probleme outerinfo [Résolu]

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

voila le rapport Hijackthis (merci pour ta reponse si rapide)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:41, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\??crosoft\??erinit.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_forma...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [BM775b7f68] Rundll32.exe "C:\WINDOWS\system32\ojeqxxbu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Etre] "C:\WINDOWS\YMBOLS~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Pcgke] "C:\Program Files\??crosoft\??erinit.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\mp\devdpll.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bW9p\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8686 bytes

Re,

Si tu as spybot, ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer"

Télécharge MsnFix (de !aur3n7) sur ton Bureau. (>>Tuto<<)
Dézippe-le sur C:\

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)

Si tu dois redémarrer l’ordinateur fais le manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci

 

MSNFix 1.710

C:\MSNFix\MSNFix
Fix exécuté le 24/04/2008 - 15:11:36,45 By moi
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\outerinfo\FF\chrome.manifest
... C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
... C:\Program Files\outerinfo\FF\install.rdf
... C:\Program Files\outerinfo\Terms.rtf
... C:\??????.exe
... C:\WINDOWS\cookies.ini
... C:\WINDOWS\install.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\Program Files\outerinfo\
... \TEMP\




************************ Suppression des fichiers

.. OK ... C:\Program Files\outerinfo\FF\chrome.manifest
.. OK ... C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
.. OK ... C:\Program Files\outerinfo\FF\install.rdf
.. OK ... C:\Program Files\outerinfo\Terms.rtf
.. OK ... C:\??????.exe
.. OK ... C:\WINDOWS\cookies.ini
.. OK ... C:\WINDOWS\install.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp


************************ Suppression des dossiers

/!\ ... C:\Program Files\outerinfo\
/!\ ... \TEMP\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\mrofinu*.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 24042008_15224079.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

voila le rapport. merci pour ton aide en tout cas je m'en sortirai jamais tout seul

Re,

Sélectionne l'intégralité du cadre ci-dessous :

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus.

 

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7468-4C5B

R‚pertoire de C:\Program Files\outerinfo

24/04/2008 15:15 <REP> .
24/04/2008 15:15 <REP> ..
24/04/2008 15:15 <REP> FF
19/07/2007 19:46 18ÿ031 Terms.MSNFix
1 fichier(s) 18ÿ031 octets
3 R‚p(s) 1ÿ440ÿ358ÿ400 octets libres


voila le rapport obtenu.
je te fais enierement confiance la parce que je comprend rien de rien a ce qu'il se passe!!!  

Re,

Supprime le dossier en gras suivant (clic droit, supprimer, et vide ta corbeille ) :

C:\Program Files\outerinfo\

Et refais un scan avec MSNFix, pour ensuite un nouveau avec hijackthis.

 

je sais pas s'il reste des truc a faire mais ca a l'air de marcher... merci beaucoup pour ton aide en tout cas, vraiment c'était très sympa!!

je t'envoi les deux rapports msnfix et hijackthis

MSNFix 1.710

C:\MSNFix\MSNFix
Fix exécuté le 24/04/2008 - 20:57:11,17 By moi
mode normal

************************ Recherche les fichiers présents

... C:\log.txt

************************ Recherche les dossiers présents

... \TEMP\




************************ Suppression des fichiers

.. OK ... C:\log.txt


************************ Suppression des dossiers

/!\ ... \TEMP\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 24042008_21053951.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------





et hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:15, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\??crosoft\??erinit.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_forma...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [74684cf4] rundll32.exe "C:\WINDOWS\system32\jjcpvrly.dll",b
O4 - HKLM\..\Run: [BM775b7f68] Rundll32.exe "C:\WINDOWS\system32\sxjqpgra.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Etre] "C:\WINDOWS\YMBOLS~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Pcgke] "C:\Program Files\??crosoft\??erinit.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\mp\devdpll.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bW9p\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8796 bytes

Re,

On n'a enlevé qu'une petite partie, tu es encore très infecté(e), mais on va nettoyer tout ça pas de souci  

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

 

t'avais raison je me suis un peu emballé en fait c'est pas tout a fait arrangé...  

voila le rapport MBAM :

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 679

Type de recherche: Examen complet (C:\|)
Eléments examinés: 137469
Temps écoulé: 3 hour(s), 1 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 64

