Bonjour a Tous j'ai depuis quelque jour un gros problème un triangle Jaune et aparu a coté de l'heure et il crée des pop up toute les 5 sec ... de plus une frenêtre s'ouvre toute les 2 min en disant que mon ordi est infecté.. antivir a détécter ce virus mais rien a fair mème si je le suprimme il reste.. Help

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

lu voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:45, on 07/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\BUREAU\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bestyourmeds.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
R3 - URLSearchHook: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C5ED18789EAE6F2A1FBB39BFE4976E26CAEDDA7B597A402D3BC7C7 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O2 - BHO: (no name) - {0CBFB9D3-EDC0-446C-8F80-0FC19A01CC88} - C:\WINDOWS\system32\khfcBtQJ.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O2 - BHO: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BhoApp Class - {3EDBF8E9-3130-72C8-ED30-32A3DB08ED44} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\iifcyvUk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul0.dll
O3 - Toolbar: Secured eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec0.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur FAMILLE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur FAMILLE" /O20 "\\FAMILLE\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [defragsys] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.0.370.0\ZangoSA.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\BUREAU\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Windows Service] C:\Documents and Settings\BUREAU\mmmhwk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P51 "Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC" /O28 "\\DROUVIN-32356EC\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SaiVolume] C:\Program Files\Saitek\SD6\Software\SaiVolume.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus DX3800 Series sur PAULINE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P43 "Auto EPSON Stylus DX3800 Series sur PAULINE" /O20 "\\PAULINE\Imprimante" /M "Stylus DX3800"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [defragsys] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [pvsdhnv] c:\documents and settings\bureau\local settings\application data\pvsdhnv.exe pvsdhnv
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VirusIsolator.exe] C:\Program Files\VirusIsolator\VirusIsolator.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Startup: hamachi.lnk = W:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: iifcyvUk - iifcyvUk.dll (file missing)
O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 13749 bytes

Re,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

voila se que sa donne


ComboFix 08-09-05.03 - BUREAU 2008-09-07 19:03:04.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1478 [GMT 2:00]
Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Documents and Settings\BUREAU\Application Data\addon.dat
C:\Documents and Settings\BUREAU\Application Data\printer.exe
C:\Documents and Settings\BUREAU\Application Data\temp.dll
C:\Documents and Settings\BUREAU\Application Data\Zango
C:\Documents and Settings\BUREAU\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv_nav.dat
C:\Documents and Settings\BUREAU\Local Settings\Application Data\pvsdhnv_navps.dat
C:\Documents and Settings\BUREAU\Local Settings\Tempmjiwep0.exe
C:\Documents and Settings\BUREAU\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\tous\Cookies\tous@a.hasbro[2].txt
C:\Documents and Settings\tous\Cookies\tous@clickintext[2].txt
C:\Documents and Settings\tous\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\JQtBcfhk.ini
C:\WINDOWS\system32\JQtBcfhk.ini2
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wdpoefan.dll
C:\Documents and Settings\Invité\Cookies\invité@www.toutpourlamicro[1].txt . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))))))))
.

