLAG.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
"AnyDVD"="C:\Documents and Settings\Gilles De Schepper\Bureau\AnyDVD.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB5577"="command /c del C:\WINDOWS\system32\qtmsrrxm.dllbox" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 16:58]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe" [2005-12-20 19:47]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2005-12-10 07:29]
"PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-01-06 08:42]
"tsnp2std"="C:\WINDOWS\system32\tsnp2std.exe" [2005-12-27 21:36]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 13:50 C:\WINDOWS\AGRSMMSG.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 14:25]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 14:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 14:26]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-10-20 13:18]
"ISUSPM Startup"="c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-02-27 23:20]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 19:36]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 00:00]
"cssauthe"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 17:08]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 18:36]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 14:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-05 20:21]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"ISUSScheduler"="c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"EasyPHP"="C:\Program Files\EasyPHP1-88\EasyPHP.exe" [2007-08-25 20:00]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 09:55]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-02-27 23:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-12-20 19:46 24576 C:\WINDOWS\system32\tphklock.dll

R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 20:44:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-02 20:46:32 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-02 17:26
.
--- E O F ---

re , encore du Vundo

Séléctionne l'encadré ci dessous en entier , puis clique droit , choisis Copier

Colle le dans le Bloc-Notes
Enregistre le sur ton Bureau et nomme le CFScript ( type fichier texte )
Fait glisser le fichier CFScript sur le fichier ComboFix.exe comme ceci :



Un menu va apparaitre , tape 1 puis valide
Laisse faire le scan et poste le rapport généré ( C:\ComboFix.txt )