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\SYSTEM32\mlJDttUk.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\SYSTEM32\fccdabYo.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a44b040a-a5a4-410a-bd50-34395c49f85c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a44b040a-a5a4-410a-bd50-34395c49f85c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdabyo (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1604df98-d1a5-44fe-844a-98d6fd0518d0} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2b0aedf-7cdf-4792-bb67-7654ad1e1b13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b2b0aedf-7cdf-4792-bb67-7654ad1e1b13} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c28b65d6-8067-80b0-44e3-a78f71507fe6} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{180b4ee9-1795-4429-9651-f17a6515726d} (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\74684cf4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a6c54318-5ac7-477d-b0a7-49af5189300c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM775b7f68 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljdttuk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljdttuk -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pnVes01 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\SYSTEM32\jjcpvrly.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ylrvpcjj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mlJDttUk.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\kUttDJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\kUttDJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\oqenvqmx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xmqvneqo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fccdabYo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\moi\Local Settings\Temp\!update.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\NDR4.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temp\NDRB.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\81AN0TM3\install_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\81AN0TM3\kriv[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\AXWRWZET\install_en[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\CPAZO5EV\!update-4495[1].0000 (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP467\A0079012.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079026.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079028.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079030.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079031.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079032.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079033.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079034.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079035.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079039.dll (AdWare.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079040.exe (Adware.Purityscan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0080074.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0080086.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0080087.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0080113.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0081374.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082124.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082140.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082141.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082153.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082160.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes572.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1000106.MSNFix (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe.MSNFix (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\efcARhfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\fqylrht.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJCvVLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\oapyuhbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\packet.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\qoMfcCTm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wpcap.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pnVes01\pnVes011065.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\anim_0.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\anim_help.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\autosmiley.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MailSkinner\OLSkinner.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner\msbackup.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sxjqpgra.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\sysinetsvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msegcompid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uldalfs_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\uldalfs_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\moi\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\laura\Bureau\Spyware Remover.url (Rogue.SpywareRemove) -> Quarantined and deleted successfully.

 

1) [~] Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~] Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK

Tu recocheras après.


- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

2) Désactive toute protection résidente ( antivirus…) !
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et...
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

3) Copie/colle un nouveau rapport HiJackThis avec.

 

voila le rapport (sauf que combofix ne m'a pas posé de question...   )

ComboFix 08-04-24.1 - moi 2008-04-25 18:12:33.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.351 [GMT 2:00]
Endroit: C:\Documents and Settings\moi\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\crosof~1
C:\Program Files\crosof~1\??erinit.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\fccdabYo.dll
C:\WINDOWS\system32\ibyfdeqi.dll
C:\WINDOWS\SYSTEM32\kUttDJlm.ini
C:\WINDOWS\SYSTEM32\kUttDJlm.ini2
C:\WINDOWS\system32\mlJDttUk.dll
C:\WINDOWS\system32\ojeqxxbu.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\ymbols~1
C:\WINDOWS\ymbols~1\?ymbols\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.

2008-04-25 00:47 . 2008-04-25 00:47 <REP> d-------- C:\Documents and Settings\moi\Application Data\Malwarebytes
2008-04-25 00:45 . 2008-04-25 00:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-25 00:45 . 2008-04-25 00:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 19:06 . 2008-04-24 19:06 415 --a------ C:\log.MSNFix
2008-04-24 15:10 . 2008-04-24 15:10 <REP> d-------- C:\MSNFix
2008-04-24 15:10 . 2008-04-24 15:10 441,189 --a------ C:\MSNFix.zip
2008-04-24 14:41 . 2008-04-24 14:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-23 21:39 . 2008-04-24 00:07 <REP> d-------- C:\Program Files\EoRezo
2008-04-23 21:39 . 2008-04-24 00:07 <REP> d-------- C:\Documents and Settings\moi\Application Data\EoRezo
2008-04-23 18:04 . 2008-04-23 18:04 241 --a------ C:\WINDOWS\cookies.MSNFix
2008-04-23 17:45 . 2008-04-23 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-23 17:40 . 2008-04-23 17:40 15,086 --a------ C:\WINDOWS\SYSTEM32\FreePokerBonus.ico
2008-04-23 17:40 . 2008-04-25 12:07 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconFR.ico
2008-04-23 17:34 . 2008-04-25 12:43 109,817 --a------ C:\WINDOWS\BM775b7f68.xml
2008-04-23 17:28 . 2008-04-23 19:39 <REP> d-------- C:\WINDOWS\SYSTEM32\mp
2008-04-23 17:28 . 2008-04-23 19:39 <REP> d-------- C:\WINDOWS\SYSTEM32\Bn
2008-04-23 17:28 . 2008-04-23 19:44 <REP> d--hs---- C:\WINDOWS\bW9p
2008-04-23 17:28 . 2008-04-23 17:28 <REP> d-------- C:\TEMP\kvebs14
2008-04-23 17:27 . 2008-04-23 17:27 <REP> d-------- C:\TEMP\zvebs14
2008-04-19 12:17 . 2008-04-25 01:18 <REP> d-------- C:\Program Files\PokerStars

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 15:54 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-04-25 15:54 --------- d-----w C:\Program Files\Free Music Zilla
2008-04-12 10:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 18:08 --------- d-----w C:\Program Files\Yahoo!
2008-04-05 18:07 --------- d-----w C:\Program Files\Replay Converter
2008-04-05 18:05 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-04-04 19:01 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 21:39 --------- d-----w C:\Documents and Settings\moi\Application Data\FMZilla
2008-03-23 21:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 13:32 --------- d-----w C:\Documents and Settings\moi\Application Data\STOIK
2008-03-09 13:30 --------- d-----w C:\Program Files\STOIK Imaging
2008-03-09 13:14 --------- d-----w C:\Documents and Settings\moi\Application Data\dBpoweramp
2008-03-09 13:09 --------- d-----w C:\Documents and Settings\moi\Application Data\AccurateRip
2008-03-07 13:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-07 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 23:17 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-25 16:51 --------- d-----w C:\Program Files\eMule
2006-09-09 11:22 1,837 ----a-w C:\WINDOWS\INF\COM10B.tmp
2006-04-28 17:31 1,837 ----a-w C:\WINDOWS\INF\COMC3.tmp
2006-03-12 11:54 1,837 ----a-w C:\WINDOWS\INF\COMF8.tmp
2006-02-15 15:39 1,837 ----a-w C:\WINDOWS\INF\COMF7.tmp
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 21:57 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-26 00:36 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 21:45 1211176]
"Etre"="C:\WINDOWS\YMBOLS~1\winlogon.exe" [ ]
"Pcgke"="C:\Program Files\??crosoft\??erinit.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpywareMaster"="C:\Program Files\AntiSpywareMaster\asm.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 21:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdabYo]
fccdabYo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.LM20"= lm20.dll
"vidc.VP40"= vp4vfw.dll
"vidc.VP50"= vp5vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\moi\LOCALS~1\Temp\2005830122011_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2003-06-02 20:30 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a------ 2004-08-23 20:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]
c:\program files\mailskinner\mailskinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-04-11 22:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 19:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Documents and Settings\\moi\\Mes documents\\My Games\\pes2008\\PES2008.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18475:TCP"= 18475:TCP:BitComet 18475 TCP
"18475:UDP"= 18475:UDP:BitComet 18475 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 portio;portio;C:\WINDOWS\system32\DRIVERS\portio.sys [1997-11-05 16:39]
S3 jfdcd;jfdcd;C:\DOCUME~1\moi\LOCALS~1\Temp\jfdcd.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94e8eb7f-fbcf-11db-abbf-001111a5f3b4}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 19:37:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 18:23:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1010

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 18:33:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 16:33:15

Pre-Run: 1,789,059,072 octets libres
Post-Run: 1,794,248,704 octets libres

197 --- E O F --- 2008-04-12 01:17:45




puis le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:00, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_forma...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [Etre] "C:\WINDOWS\YMBOLS~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Pcgke] "C:\Program Files\??crosoft\??erinit.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\SYSTEM32\mp\devdpll.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.xbeta69.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O20 - Winlogon Notify: fccdabYo - fccdabYo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8302 bytes


ca m'a l'air bien compliqué tout ça!!! heuresement que tu es la!!!  

Re,

Supprime tous les cracks présents sur ton PC sinon tu vas relancer l'infection en les exécutant.

1) Désactive toute protection résidente ( antivirus…) !

Copie le texte se situant dans le cadre ci-dessous, sans le mot citation :




Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :



Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt .

2) Télécharge [#FF0000]DelDomains.inf[/#F] (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**

Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.

Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.

3) Poste un nouveau rapport hijackthis.

 

alors voila le rapport combofix :

ComboFix 08-04-24.1 - moi 2008-04-25 20:33:05.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.296 [GMT 2:00]
Endroit: C:\Documents and Settings\moi\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\moi\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\DOCUME~1\moi\LOCALS~1\Temp\jfdcd.sys
C:\WINDOWS\BM775b7f68.xml
C:\WINDOWS\YMBOLS~1\winlogon.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\WINDOWS\BM775b7f68.xml

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_jfdcd


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-25 to 2008-04-25 ))))))))))))))))))))))))))))))))))))
.

2008-04-25 00:47 . 2008-04-25 00:47 <REP> d-------- C:\Documents and Settings\moi\Application Data\Malwarebytes
2008-04-25 00:45 . 2008-04-25 00:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-25 00:45 . 2008-04-25 00:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 19:06 . 2008-04-24 19:06 415 --a------ C:\log.MSNFix
2008-04-24 15:10 . 2008-04-24 15:10 <REP> d-------- C:\MSNFix
2008-04-24 15:10 . 2008-04-24 15:10 441,189 --a------ C:\MSNFix.zip
2008-04-24 14:41 . 2008-04-24 14:41 <REP> d-------- C:\Program Files\Trend Micro
2008-04-23 21:39 . 2008-04-24 00:07 <REP> d-------- C:\Program Files\EoRezo
2008-04-23 21:39 . 2008-04-24 00:07 <REP> d-------- C:\Documents and Settings\moi\Application Data\EoRezo
2008-04-23 18:04 . 2008-04-23 18:04 241 --a------ C:\WINDOWS\cookies.MSNFix
2008-04-23 17:45 . 2008-04-23 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-23 17:40 . 2008-04-23 17:40 15,086 --a------ C:\WINDOWS\SYSTEM32\FreePokerBonus.ico
2008-04-23 17:40 . 2008-04-25 12:07 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconFR.ico
2008-04-23 17:28 . 2008-04-23 19:39 <REP> d-------- C:\WINDOWS\SYSTEM32\mp
2008-04-23 17:28 . 2008-04-23 19:39 <REP> d-------- C:\WINDOWS\SYSTEM32\Bn
2008-04-23 17:28 . 2008-04-23 19:44 <REP> d--hs---- C:\WINDOWS\bW9p
2008-04-23 17:28 . 2008-04-23 17:28 <REP> d-------- C:\TEMP\kvebs14
2008-04-23 17:27 . 2008-04-23 17:27 <REP> d-------- C:\TEMP\zvebs14
2008-04-19 12:17 . 2008-04-25 01:18 <REP> d-------- C:\Program Files\PokerStars

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 18:27 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1
2008-04-25 17:48 --------- d-----w C:\Program Files\Free Music Zilla
2008-04-12 10:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 18:08 --------- d-----w C:\Program Files\Yahoo!
2008-04-05 18:07 --------- d-----w C:\Program Files\Replay Converter
2008-04-05 18:05 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-04-04 19:01 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-23 21:39 --------- d-----w C:\Documents and Settings\moi\Application Data\FMZilla
2008-03-23 21:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 13:32 --------- d-----w C:\Documents and Settings\moi\Application Data\STOIK
2008-03-09 13:30 --------- d-----w C:\Program Files\STOIK Imaging
2008-03-09 13:14 --------- d-----w C:\Documents and Settings\moi\Application Data\dBpoweramp
2008-03-09 13:09 --------- d-----w C:\Documents and Settings\moi\Application Data\AccurateRip
2008-03-07 13:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-07 13:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-25 23:17 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-25 16:51 --------- d-----w C:\Program Files\eMule
.

((((((((((((((((((((((((((((( snapshot@2008-04-25_18.32.55.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-25 16:22:56 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-04-25 18:40:19 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 21:57 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-26 00:36 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 21:45 1211176]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 21:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.LM20"= lm20.dll
"vidc.VP40"= vp4vfw.dll
"vidc.VP50"= vp5vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^moi^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]
path=C:\Documents and Settings\moi\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk
backup=C:\WINDOWS\pss\TribalWeb.net.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
C:\DOCUME~1\moi\LOCALS~1\Temp\2005830122011_mcappins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2003-06-02 20:30 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a------ 2004-08-23 20:19 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2004-04-11 22:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 19:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-15 00:22 35328 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Documents and Settings\\moi\\Mes documents\\My Games\\pes2008\\PES2008.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18475:TCP"= 18475:TCP:BitComet 18475 TCP
"18475:UDP"= 18475:UDP:BitComet 18475 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 portio;portio;C:\WINDOWS\system32\DRIVERS\portio.sys [1997-11-05 16:39]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94e8eb7f-fbcf-11db-abbf-001111a5f3b4}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 19:37:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 20:41:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1010

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-25 20:49:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 18:49:04
ComboFix2.txt 2008-04-25 16:33:24

Pre-Run: 1,775,808,512 octets libres
Post-Run: 1,765,040,128 octets libres

177 --- E O F --- 2008-04-12 01:17:45


et hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:38, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_forma...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7838 bytes

Re,

Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît. A chaque fois que tu valideras entrée, un rapport s'affichera dans le bloc note. Tu me posteras les différents rapports sur le forum. Soit un total de 4 rapports.


 

voici les rapports dans l'ordre :

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7468-4C5B

R‚pertoire de C:\WINDOWS\system32\mp

23/04/2008 19:39 <REP> .
23/04/2008 19:39 <REP> ..
0 fichier(s) 0 octets

Total des fichiers list‚sÿ:
0 fichier(s) 0 octets
2 R‚p(s) 1ÿ822ÿ584ÿ832 octets libres



Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7468-4C5B

R‚pertoire de C:\WINDOWS\system32\Bn

23/04/2008 19:39 <REP> .
23/04/2008 19:39 <REP> ..
0 fichier(s) 0 octets

Total des fichiers list‚sÿ:
0 fichier(s) 0 octets
2 R‚p(s) 1ÿ822ÿ461ÿ952 octets libres




Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7468-4C5B

R‚pertoire de C:\WINDOWS\bW9p

23/04/2008 19:44 <REP> .
23/04/2008 19:44 <REP> ..
0 fichier(s) 0 octets

Total des fichiers list‚sÿ:
0 fichier(s) 0 octets
2 R‚p(s) 1ÿ822ÿ457ÿ856 octets libres





Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7468-4C5B

R‚pertoire de C:\Temp

25/04/2008 18:13 <REP> .
25/04/2008 18:13 <REP> ..
23/04/2008 17:28 <REP> kvebs14
23/04/2008 17:27 <REP> zvebs14
0 fichier(s) 0 octets

R‚pertoire de C:\Temp\kvebs14

23/04/2008 17:28 <REP> .
23/04/2008 17:28 <REP> ..
23/04/2008 17:28 1ÿ858 zvKarru.log
1 fichier(s) 1ÿ858 octets

R‚pertoire de C:\Temp\zvebs14

23/04/2008 17:27 <REP> .
23/04/2008 17:27 <REP> ..
0 fichier(s) 0 octets

Total des fichiers list‚sÿ:
1 fichier(s) 1ÿ858 octets
8 R‚p(s) 1ÿ822ÿ449ÿ664 octets libres

Re,

1) Supprime les dossiers en gras suivants :

C:\WINDOWS\SYSTEM32\mp
C:\WINDOWS\SYSTEM32\Bn
C:\WINDOWS\bW9p
C:\TEMP\kvebs14
C:\TEMP\zvebs14

2) Fais un scan en linge avec BitDefender, avec internet explorer ! Sauvegarde tes musiques et photos, il arrive que BitDefender les supprime  

http://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

Tutorial en image : http://forum.pcastuces.com/sujet.asp?f=25&s=31584

Poste-moi le rapport en entier  

BitDefender Online Scanner







Rapport d'analyse généré à: Sat, Apr 26, 2008 - 20:20:26









Voie d'analyse: A:\;C:\;D:\;E:\;















Statistiques

Temps


01:00:00

Fichiers


86772

Directoires


9652

Secteurs de boot


4

Archives


1859

Paquets programmes


6056







Résultats

Virus identifiés


10

Fichiers infectés


16

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


16







Info sur les moteurs

Définition virus


1183785

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


16

Archive des plugins


42

Unpack des plugins


7

E-mail plugins


6

Système plugins


5







Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079027.vbs


Détecté avec: Adware.Isearch.D

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0079027.vbs


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0081363.exe


Détecté avec: Adware.Generic.12275

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0081363.exe


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0081364.exe


Détecté avec: Adware.Generic.12275

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0081364.exe


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082155.exe


Détecté avec: Adware.Generic.12275

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082155.exe


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082156.exe


Détecté avec: Adware.Generic.12275

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP468\A0082156.exe


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082231.dll


Infecté par: Trojan.Vundo.EIG

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082231.dll


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082233.exe


Infecté par: Trojan.Downloader.JJXG

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082233.exe


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082234.dll


Infecté par: Trojan.Vundo.EGG

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082234.dll


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082236.dll


Infecté par: Trojan.Vundo.EGG

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082236.dll


Supprimé

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082239.dll


Infecté par: Trojan.Vundo.EGG

C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP469\A0082239.dll


Supprimé

C:\WINDOWS\Downloaded Program Files\adulto_ax.exe


Infecté par: Generic.Malware.Yd!sp!.47D22F35

C:\WINDOWS\Downloaded Program Files\adulto_ax.exe


Echec de la désinfection

C:\WINDOWS\Downloaded Program Files\adulto_ax.exe


Supprimé

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\adulto_ax.exe


Infecté par: Generic.Malware.Yd!sp!.47D22F35

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\adulto_ax.exe


Echec de la désinfection

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\adulto_ax.exe


Supprimé

C:\WINDOWS\rdvohonfa.exe


Infecté par: MemScan:Adware.Betterinternet.BD

C:\WINDOWS\rdvohonfa.exe


Supprimé

C:\WINDOWS\SYSTEM32\nspmdieq.exe


Détecté avec: Adware.Navipromo.Z

C:\WINDOWS\SYSTEM32\nspmdieq.exe


Supprimé

C:\WINDOWS\SYSTEM32\vctbihj.exe


Infecté par: MemScan:Trojan.Poller.A

C:\WINDOWS\SYSTEM32\vctbihj.exe


Supprimé

C:\WINDOWS\SYSTEM32\vnlfakqc.exe


Détecté avec: Adware.Navipromo.M

C:\WINDOWS\SYSTEM32\vnlfakqc.exe


Supprimé

Re,

Télécharge SystemScan de la team SuspectFile

double-clique dessus (Ignore les alertes de ton antivirus s'il y en a.)

Clique sur Unselect all

Coche uniquement cette case
-Recent Files, days old 60 days

Puis clique sur scan now, soit patient.

Une fois qu'il aura terminé, un rapport va s'ouvrir. Poste-le en entier.

Comment va le PC ? Toujours des problèmes ?

 

Non non plus de probleme... à mon avis il a été bien netoyé la!!  

voila le rapport

SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS
SystemScan file: C:\Documents and Settings\moi\Bureau\sys98364.exe
Running in: User mode
Date: 26/04/2008
Time: 21:26:32

Output limited to:
-Recent files

===================== RECENT FILES =====================

Showing files newer than 60 days

----- recent files in C:\
23/03/2008 23:16:11 (DIR) 0 byte 34 days old -- Mp3 Output
23/03/2008 23:32:16 (DIR) 0 byte 34 days old -- MyAudio
23/04/2008 20:28:14 216 byte 3 days old -- boot.ini
24/04/2008 15:10:09 441189 byte 2 days old -- MSNFix.zip
24/04/2008 15:10:52 (DIR) 0 byte 2 days old -- MSNFix
24/04/2008 19:06:25 415 byte 2 days old -- log.MSNFix
25/04/2008 18:13:26 (DIR) 0 byte 1 days old -- Program Files
25/04/2008 20:49:11 11608 byte 1 days old -- ComboFix.txt
25/04/2008 20:49:12 (DIR) 0 byte 1 days old -- QooBox
26/04/2008 02:54:52 (DIR) 0 byte 0 days old -- downloads
26/04/2008 12:25:35 805306368 byte 0 days old -- pagefile.sys
26/04/2008 12:25:45 (DIR)534925312 byte 0 days old -- hiberfil.sys
26/04/2008 18:10:40 (DIR) 0 byte 0 days old -- RECYCLER
26/04/2008 18:44:38 (DIR) 0 byte 0 days old -- TEMP
26/04/2008 20:10:39 (DIR) 0 byte 0 days old -- WINDOWS

----- recent files in C:\WINDOWS\
11/04/2008 20:52:59 (DIR) 0 byte 15 days old -- Downloaded Installations
12/04/2008 03:14:47 (DIR) 0 byte 14 days old -- WinSxS
12/04/2008 03:17:20 (DIR) 0 byte 14 days old -- $hf_mig$
12/04/2008 12:16:32 (DIR) 0 byte 14 days old -- Installer
12/04/2008 12:27:44 (DIR) 0 byte 14 days old -- ASSEMBLY
12/04/2008 12:27:45 (DIR) 0 byte 14 days old -- Microsoft.NET
23/04/2008 18:04:16 241 byte 3 days old -- cookies.MSNFix
23/04/2008 20:28:14 765 byte 3 days old -- WIN.INI
24/04/2008 03:01:55 4481358 byte 2 days old -- {00000003-00000000-00000000-00001102-00000004-10031102}.CDF
24/04/2008 12:19:38 (DIR) 0 byte 2 days old -- Debug
24/04/2008 15:42:12 (DIR) 0 byte 2 days old -- Registration
24/04/2008 21:08:53 1266 byte 2 days old -- msnfix.txt
25/04/2008 12:34:32 14815 byte 1 days old -- BM775b7f68.txt
25/04/2008 18:20:08 473216 byte 1 days old -- ntbtlog.txt
25/04/2008 20:36:28 (DIR) 0 byte 1 days old -- erdnt
25/04/2008 20:41:02 342 byte 1 days old -- system.ini
26/04/2008 05:09:19 32510 byte 0 days old -- SchedLgU.Txt
26/04/2008 12:25:46 2048 byte 0 days old -- BOOTSTAT.DAT
26/04/2008 12:26:11 159 byte 0 days old -- WIADEBUG.LOG
26/04/2008 12:26:12 50 byte 0 days old -- WIASERVC.LOG
26/04/2008 12:26:12 (DIR) 0 byte 0 days old -- TEMP
26/04/2008 12:26:13 0 byte 0 days old -- 0.log
26/04/2008 12:26:14 4688 byte 0 days old -- ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
26/04/2008 19:13:37 (DIR) 0 byte 0 days old -- LastGood
26/04/2008 19:13:41 (DIR) 0 byte 0 days old -- INF
26/04/2008 19:13:47 8790 byte 0 days old -- setupapi.log
26/04/2008 20:06:46 (DIR) 0 byte 0 days old -- Downloaded Program Files
26/04/2008 20:19:50 (DIR) 0 byte 0 days old -- SYSTEM32
26/04/2008 20:20:27 (DIR) 0 byte 0 days old -- BDOSCAN8
26/04/2008 21:08:43 1520247 byte 0 days old -- WindowsUpdate.log
26/04/2008 21:25:50 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
26/04/2008 20:06:47 (DIR) 0 byte 0 days old -- CONFLICT.1

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
03/03/2008 17:49:54 (DIR) 0 byte 54 days old -- Restore
09/03/2008 15:09:16 4230520 byte 48 days old -- SpoonUninstall.exe
09/03/2008 15:09:33 33846 byte 48 days old -- SpoonUninstall-dBpoweramp Music Converter.bmp
09/03/2008 15:09:49 12896 byte 48 days old -- SpoonUninstall-dBpoweramp Music Converter.dat
11/03/2008 10:45:33 (DIR) 0 byte 46 days old -- FxsTmp
20/03/2008 10:09:22 1845376 byte 37 days old -- win32k.sys
06/04/2008 07:56:20 19836024 byte 20 days old -- MRT.exe
12/04/2008 03:09:41 (DIR) 0 byte 14 days old -- DLLCACHE
12/04/2008 03:15:12 65884 byte 14 days old -- PERFC009.DAT
12/04/2008 03:15:12 1005120 byte 14 days old -- PerfStringBackup.INI
12/04/2008 03:15:12 79724 byte 14 days old -- perfc00C.dat
12/04/2008 03:15:12 480236 byte 14 days old -- perfh00C.dat
12/04/2008 03:15:12 412008 byte 14 days old -- PERFH009.DAT
12/04/2008 12:06:23 173872 byte 14 days old -- FNTCACHE.DAT
23/04/2008 12:58:34 13646 byte 3 days old -- WPA.DBL
23/04/2008 17:40:09 15086 byte 3 days old -- FreePokerBonus.ico
25/04/2008 12:07:56 9662 byte 1 days old -- ZoneAlarmIconFR.ico
25/04/2008 17:36:44 0 byte 1 days old -- clkcnt.txt
25/04/2008 18:05:22 3072 byte 1 days old -- CONFIG.NT
25/04/2008 20:37:41 (DIR) 0 byte 1 days old -- CONFIG
25/04/2008 20:49:16 (DIR) 0 byte 1 days old -- DRIVERS
26/04/2008 05:09:35 30036 byte 0 days old -- BMXState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
26/04/2008 05:09:35 29760 byte 0 days old -- BMXCtrlState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
26/04/2008 05:09:35 29760 byte 0 days old -- BMXBkpCtrlState-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
26/04/2008 05:09:35 288 byte 0 days old -- DVCState-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
26/04/2008 05:09:35 288 byte 0 days old -- DVCStateBkp-{00000003-00000000-00000000-00001102-00000004-10031102}.dat
26/04/2008 05:09:35 30036 byte 0 days old -- BMXStateBkp-{00000003-00000000-00000000-00001102-00000004-10031102}.rfx
26/04/2008 05:09:35 1080 byte 0 days old -- settingsbkup.sfm
26/04/2008 05:09:35 1080 byte 0 days old -- settings.sfm
26/04/2008 19:13:38 (DIR) 0 byte 0 days old -- CatRoot2

