Se connecter avec
S'enregistrer | Connectez-vous

ma clé est virussée

Dernière réponse : dans Sécurité
Lassé par la pub ? Créez un compte

Bonjour,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    ********

    Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:09:23, on 07/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
    C:\Program Files\iRiver\iHP100\iHPDetect.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\DOCUME~1\Kany\LOCALS~1\Temp\Rar$EX14.9037\HijackThis.exe
    C:\WINDOWS\explorer.exe
    C:\DOCUME~1\Kany\LOCALS~1\Temp\Rar$EX20.6244\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.cyberlibris.com
    O15 - Trusted Zone: http://site.ebrary.com
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anysite/support/plugins/ebra...
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

    voici la nouvelle version du rapport :)  avec la bonne version
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:11:51, on 08/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
    C:\Program Files\iRiver\iHP100\iHPDetect.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.cyberlibris.com
    O15 - Trusted Zone: http://site.ebrary.com
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anysite/support/plugins/ebra...
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

    --
    End of file - 9103 bytes

    Re,

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    *********

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.

    ComboFix 08-07-07.3 - Kany 2008-07-08 18:26:55.1 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.86 [GMT 2:00]
    Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Autorun.inf
    C:\Documents and Settings\Kany\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\svchost.ini
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-07 20:35 . 2008-07-07 20:35 25,111,413 --a------ C:\WINDOWS\VPTNFILE.389
    2008-07-07 20:35 . 2008-07-07 20:35 25,111,413 --a------ C:\WINDOWS\LPT$VPN.389
    2008-07-07 20:34 . 2008-07-07 20:34 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-07-05 10:39 . 2007-01-07 19:07 49,242 -r-hs---- C:\RavMon.exe
    2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
    2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-08 07:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-08 07:13 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-08 07:13 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-07-08 07:13 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-07-07 18:35 91,744 ----a-w C:\WINDOWS\BPMNT.dll
    2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
    2008-07-07 18:35 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
    2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
    "LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
    "iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
    "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
    "!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\System32\\lxczcoms.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18216:TCP"= 18216:TCP:NortonAV
    "14706:TCP"= 14706:TCP:NortonAV
    "13707:TCP"= 13707:TCP:NortonAV
    "13116:TCP"= 13116:TCP:NortonAV
    "13328:TCP"= 13328:TCP:NortonAV
    "18508:TCP"= 18508:TCP:NortonAV
    "13851:TCP"= 13851:TCP:NortonAV
    "17371:TCP"= 17371:TCP:NortonAV
    "18054:TCP"= 18054:TCP:NortonAV
    "15621:TCP"= 15621:TCP:NortonAV
    "12430:TCP"= 12430:TCP:NortonAV
    "16426:TCP"= 16426:TCP:NortonAV
    "14129:TCP"= 14129:TCP:NortonAV
    "17760:TCP"= 17760:TCP:NortonAV
    "12299:TCP"= 12299:TCP:NortonAV
    "13517:TCP"= 13517:TCP:NortonAV
    "13458:TCP"= 13458:TCP:NortonAV
    "14644:TCP"= 14644:TCP:NortonAV
    "16264:TCP"= 16264:TCP:NortonAV
    "16183:TCP"= 16183:TCP:NortonAV
    "15232:TCP"= 15232:TCP:NortonAV
    "12821:TCP"= 12821:TCP:NortonAV
    "13200:TCP"= 13200:TCP:NortonAV
    "12323:TCP"= 12323:TCP:NortonAV

    R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]
    S3 48ded618-78d1-4ca5-8773-dc214c214ff3;48ded618-78d1-4ca5-8773-dc214c214ff3;E:\Player\cds300.dll []
    S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2377f3b0-2d50-11dd-bbdf-00042373bfe1}]
    \Shell\Auto\command - F:\bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7eb7a0-e4a4-11dc-bb22-00042373bfe1}]
    \Shell\AutoRun\command - t.com
    \Shell\explore\Command - t.com
    \Shell\open\Command - t.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32e21ac0-772f-11dc-b9dc-00042373bfe1}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
    \Shell\Open\command - Boot.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37183d80-2ef3-11dd-bbeb-00042373bfe1}]
    \Shell\AutoRun\command - F:\tmf3w3g0.com
    \Shell\explore\Command - F:\tmf3w3g0.com
    \Shell\open\Command - F:\tmf3w3g0.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dcf46f0-392d-11dd-bc02-00042373bfe1}]
    \Shell\Auto\command - F:\bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{590a6f60-49e9-11dd-bc24-00042373bfe1}]
    \shell\1\Command - shell.exe -s