ComboFix 07-12-02.5 - Gilles De Schepper 2007-12-04 0:00:48.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.162 [GMT 1:00]
Running from: C:\Documents and Settings\Gilles De Schepper\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gilles De Schepper\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\awtqn.VIR
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\Temp\Perflib_Perfdata_38c.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtqn.VIR
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\Temp\Perflib_Perfdata_38c.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 00:26 . 2007-12-02 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-12-01 22:30 . 2007-12-01 22:30 <REP> d-------- C:\Documents and Settings\Invité\(null)
2007-12-01 22:30 . 2007-12-01 22:30 <REP> d-------- C:\Documents and Settings\Invité\(null)
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Voisinage réseau
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Voisinage d'impression
2007-12-01 21:56 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Modèles
2007-12-01 21:56 . 2004-09-17 17:59 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Mes documents
2007-12-01 21:56 . 2004-09-17 17:45 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Menu Démarrer
2007-12-01 21:56 . 2007-12-02 17:16 <REP> dr------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Favoris
2007-12-01 21:56 . 2007-12-02 17:16 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bureau
2007-12-01 21:56 . 2007-07-31 10:37 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Bluetooth Software
2007-12-01 21:56 . 2007-07-31 10:53 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Application Data\Symantec
2007-12-01 21:56 . 2007-07-31 10:48 <REP> d-------- C:\Documents and Settings\Administrateur.LENOVO-D4CF1641\Application Data\IBM
2007-11-24 19:32 . 2007-11-24 19:39 <REP> d-------- C:\Program Files\Yahoo!
2007-11-24 14:46 . 2007-11-24 14:46 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-24 14:41 . 2007-11-24 18:35 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-24 14:14 . 2007-11-24 14:14 <REP> d-------- C:\Documents and Settings\Gilles De Schepper\Application Data\AVS4YOU
2007-11-24 14:14 . 2007-11-24 14:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-11-24 13:36 . 2007-11-24 13:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-24 13:35 . 2007-11-24 13:37 <REP> d-------- C:\Program Files\AVS4YOU
2007-11-20 18:08 . 2007-11-20 18:08 <REP> d-------- C:\Program Files\VirtualDJ
2007-11-20 17:45 . 2007-11-20 17:45 <REP> d-------- C:\Program Files\DivX
2007-11-18 17:05 . 2007-11-18 17:05 <REP> d-------- C:\Documents and Settings\Gilles De Schepper\Application Data\Ulead Systems
2007-11-18 17:05 . 2007-11-18 17:55 540 --ah----- C:\WINDOWS\system32\ws073247.ocx
2007-11-18 17:05 . 2007-11-18 17:55 540 --ah----- C:\os357577.bin
2007-11-18 16:55 . 2007-11-22 22:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-18 16:54 . 2007-11-18 16:54 <REP> d-------- C:\Program Files\Ulead Systems
2007-11-18 16:52 . 2007-11-18 16:52 <REP> d-------- C:\WINDOWS\Noslip
2007-11-15 20:38 . 2007-11-18 17:47 <REP> d-------- C:\Program Files\Beneton Movie GIF
2007-11-15 20:17 . 2007-11-15 20:17 <REP> d-------- C:\Program Files\UnFREEz
2007-11-11 20:25 . 2007-11-11 20:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\tpfmon
2007-11-11 20:21 . 2007-11-22 22:15 <REP> d-------- C:\Program Files\Call Alert
2007-11-03 18:06 . 2007-11-03 18:06 <REP> d-------- C:\Documents and Settings\Invité\Application Data\ThinkVantage
2007-11-03 18:05 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau
2007-11-03 18:05 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage réseau
2007-11-03 18:05 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression
2007-11-03 18:05 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Invité\Voisinage d'impression
2007-11-03 18:05 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Invité\Modèles
2007-11-03 18:05 . 2004-09-17 17:45 <REP> d--h----- C:\Documents and Settings\Invité\Modèles
2007-11-03 18:05 . 2007-11-03 18:05 <REP> dr------- C:\Documents and Settings\Invité\Mes documents
2007-11-03 18:05 . 2007-11-03 18:05 <REP> dr------- C:\Documents and Settings\Invité\Mes documents
2007-11-03 18:05 . 2004-09-17 17:45 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer
2007-11-03 18:05 . 2004-09-17 17:45 <REP> dr------- C:\Documents and Settings\Invité\Menu Démarrer
2007-11-03 18:05 . 2007-12-02 17:16 <REP> dr------- C:\Documents and Settings\Invité\Favoris
2007-11-03 18:05 . 2007-12-02 17:16 <REP> dr------- C:\Documents and Settings\Invité\Favoris
2007-11-03 18:05 . 2007-12-02 17:16 <REP> d-------- C:\Documents and Settings\Invité\Bureau
2007-11-03 18:05 . 2007-12-02 17:16 <REP> d-------- C:\Documents and Settings\Invité\Bureau
2007-11-03 18:05 . 2007-07-31 10:37 <REP> d-------- C:\Documents and Settings\Invité\Bluetooth Software
2007-11-03 18:05 . 2007-07-31 10:37 <REP> d-------- C:\Documents and Settings\Invité\Bluetooth Software
2007-11-03 18:05 . 2007-07-31 10:53 <REP> d-------- C:\Documents and Settings\Invité\Application Data\Symantec
2007-11-03 18:05 . 2007-07-31 10:48 <REP> d-------- C:\Documents and Settings\Invité\Application Data\IBM
2007-11-03 12:46 . 2007-11-03 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-03 12:44 . 2007-11-03 12:44 <REP> d-------- C:\WINDOWS\Sun
2007-11-03 12:30 . 2007-11-03 12:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-03 12:28 . 2007-11-03 12:28 <REP> d-------- C:\Program Files\SlySoft
2007-11-03 12:28 . 2007-11-03 12:30 24 ---hs---- C:\WINDOWS\S7A2E5078.tmp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 13:46 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\LimeWire
2007-11-22 21:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 22:48 --------- d-----w C:\Program Files\Java
2007-11-14 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-11 10:10 --------- d-----w C:\Program Files\Dachshund Software
2007-11-03 12:33 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\gtk-2.0
2007-10-28 17:16 96,832 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-10-28 11:44 --------- d-----w C:\Program Files\Xara
2007-10-28 11:40 --------- d-----w C:\Program Files\Pinnacle
2007-10-25 19:49 --------- d-----w C:\Program Files\Codes Postaux
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 11:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-24 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-23 17:09 --------- d-----w C:\Program Files\Visicom Media
2007-10-21 13:19 --------- d-----w C:\Program Files\PaSTel
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 19:13 --------- d-----w C:\Documents and Settings\Gilles De Schepper\Application Data\Apple Computer
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-09 18:46 --------- d-----w C:\Program Files\iTunes
2007-10-09 18:45 --------- d-----w C:\Program Files\iPod
2007-10-09 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-09 18:43 --------- d-----w C:\Program Files\QuickTime
2007-10-09 18:39 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-10-09 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-09 16:37 --------- d-----w C:\Program Files\LimeWire
2007-10-09 16:32 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-09-11 16:02 557 ---ha-w C:\os847477.bin
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_17.23.49.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-02 16:20:55 16,384 -c----w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-03 22:18:12 16,384 -c----w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-02 16:20:55 32,768 -c----w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2007-12-03 22:18:12 32,768 -c----w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2007-12-02 16:20:55 65,536 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-03 22:18:12 65,536 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-03 22:18:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_388.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{985DA726-A2F5-43EC-A297-5E9830410390}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 04:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"Readme Hold"="C:\DOCUME~1\GILLES~1\APPLIC~1\GLUECO~1\MATH FLAG.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59]
"AnyDVD"="C:\Documents and Settings\Gilles De Schepper\Bureau\AnyDVD.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 16:58]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe" [2005-12-20 19:47]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2005-12-10 07:29]
"PMHandler"="C:\WINDOWS\system32\PMHandler.exe" [2006-01-06 08:42]
"tsnp2std"="C:\WINDOWS\system32\tsnp2std.exe" [2005-12-27 21:36]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 13:50 C:\WINDOWS\AGRSMMSG.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 14:25]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 14:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 14:26]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-10-20 13:18]
"ISUSPM Startup"="c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-02-27 23:20]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 19:36]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 00:00]
"cssauthe"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 17:08]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 18:36]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 14:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-05 20:21]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"ISUSScheduler"="c:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"EasyPHP"="C:\Program Files\EasyPHP1-88\EasyPHP.exe" [2007-08-25 20:00]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 09:55]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 04:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-02-27 23:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-12-20 19:46 24576 C:\WINDOWS\system32\tphklock.dll

R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
S0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 00:03:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 0:03:48
C:\ComboFix2.txt ... 2007-12-02 20:46
C:\ComboFix3.txt ... 2007-12-02 17:26
.
--- E O F ---


Merci à bientôt

juste encore un truc lorque les programmes on finis leurs scan le pc ne redémra pas tout seul un ecrand noir puis rien se passe il faut le faire manuélement.

a bientôt, Merci.

Re , le fichier associé à cette clé ne semble pas présent mais on va quand même vérifier

Télécharge Lop S&D.exe sur ton bureau

Double-clique dessus pour lancer l'installation

Puis double-clique sur le raccourci Lop S&D présent sur ton bureau

Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )

Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )