ma clé est virussée

Bonjour,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider.

********

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.

Clique sur Install.

Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)

Accepte la licence en cliquant sur Yes.

Clique sur "Do a system scan and save a logfile".

Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

Logfile of HijackThis v1.99.1
Scan saved at 20:09:23, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\Kany\LOCALS~1\Temp\Rar$EX14.9037\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Kany\LOCALS~1\Temp\Rar$EX20.6244\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.cyberlibris.com
O15 - Trusted Zone: http://site.ebrary.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anysite/support/plugins/ebra...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

voici le rapport j'ai attendu d'être chez moi pour le lancer, mais ma clé usb n'apparaît pas, par contre mon pc n'est pas en bonne état non plus j'ai le trojan agent.abt et .aei

Tu utilises l'ancienne version d'HijackThis, désinstalle-la et installe la nouvelle comme expliqué dans mon canned  

voici la nouvelle version du rapport   avec la bonne version
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:51, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cyberlibris.com
O15 - Trusted Zone: http://site.ebrary.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anysite/support/plugins/ebra...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

--
End of file - 9103 bytes

Re,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider.

*********

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)

Double clique sur ComboFix.exe.

Accepte la licence en cliquant sur Oui.

Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

ComboFix 08-07-07.3 - Kany 2008-07-08 18:26:55.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.86 [GMT 2:00]
Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Kany\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\svchost.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.

2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
2008-07-07 20:35 . 2008-07-07 20:35 25,111,413 --a------ C:\WINDOWS\VPTNFILE.389
2008-07-07 20:35 . 2008-07-07 20:35 25,111,413 --a------ C:\WINDOWS\LPT$VPN.389
2008-07-07 20:34 . 2008-07-07 20:34 <REP> d-------- C:\WINDOWS\AU_Temp
2008-07-05 10:39 . 2007-01-07 19:07 49,242 -r-hs---- C:\RavMon.exe
2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 07:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-08 07:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-08 07:13 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-08 07:13 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-07 18:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-07-07 18:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
"iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
"!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\System32\\lxczcoms.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18216:TCP"= 18216:TCP:NortonAV
"14706:TCP"= 14706:TCP:NortonAV
"13707:TCP"= 13707:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"13328:TCP"= 13328:TCP:NortonAV
"18508:TCP"= 18508:TCP:NortonAV
"13851:TCP"= 13851:TCP:NortonAV
"17371:TCP"= 17371:TCP:NortonAV
"18054:TCP"= 18054:TCP:NortonAV
"15621:TCP"= 15621:TCP:NortonAV
"12430:TCP"= 12430:TCP:NortonAV
"16426:TCP"= 16426:TCP:NortonAV
"14129:TCP"= 14129:TCP:NortonAV
"17760:TCP"= 17760:TCP:NortonAV
"12299:TCP"= 12299:TCP:NortonAV
"13517:TCP"= 13517:TCP:NortonAV
"13458:TCP"= 13458:TCP:NortonAV
"14644:TCP"= 14644:TCP:NortonAV
"16264:TCP"= 16264:TCP:NortonAV
"16183:TCP"= 16183:TCP:NortonAV
"15232:TCP"= 15232:TCP:NortonAV
"12821:TCP"= 12821:TCP:NortonAV
"13200:TCP"= 13200:TCP:NortonAV
"12323:TCP"= 12323:TCP:NortonAV

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]
S3 48ded618-78d1-4ca5-8773-dc214c214ff3;48ded618-78d1-4ca5-8773-dc214c214ff3;E:\Player\cds300.dll []
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2377f3b0-2d50-11dd-bbdf-00042373bfe1}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7eb7a0-e4a4-11dc-bb22-00042373bfe1}]
\Shell\AutoRun\command - t.com
\Shell\explore\Command - t.com
\Shell\open\Command - t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32e21ac0-772f-11dc-b9dc-00042373bfe1}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37183d80-2ef3-11dd-bbeb-00042373bfe1}]
\Shell\AutoRun\command - F:\tmf3w3g0.com
\Shell\explore\Command - F:\tmf3w3g0.com
\Shell\open\Command - F:\tmf3w3g0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dcf46f0-392d-11dd-bc02-00042373bfe1}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{590a6f60-49e9-11dd-bc24-00042373bfe1}]
\shell\1\Command - shell.exe -s

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6883b120-05af-11dd-bb77-00042373bfe1}]
\Shell\Auto\command - cmd /C launch.bat
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad034ec0-330f-11dd-bbf4-00042373bfe1}]
\Shell\Auto\command - F:\bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d6c380-3ee9-11dd-bc0e-00042373bfe1}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-08 06:42:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 18:30:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-08 18:31:04
ComboFix-quarantined-files.txt 2008-07-08 16:31:02

Pre-Run: 7,329,300,480 octets libres
Post-Run: 7,568,506,880 octets libres

174 --- E O F --- 2008-06-28 06:09:20

je n'ai pas réussi à désactiver AVG donc je ne sais pas si j'ai bien suivi les manip   mais j'ai quand même eu un rapport

Re,

Sélectionne l'intégralité du cadre ci-dessous :



Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
S'il n'y a pas de rédémarrage, poste quand même le rapport.