----- recent files in C:\WINDOWS\system32\drivers\
25/04/2008 20:40:50 (DIR) 0 byte 1 days old -- ETC

----- recent files in C:\WINDOWS\temp\
26/04/2008 12:26:11 40960 byte 0 days old -- rtdrvmon.exe
26/04/2008 12:26:12 0 byte 0 days old -- T30DebugLogFile.txt

----- recent files in C:\Program Files\
09/03/2008 15:30:28 (DIR) 0 byte 48 days old -- STOIK Imaging
04/04/2008 21:01:10 (DIR) 0 byte 22 days old -- Messenger Plus! Live
05/04/2008 20:05:58 (DIR) 0 byte 21 days old -- AoA Audio Extractor
05/04/2008 20:07:45 (DIR) 0 byte 21 days old -- Replay Converter
05/04/2008 20:08:44 (DIR) 0 byte 21 days old -- Yahoo!
12/04/2008 03:09:38 (DIR) 0 byte 14 days old -- Internet Explorer
12/04/2008 12:16:45 (DIR) 0 byte 14 days old -- InstallShield Installation Information
23/04/2008 17:28:04 (DIR) 0 byte 3 days old -- Fichiers communs
24/04/2008 00:07:29 (DIR) 0 byte 2 days old -- EoRezo
24/04/2008 14:41:09 (DIR) 0 byte 2 days old -- Trend Micro
25/04/2008 00:46:21 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
26/04/2008 02:54:55 (DIR) 0 byte 0 days old -- Free Music Zilla
26/04/2008 18:11:04 (DIR) 0 byte 0 days old -- PokerStars
26/04/2008 21:24:17 (DIR) 0 byte 0 days old -- Mozilla Firefox 2 Beta 1

----- recent files in C:\Program Files\Fichiers communs\
07/03/2008 15:43:06 (DIR) 0 byte 50 days old -- WindowsLiveInstaller
07/03/2008 15:43:23 (DIR) 0 byte 50 days old -- Microsoft Shared

----- recent files in C:\Documents and Settings\moi\Application Data\
09/03/2008 15:09:52 (DIR) 0 byte 48 days old -- AccurateRip
09/03/2008 15:14:48 (DIR) 0 byte 48 days old -- dBpoweramp
09/03/2008 15:32:29 (DIR) 0 byte 48 days old -- STOIK
23/03/2008 23:39:36 (DIR) 0 byte 34 days old -- FMZilla
24/04/2008 00:07:27 (DIR) 0 byte 2 days old -- EoRezo
25/04/2008 00:47:15 (DIR) 0 byte 1 days old -- Malwarebytes

----- recent files in C:\DOCUME~1\moi\LOCALS~1\Temp\
26/04/2008 12:26:17 (DIR) 0 byte 0 days old -- WPDNSE
26/04/2008 18:24:09 (DIR) 0 byte 0 days old -- MessengerCache
26/04/2008 19:11:29 48 byte 0 days old -- WcesView.log
26/04/2008 19:11:49 1027 byte 0 days old -- WCESCOMM.LOG
26/04/2008 19:11:49 574 byte 0 days old -- LVCOMSX.LOG
26/04/2008 19:23:14 1020 byte 0 days old -- WCESLog.log
26/04/2008 21:25:40 49 byte 0 days old -- systemscan.ini
26/04/2008 21:25:41 16384 byte 0 days old -- ~DF1514.tmp
26/04/2008 21:25:41 (DIR) 0 byte 0 days old -- nsqCB.tmp

==========================================
Scan completed in 0,1 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work

Re,

1) Sélectionne l’intégralité du cadre ci-dessous :

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus.

2) Poste un nouveau rapport hijackthis qu'on finalise le tout.

 

Re,

a ça y est ça sent la fin!!!  

voila le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:34:03, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Mozilla Firefox 2 Beta 1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_forma...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8307 bytes

Re,

Tu as un antivirus ? Si oui lequel ?

 

ba en fait j'avais avast mais depuis un moment je l'ai arreté parce qu'on m'a dit que c'était pas terrible mais sinon j'en ai pas...

justement à ce propos tu pourrais me conseiller stp??

Re,

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai


Ouvre Antivir, Vérifie qu’il soit bien à jour ! ;

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur), lance-le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).

 

Vraiment merci pour tout tes conseils c'est vraiment sympa de m'aider comme ça et de m'apporter des réponses aussi rapidement et avec tant de précision!!!  

voici le rapport antivir :

Avira AntiVir Personal
Report file date: dimanche 27 avril 2008 19:49

Scanning for 1237787 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: moi
Computer name: CHARLES

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 16:26:06
ANTIVIR3.VDF : 7.0.3.216 137216 Bytes 25/04/2008 16:26:08
Engineversion : 8.1.0.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.27 233851 Bytes 27/04/2008 16:26:32
AESCN.DLL : 8.1.0.14 119156 Bytes 27/04/2008 16:26:30
AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 16:26:28
AEPACK.DLL : 8.1.1.2 364917 Bytes 27/04/2008 16:26:25
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/04/2008 16:26:22
AEHEUR.DLL : 8.1.0.20 1196406 Bytes 27/04/2008 16:26:20
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/04/2008 16:26:13
AEGEN.DLL : 8.1.0.18 299381 Bytes 27/04/2008 16:26:12
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 27/04/2008 16:26:10
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: A:, C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 27 avril 2008 19:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '20' files ).


Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\moi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.54126
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FK
[NOTE] The file was moved to '4855c11c.qua'!
C:\Documents and Settings\moi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.60107
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FK
[NOTE] The file was moved to '4855c11d.qua'!
C:\Documents and Settings\moi\Mes documents\Mes fichiers reçus\Call Of Duty Fr Ok Patch Nocd Et Mp Serial.zip
[0] Archive type: ZIP
--> Advanced Mail Bomber 7.3 (win9xMeNT2kXP - envoie et gestion de liste d'email - shareware)(1).zip
[1] Archive type: ZIP
--> setup.exe
[DETECTION] Contains detection pattern of the dropper DR/Flood.MailBomber.89.3
[NOTE] The file was moved to '4880c460.qua'!
C:\Documents and Settings\moi\Mes documents\Mes fichiers reçus\[free] Call of Duty Install Keygen, patch 1.4 NoCD, and Multiplayer Cracks-ALL FIXED.zip
[0] Archive type: ZIP
--> CoDMP.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Puce
--> codsp.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Puce
[NOTE] The file was moved to '4886c495.qua'!
C:\Documents and Settings\moi\Mes documents\Mes fichiers reçus\Call Of Duty Fr Ok Patch Nocd Et Mp Serial\Advanced Mail Bomber 7.3 (win9xMeNT2kXP - envoie et gestion de liste d'email - shareware)(1).zip
[0] Archive type: ZIP
--> setup.exe
[DETECTION] Contains detection pattern of the dropper DR/Flood.MailBomber.89.3
[NOTE] The file was moved to '488ac494.qua'!
C:\MSNFix\MSNFix\24042008_15224079.zip
[0] Archive type: ZIP
--> backup/mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu572.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu572.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '4844c6bf.qua'!
C:\QooBox\Quarantine\catchme2008-04-25_181955,65.zip
[0] Archive type: ZIP
--> mlJDttUk.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '4888cc19.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fccdabYo.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4877cc1d.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ibyfdeqi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488dcc1c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mlJDttUk.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '485ecc27.qua'!
C:\WINDOWS\WMCRRS.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was moved to '4857cc13.qua'!
C:\WINDOWS\SYSTEM32\hrpqfzv.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '4884ce7d.qua'!
C:\WINDOWS\SYSTEM32\iyaumxh.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '4875ce8c.qua'!
C:\WINDOWS\SYSTEM32\jbxapsq.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488cce76.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: dimanche 27 avril 2008 21:08
Used time: 1:19:20 min

The scan has been done completely.

9668 Scanning directories
251047 Files were scanned
14 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
251033 Files not concerned
4211 Archives were scanned
1 Warnings
14 Notes



(je voulais te signaler aussi que j'ai supprimé les cracks que antivir a détecté)

Re,

Oki bien :super:

Poste un nouveau rapport hijackthis et dis-moi comment va le PC.

Toujours des problèmes ?

 

le pc ça va bien! nikel meme j'ai pu de probleme grace a toi  
tu l'a bien nettoyé!!
encore merci sérieux!!

voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:43, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_forma...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 8845 bytes

C’est OK, tu ne seras plus infecté(e) quand tu auras fait TOUTES les manip’ ci-dessous  

1) Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/toolscleaner...

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

Clique sur Recherche et laisse le scan agir ...

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2) Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/windows/Utilitaire/net...

Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".

Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.

Tutorial ici : http://www.infos-du-net.com/forum/272336-7-ccleaner-und...
3)

Désactive ta restauration systeme

Réactive ta restauration systeme

Tutorial ici : http://www.infos-du-net.com/forum/272480-11-desactiver-...
********************************************************************************

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

- Règles du forum <- ici
- Poster un message <- ici ( par Malekal )

Pour t'enregistrer clique sur le bouton register ( en haut )
Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

Tu auras une liste par type d'infection
Si ton infection n'est pas dans la liste crée un message dans Autres infections

a+ et bon surf  


Quelques liens intéressants :

http://mickael.barroux.free.fr/securite/
http://www.malekal.com/
http://www.infos-du-net.com/forum/275481-11-dossier-pre...

encore merci pour ta patience et toutes tes explications!! je m'en serai jamais sorti sans toi  

a+  

voila le dernier rapport TCcleaner :

-->- Recherche:

C:\Msnfix.zip: trouvé !
C:\MsnFix: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\moi\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\moi\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\moi\Recent\MSNFix.lnk: trouvé !
C:\MSNFix\MsnFix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Msnfix.zip: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\moi\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\moi\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\moi\Recent\MSNFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\MsnFix: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Fichiers temporaires nettoyés !

Re,

De rien ce fut un plaisir !

Rapporte ton infection sur malware complain si ce n'est pas fait, c'est important  

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Bonne continuation