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6883b120-05af-11dd-bb77-00042373bfe1}]
    \Shell\Auto\command - cmd /C launch.bat
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad034ec0-330f-11dd-bbf4-00042373bfe1}]
    \Shell\Auto\command - F:\bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d6c380-3ee9-11dd-bc0e-00042373bfe1}]
    \Shell\AutoRun\command - tmf3w3g0.com
    \Shell\explore\Command - tmf3w3g0.com
    \Shell\open\Command - tmf3w3g0.com

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-08 06:42:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe



    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-08 18:30:03
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-08 18:31:04
    ComboFix-quarantined-files.txt 2008-07-08 16:31:02

    Pre-Run: 7,329,300,480 octets libres
    Post-Run: 7,568,506,880 octets libres

    174 --- E O F --- 2008-06-28 06:09:20

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    Collect::
    C:\RavMon.exe

    Driver::
    Boonty Games
    48ded618-78d1-4ca5-8773-dc214c214ff3

    File::
    F:\tmf3w3g0.com
    F:\bittorrent.exe
    F:\shell.exe
    F:\launch.bat
    F:\Boot.exe
    F:\t.com
    C:\tmC3w3g0.com
    C:\bittorrent.exe
    C:\shell.exe
    C:\launch.bat
    C:\Boot.exe
    C:\t.com
    D:\tmD3w3g0.Dom
    D:\bittorrent.exe
    D:\shell.exe
    D:\launDh.bat
    D:\Boot.exe
    D:\t.Dom
    E:\tmE3w3g0.Eom
    E:\bittorrent.exe
    E:\shell.exe
    E:\launEh.bat
    E:\Boot.exe
    E:\t.Eom

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2377f3b0-2d50-11dd-bbdf-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7eb7a0-e4a4-11dc-bb22-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32e21ac0-772f-11dc-b9dc-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37183d80-2ef3-11dd-bbeb-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dcf46f0-392d-11dd-bc02-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{590a6f60-49e9-11dd-bc24-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6883b120-05af-11dd-bb77-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad034ec0-330f-11dd-bbf4-00042373bfe1}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8d6c380-3ee9-11dd-bc0e-00042373bfe1}]


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport ComboFix.txt.
    S'il n'y a pas de rédémarrage, poste quand même le rapport.

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    voilà
    ComboFix 08-07-07.3 - Kany 2008-07-09 19:19:09.4 - FAT32x86
    Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kany\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\bittorrent.exe
    C:\Boot.exe
    C:\launch.bat
    C:\shell.exe
    C:\t.com
    C:\tmC3w3g0.com
    D:\bittorrent.exe
    D:\Boot.exe
    D:\launDh.bat
    D:\shell.exe
    D:\t.Dom
    D:\tmD3w3g0.Dom
    E:\bittorrent.exe
    E:\Boot.exe
    E:\launEh.bat
    E:\shell.exe
    E:\t.Eom
    E:\tmE3w3g0.Eom
    F:\bittorrent.exe
    F:\Boot.exe
    F:\launch.bat
    F:\shell.exe
    F:\t.com
    F:\tmf3w3g0.com
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-09 18:55 . 2008-07-09 18:55 <REP> d-------- C:\WINDOWS\LastGood
    2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\VPTNFILE.395
    2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\LPT$VPN.395
    2008-07-09 07:37 . 2008-07-09 07:37 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
    2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 06:56 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-09 06:56 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-09 06:56 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-07-09 06:56 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-07-09 05:38 91,744 ----a-w C:\WINDOWS\BPMNT.dll
    2008-07-09 05:38 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
    2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
    2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-08_18.30.44,86 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-08 16:12:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-09 16:45:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-07-09 16:54:54 2,158 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{867B9F48-78DE-4F6C-A75B-818F0D31DDCF}.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
    "LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
    "iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
    "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
    "!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\System32\\lxczcoms.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18216:TCP"= 18216:TCP:NortonAV
    "14706:TCP"= 14706:TCP:NortonAV
    "13707:TCP"= 13707:TCP:NortonAV
    "13116:TCP"= 13116:TCP:NortonAV
    "13328:TCP"= 13328:TCP:NortonAV
    "18508:TCP"= 18508:TCP:NortonAV
    "13851:TCP"= 13851:TCP:NortonAV
    "17371:TCP"= 17371:TCP:NortonAV
    "18054:TCP"= 18054:TCP:NortonAV
    "15621:TCP"= 15621:TCP:NortonAV
    "12430:TCP"= 12430:TCP:NortonAV
    "16426:TCP"= 16426:TCP:NortonAV
    "14129:TCP"= 14129:TCP:NortonAV
    "17760:TCP"= 17760:TCP:NortonAV
    "12299:TCP"= 12299:TCP:NortonAV
    "13517:TCP"= 13517:TCP:NortonAV
    "13458:TCP"= 13458:TCP:NortonAV
    "14644:TCP"= 14644:TCP:NortonAV
    "16264:TCP"= 16264:TCP:NortonAV
    "16183:TCP"= 16183:TCP:NortonAV
    "15232:TCP"= 15232:TCP:NortonAV
    "12821:TCP"= 12821:TCP:NortonAV
    "13200:TCP"= 13200:TCP:NortonAV
    "12323:TCP"= 12323:TCP:NortonAV

    R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{682221c0-71cd-11dc-b9c1-00042373bfe1}]
    \Shell\AutoRun\command - RavMon.exe
    \Shell\explore\Command - RavMon.exe -e
    \Shell\open\Command - RavMon.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-09 05:42:18 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 19:23:06
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-09 19:24:43
    ComboFix-quarantined-files.txt 2008-07-09 17:24:34
    ComboFix3.txt 2008-07-08 16:31:06
    ComboFix2.txt 2008-07-09 05:34:46

    Pre-Run: 8,014,807,040 octets libres
    Post-Run: 8,011,825,152 octets libres

    170 --- E O F --- 2008-06-28 06:09:20

    Re,

    Repasse Flash-Disinfector.

    Puis :

    Sélectionne l'intégralité du cadre ci-dessous :

    File::
    C:\Windows\system32\RavMon.exe
    C:\RavMon.exe
    D:\RavMon.exe
    E:\RavMon.exe

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{682221c0-71cd-11dc-b9c1-00042373bfe1}]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    encore un rapport :) 

    ComboFix 08-07-07.3 - Kany 2008-07-09 22:23:02.5 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.79 [GMT 2:00]
    Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kany\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\RavMon.exe
    C:\Windows\system32\RavMon.exe
    D:\RavMon.exe
    E:\RavMon.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\RavMon.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\VPTNFILE.395
    2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\LPT$VPN.395
    2008-07-09 07:37 . 2008-07-09 07:37 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
    2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-09 18:06 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-07-09 18:06 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-07-09 05:38 91,744 ----a-w C:\WINDOWS\BPMNT.dll
    2008-07-09 05:38 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
    2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
    2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-08_18.30.44,86 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-08 16:12:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-09 18:07:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-07-09 16:54:54 2,158 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{867B9F48-78DE-4F6C-A75B-818F0D31DDCF}.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
    "LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
    "iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
    "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
    "!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\System32\\lxczcoms.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18216:TCP"= 18216:TCP:NortonAV
    "14706:TCP"= 14706:TCP:NortonAV
    "13707:TCP"= 13707:TCP:NortonAV
    "13116:TCP"= 13116:TCP:NortonAV
    "13328:TCP"= 13328:TCP:NortonAV
    "18508:TCP"= 18508:TCP:NortonAV
    "13851:TCP"= 13851:TCP:NortonAV
    "17371:TCP"= 17371:TCP:NortonAV
    "18054:TCP"= 18054:TCP:NortonAV
    "15621:TCP"= 15621:TCP:NortonAV
    "12430:TCP"= 12430:TCP:NortonAV
    "16426:TCP"= 16426:TCP:NortonAV
    "14129:TCP"= 14129:TCP:NortonAV
    "17760:TCP"= 17760:TCP:NortonAV
    "12299:TCP"= 12299:TCP:NortonAV
    "13517:TCP"= 13517:TCP:NortonAV
    "13458:TCP"= 13458:TCP:NortonAV
    "14644:TCP"= 14644:TCP:NortonAV
    "16264:TCP"= 16264:TCP:NortonAV
    "16183:TCP"= 16183:TCP:NortonAV
    "15232:TCP"= 15232:TCP:NortonAV
    "12821:TCP"= 12821:TCP:NortonAV
    "13200:TCP"= 13200:TCP:NortonAV
    "12323:TCP"= 12323:TCP:NortonAV

    R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-09 19:42:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 22:25:50
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-09 22:26:33
    ComboFix-quarantined-files.txt 2008-07-09 20:26:30
    ComboFix4.txt 2008-07-08 16:31:06
    ComboFix3.txt 2008-07-09 05:34:46
    ComboFix2.txt 2008-07-09 17:24:48

    Pre-Run: 8,024,588,288 octets libres
    Post-Run: 8,017,100,800 octets libres

    151 --- E O F --- 2008-06-28 06:09:20

    C'est pas trop compliqué pour moi encore de faire des rapports ;)  j'ai vu qu'il y a en effet un certain nombre d'internautes désespérés par des virus :( 

    ComboFix 08-07-07.3 - Kany 2008-07-09 22:23:02.5 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.79 [GMT 2:00]
    Endroit: C:\Documents and Settings\Kany\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Kany\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\RavMon.exe
    C:\Windows\system32\RavMon.exe
    D:\RavMon.exe
    E:\RavMon.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\RavMon.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\VPTNFILE.395
    2008-07-09 07:38 . 2008-07-09 07:38 25,135,513 --a------ C:\WINDOWS\LPT$VPN.395
    2008-07-09 07:37 . 2008-07-09 07:37 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-07-08 09:11 . 2008-07-08 09:11 <REP> d-------- C:\Program Files\Trend Micro
    2008-06-27 22:28 . 2008-06-27 22:28 <REP> d-------- C:\WINDOWS\backup
    2008-06-27 21:15 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-26 13:25 . 2008-06-26 13:25 <REP> d-------- C:\Documents and Settings\Kany\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-07-09 18:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-07-09 18:06 3,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-07-09 18:06 3,236 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-07-09 05:38 91,744 ----a-w C:\WINDOWS\BPMNT.dll
    2008-07-09 05:38 1,213,784 ----a-w C:\WINDOWS\vsapi32.dll
    2008-07-07 18:35 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2008-07-07 18:35 333,576 ----a-w C:\WINDOWS\tsc.exe
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-01-08 13:20 73,072 ----a-w C:\Documents and Settings\Kany\Application Data\GDIPFONTCACHEV1.DAT
    2006-09-16 18:45 461 ----a-w C:\Program Files\INSTALL.LOG
    2005-12-01 07:01 11,466,856 ----a-w C:\Program Files\zlsSetup_61_737_000_fr.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-08_18.30.44,86 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-07-08 16:12:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-07-09 18:07:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2008-07-09 16:54:54 2,158 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{867B9F48-78DE-4F6C-A75B-818F0D31DDCF}.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" [X]
    "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 17:37 217088]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 17:47 458752]
    "LManager"="C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE" [2003-06-27 17:01 155648]
    "iHP-100"="C:\Program Files\iRiver\iHP100\iHPDetect.exe" [2003-09-30 17:16 28672]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-06-23 10:34 155648]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:28 196608]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-06-23 10:34 114688]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2002-07-25 04:49 151552]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-13 11:28 77824]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-08 11:00 185896]
    "lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-09 00:53 74672]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-09 00:56 295856]
    "!AVG Anti-Spyware"="C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-08-19 20:12 6731312]
    "AGRSMMSG"="AGRSMMSG.exe" [2003-06-23 10:35 88267 C:\WINDOWS\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-12-01 21:37:52 450560]
    Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-29 16:54:19 110592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\System32\\lxczcoms.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18216:TCP"= 18216:TCP:NortonAV
    "14706:TCP"= 14706:TCP:NortonAV
    "13707:TCP"= 13707:TCP:NortonAV
    "13116:TCP"= 13116:TCP:NortonAV
    "13328:TCP"= 13328:TCP:NortonAV
    "18508:TCP"= 18508:TCP:NortonAV
    "13851:TCP"= 13851:TCP:NortonAV
    "17371:TCP"= 17371:TCP:NortonAV
    "18054:TCP"= 18054:TCP:NortonAV
    "15621:TCP"= 15621:TCP:NortonAV
    "12430:TCP"= 12430:TCP:NortonAV
    "16426:TCP"= 16426:TCP:NortonAV
    "14129:TCP"= 14129:TCP:NortonAV
    "17760:TCP"= 17760:TCP:NortonAV
    "12299:TCP"= 12299:TCP:NortonAV
    "13517:TCP"= 13517:TCP:NortonAV
    "13458:TCP"= 13458:TCP:NortonAV
    "14644:TCP"= 14644:TCP:NortonAV
    "16264:TCP"= 16264:TCP:NortonAV
    "16183:TCP"= 16183:TCP:NortonAV
    "15232:TCP"= 15232:TCP:NortonAV
    "12821:TCP"= 12821:TCP:NortonAV
    "13200:TCP"= 13200:TCP:NortonAV
    "12323:TCP"= 12323:TCP:NortonAV

    R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 00:50]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-09 19:42:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 22:25:50
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-09 22:26:33
    ComboFix-quarantined-files.txt 2008-07-09 20:26:30
    ComboFix4.txt 2008-07-08 16:31:06
    ComboFix3.txt 2008-07-09 05:34:46
    ComboFix2.txt 2008-07-09 17:24:48

    Pre-Run: 8,024,588,288 octets libres
    Post-Run: 8,017,100,800 octets libres

    151 --- E O F --- 2008-06-28 06:09:20

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:43:58, on 10/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
    C:\Program Files\iRiver\iHP100\iHPDetect.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu5\AOL_security_toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.cyberlibris.com
    O15 - Trusted Zone: http://site.ebrary.com
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/anysite/support/plugins/ebra...
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Kany\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe

    --
    End of file - 8590 bytes

    Vas-tu arrêter arif, je fais appel à la modération si je recroise un post. :o 

    Cephyse, ce n'est pas grave :D 

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    Lassé par la pub ? Créez un compte
    Tom's guide dans le monde