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Enregistre le sous sur ton bureau sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix.

ComboFix créera ces fichiers sur ton Bureau :
- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm

ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.

Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.

Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"

Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
- Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.

Soumets le fichier en cliquant "OK"

Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

j'ai eu un nouveau rapport mais je n'ai pas la suite : Submit Files for further analysis

est ce que j'envoie le nouveau rapport ?

Oui  

voilà
ComboFix 08-07-07.3 - Kany 2008-07-09 19:19:09.4 - FAT32x86
Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kany\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\bittorrent.exe
C:\Boot.exe
C:\launch.bat
C:\shell.exe
C:\t.com
C:\tmC3w3g0.com
D:\bittorrent.exe
D:\Boot.exe
D:\launDh.bat
D:\shell.exe
D:\t.Dom
D:\tmD3w3g0.Dom
E:\bittorrent.exe
E:\Boot.exe
E:\launEh.bat
E:\shell.exe
E:\t.Eom
E:\tmE3w3g0.Eom
F:\bittorrent.exe
F:\Boot.exe
F:\launch.bat
F:\shell.exe
F:\t.com
F:\tmf3w3g0.com
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 18:55 . 2008-07-09 18:55 <REP> d-------- C:\WINDOWS\LastGood
2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\VPTNFILE.395
2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\LPT$VPN.395
2008-07-09 07:37 . 2008-07-09 07:37 <REP> d-------- C:\WINDOWS\AU_Temp
2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 06:56 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 06:56 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-09 06:56 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-09 06:56 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-09 05:38 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-07-09 05:38 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-08_18.30.44,86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 16:12:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 16:45:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-07-09 16:54:54 2,158 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{867B9F48-78DE-4F6C-A75B-818F0D31DDCF}.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
"iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
"!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\System32\\lxczcoms.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18216:TCP"= 18216:TCP:NortonAV
"14706:TCP"= 14706:TCP:NortonAV
"13707:TCP"= 13707:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"13328:TCP"= 13328:TCP:NortonAV
"18508:TCP"= 18508:TCP:NortonAV
"13851:TCP"= 13851:TCP:NortonAV
"17371:TCP"= 17371:TCP:NortonAV
"18054:TCP"= 18054:TCP:NortonAV
"15621:TCP"= 15621:TCP:NortonAV
"12430:TCP"= 12430:TCP:NortonAV
"16426:TCP"= 16426:TCP:NortonAV
"14129:TCP"= 14129:TCP:NortonAV
"17760:TCP"= 17760:TCP:NortonAV
"12299:TCP"= 12299:TCP:NortonAV
"13517:TCP"= 13517:TCP:NortonAV
"13458:TCP"= 13458:TCP:NortonAV
"14644:TCP"= 14644:TCP:NortonAV
"16264:TCP"= 16264:TCP:NortonAV
"16183:TCP"= 16183:TCP:NortonAV
"15232:TCP"= 15232:TCP:NortonAV
"12821:TCP"= 12821:TCP:NortonAV
"13200:TCP"= 13200:TCP:NortonAV
"12323:TCP"= 12323:TCP:NortonAV

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{682221c0-71cd-11dc-b9c1-00042373bfe1}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-09 05:42:18 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 19:23:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-09 19:24:43
ComboFix-quarantined-files.txt 2008-07-09 17:24:34
ComboFix3.txt 2008-07-08 16:31:06
ComboFix2.txt 2008-07-09 05:34:46

Pre-Run: 8,014,807,040 octets libres
Post-Run: 8,011,825,152 octets libres

170 --- E O F --- 2008-06-28 06:09:20

Re,

Repasse Flash-Disinfector.

Puis :

Sélectionne l'intégralité du cadre ci-dessous :

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Enregistre le sous sur ton bureau sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

encore un rapport  

ComboFix 08-07-07.3 - Kany 2008-07-09 22:23:02.5 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.79 [GMT 2:00]
Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kany\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\RavMon.exe
C:\Windows\system32\RavMon.exe
D:\RavMon.exe
E:\RavMon.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\RavMon.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\VPTNFILE.395
2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\LPT$VPN.395
2008-07-09 07:37 . 2008-07-09 07:37 <REP> d-------- C:\WINDOWS\AU_Temp
2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-09 18:06 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-09 18:06 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-09 05:38 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-07-09 05:38 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-08_18.30.44,86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 16:12:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 18:07:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-07-09 16:54:54 2,158 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{867B9F48-78DE-4F6C-A75B-818F0D31DDCF}.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
"iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
"!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\System32\\lxczcoms.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18216:TCP"= 18216:TCP:NortonAV
"14706:TCP"= 14706:TCP:NortonAV
"13707:TCP"= 13707:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"13328:TCP"= 13328:TCP:NortonAV
"18508:TCP"= 18508:TCP:NortonAV
"13851:TCP"= 13851:TCP:NortonAV
"17371:TCP"= 17371:TCP:NortonAV
"18054:TCP"= 18054:TCP:NortonAV
"15621:TCP"= 15621:TCP:NortonAV
"12430:TCP"= 12430:TCP:NortonAV
"16426:TCP"= 16426:TCP:NortonAV
"14129:TCP"= 14129:TCP:NortonAV
"17760:TCP"= 17760:TCP:NortonAV
"12299:TCP"= 12299:TCP:NortonAV
"13517:TCP"= 13517:TCP:NortonAV
"13458:TCP"= 13458:TCP:NortonAV
"14644:TCP"= 14644:TCP:NortonAV
"16264:TCP"= 16264:TCP:NortonAV
"16183:TCP"= 16183:TCP:NortonAV
"15232:TCP"= 15232:TCP:NortonAV
"12821:TCP"= 12821:TCP:NortonAV
"13200:TCP"= 13200:TCP:NortonAV
"12323:TCP"= 12323:TCP:NortonAV

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-09 19:42:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 22:25:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-09 22:26:33
ComboFix-quarantined-files.txt 2008-07-09 20:26:30
ComboFix4.txt 2008-07-08 16:31:06
ComboFix3.txt 2008-07-09 05:34:46
ComboFix2.txt 2008-07-09 17:24:48

Pre-Run: 8,024,588,288 octets libres
Post-Run: 8,017,100,800 octets libres

151 --- E O F --- 2008-06-28 06:09:20

Re,

C'est mieux ?

Poste un nouveau rapport HijackThis..


En effet, regarde le nombre de sujets que j'ai sur le dos, autres Helpers en vacances  

C'est pas trop compliqué pour moi encore de faire des rapports   j'ai vu qu'il y a en effet un certain nombre d'internautes désespérés par des virus  

ComboFix 08-07-07.3 - Kany 2008-07-09 22:23:02.5 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.79 [GMT 2:00]
Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kany\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\RavMon.exe
C:\Windows\system32\RavMon.exe
D:\RavMon.exe
E:\RavMon.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\RavMon.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\VPTNFILE.395
2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\LPT$VPN.395
2008-07-09 07:37 . 2008-07-09 07:37 <REP> d-------- C:\WINDOWS\AU_Temp
2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-09 18:06 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-09 18:06 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-09 05:38 91,744 ----a-w C:\WINDOWS\BPMNT.dll
2008-07-09 05:38 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-08_18.30.44,86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-08 16:12:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-09 18:07:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-07-09 16:54:54 2,158 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{867B9F48-78DE-4F6C-A75B-818F0D31DDCF}.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
"LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
"iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
"!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\System32\\lxczcoms.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18216:TCP"= 18216:TCP:NortonAV
"14706:TCP"= 14706:TCP:NortonAV
"13707:TCP"= 13707:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"13328:TCP"= 13328:TCP:NortonAV
"18508:TCP"= 18508:TCP:NortonAV
"13851:TCP"= 13851:TCP:NortonAV
"17371:TCP"= 17371:TCP:NortonAV
"18054:TCP"= 18054:TCP:NortonAV
"15621:TCP"= 15621:TCP:NortonAV
"12430:TCP"= 12430:TCP:NortonAV
"16426:TCP"= 16426:TCP:NortonAV
"14129:TCP"= 14129:TCP:NortonAV
"17760:TCP"= 17760:TCP:NortonAV
"12299:TCP"= 12299:TCP:NortonAV
"13517:TCP"= 13517:TCP:NortonAV
"13458:TCP"= 13458:TCP:NortonAV
"14644:TCP"= 14644:TCP:NortonAV
"16264:TCP"= 16264:TCP:NortonAV
"16183:TCP"= 16183:TCP:NortonAV
"15232:TCP"= 15232:TCP:NortonAV
"12821:TCP"= 12821:TCP:NortonAV
"13200:TCP"= 13200:TCP:NortonAV
"12323:TCP"= 12323:TCP:NortonAV

R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-09 19:42:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 22:25:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-09 22:26:33
ComboFix-quarantined-files.txt 2008-07-09 20:26:30
ComboFix4.txt 2008-07-08 16:31:06
ComboFix3.txt 2008-07-09 05:34:46
ComboFix2.txt 2008-07-09 17:24:48

Pre-Run: 8,024,588,288 octets libres
Post-Run: 8,017,100,800 octets libres

151 --- E O F --- 2008-06-28 06:09:20

Re,

Tu t'es trompé.
C'est un nouveau rapport HijackThis que je veux  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43:58, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cyberlibris.com
O15 - Trusted Zone: http://site.ebrary.com
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anysite/support/plugins/ebra...
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

--
End of file - 8590 bytes

j'ai du sélectionner le mauvais doc bloc note  

le plus simple c'est sa

http://forum.pcastuces.com/pre_nettoyage_un_pc_infecte-...

le plus simple c'est sa

http://forum.pcastuces.com/pre_nettoyage_un_pc_infecte-...

est pour ta clef USB achet toi une otre c'est pa cher  

Vas-tu arrêter arif, je fais appel à la modération si je recroise un post.  

Cephyse, ce n'est pas grave  

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

[#FF0000]Aide : Comment utiliser MBAM.