2008-09-07 09:32 . 2008-09-07 09:32 575 --a------ C:\WINDOWS\qtracker.INI
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-05 20:54 . 2007-06-20 17:02 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-05 20:54 . 2007-06-20 18:58 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-05 20:54 . 2007-06-20 18:58 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-05 20:54 . 2008-09-05 20:54 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-03 14:56 . 2008-09-03 14:56 <REP> d-------- C:\WINDOWS\system32\xlib254.dll
2008-09-03 14:56 . 2008-09-03 14:56 <REP> d-------- C:\WINDOWS\system32\append.dll
2008-08-27 23:03 . 2008-08-27 23:03 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-21 19:44 . 2008-08-21 19:44 <REP> d-------- C:\Program Files\MSXML 6.0
2008-08-21 00:14 . 2008-08-21 00:15 1,828,319 --a------ C:\WINDOWS\Counter-Strike Source LAN Edition Uninstaller.exe
2008-08-20 22:42 . 2008-08-20 22:42 <REP> d-------- C:\Game
2008-08-20 16:32 . 2008-08-20 16:32 <REP> d-------- C:\Program Files\MSBuild
2008-08-20 16:31 . 2008-08-20 16:33 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-08-20 16:30 . 2008-08-20 16:30 <REP> d-------- C:\Program Files\Reference Assemblies
2008-08-20 16:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-08-20 16:26 . 2008-09-06 21:48 <REP> d-------- C:\Program Files\World of Warcraft
2008-08-13 18:48 . 2008-09-07 18:19 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\Hamachi
2008-08-13 18:48 . 2008-08-13 18:48 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-12 01:56 . 2008-08-12 01:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-08-12 01:55 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-12 01:55 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-12 01:55 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-08-12 01:55 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-08-11 22:21 . 2008-08-29 20:04 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-08-11 16:08 . 2008-08-11 16:08 <REP> d-------- C:\Program Files\EA GAMES
2008-08-11 15:51 . 2008-08-11 16:03 45 --a------ C:\TEST.XML
2008-08-10 19:20 . <REP> C:\Documents and Settings\BUREAU\Application Data\La Bataille pour la Terre du Milieu T II
2008-08-09 11:43 . 2007-06-20 17:00 216 --ahs---- C:\BOOT.BKK
2008-08-07 14:04 . 2008-08-07 14:04 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 17:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-07 07:39 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Xfire
2008-09-06 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-05 18:49 --------- d-s---w C:\Program Files\Xfire
2008-09-03 17:32 --------- d-----w C:\Documents and Settings\tous\Application Data\OpenOffice.org2
2008-09-03 12:31 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\BitTorrent
2008-08-31 09:09 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\DNA
2008-08-30 18:22 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-30 07:50 --------- d-----w C:\Program Files\DNA
2008-08-21 02:54 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-19 17:04 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-19 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 17:44 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\La Bataille pour la Terre du Milieu ™ II
2008-08-12 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-11 23:56 22,328 ----a-w C:\Documents and Settings\BUREAU\Application Data\PnkBstrK.sys
2008-08-07 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania
2008-08-07 21:51 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Qtracker
2008-08-04 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-02 09:44 --------- d-----w C:\Program Files\BitTorrent
2008-07-31 16:53 --------- d-----w C:\Program Files\eMule
2008-07-30 15:22 --------- d-----w C:\Program Files\Electronic Arts
2008-07-30 11:16 --------- d-----w C:\Documents and Settings\tous\Application Data\vlc
2008-07-30 06:00 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\vlc
2008-07-30 05:59 --------- d-----w C:\Program Files\VideoLAN
2008-07-26 10:45 --------- d-----w C:\Documents and Settings\tous\Application Data\Media Player Classic
2008-07-22 10:31 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-22 10:31 --------- d-----w C:\Program Files\AGEIA Technologies
2008-07-18 08:46 --------- d-----w C:\Program Files\The All-Seeing Eye
2008-07-17 10:06 --------- d-----w C:\Program Files\Saitek
2008-07-17 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-07-16 21:35 --------- d-----w C:\Program Files\Real
2008-07-16 21:35 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-07-16 21:35 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-07-16 21:30 --------- d-----w C:\Program Files\DivX
2008-07-16 14:28 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\OpenOffice.org2
2008-07-15 13:02 --------- d-----w C:\Documents and Settings\tous\Application Data\Ahead
2008-07-12 15:45 --------- d-----w C:\Program Files\Java
2007-08-16 21:49 4,572 --sha-w C:\WINDOWS\system32\Bifrost\klog.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec0.dll" [2007-12-14 1502232]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
2007-12-14 19:16 1502232 --a------ C:\Program Files\Secured_eMule\tbSec0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec0.dll" [2007-12-14 1502232]

[HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 128000]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 167368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2008-01-14 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-20 385024]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"Auto EPSON Stylus DX3800 Series sur FAMILLE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"Auto EPSON Stylus DX3800 Series sur DROUVIN-32356EC"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"SMSTray"="C:\Program Files\Samsung\EmoDio\SMSTray.exe" [2008-06-23 479232]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-16 185896]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-29 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-29 131072]
"SaiVolume"="C:\Program Files\Saitek\SD6\Software\SaiVolume.exe" [2007-10-29 126976]
"Auto EPSON Stylus DX3800 Series sur PAULINE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-04-24 C:\WINDOWS\SkyTel.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 C:\WINDOWS\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\BUREAU\\Mes documents\\JEUX\\batllefield2\\BF2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"C:\\Documents and Settings\\BUREAU\\Mes documents\\JEUX\\cube\\bin\\cube.exe"=
"C:\\WINDOWS\\system32\\muzapp.exe"=
"W:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"W:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"W:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"W:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"W:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"W:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"W:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"W:\\Program Files\\Age of Empires III\\age3.exe"=
"W:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"W:\\Program Files\\Electronic Arts\\Command & Conquer Generals\\game.dat"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"W:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"W:\\Program Files\\TmNationsForever\\TmForever.exe"=
"W:\\Program Files\\Electronic Arts\\lotr\\game.dat"=
"W:\\Program Files\\WIC\\wic.exe"=
"W:\\Program Files\\WIC\\wic_online.exe"=
"W:\\Program Files\\WIC\\wic_ds.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"W:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"W:\\Counter-Strike Source LAN Edition\\hl2.exe"=
"W:\\Program Files\\Qtracker\\qtracker.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R3 SaiH0728;SaiH0728;C:\WINDOWS\system32\DRIVERS\SaiH0728.sys [2007-10-30 136448]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-01-26 68954]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 XDva170;XDva170;C:\WINDOWS\system32\XDva170.sys [ ]
S3 XDva181;XDva181;C:\WINDOWS\system32\XDva181.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b23a05d-1f4e-11dc-b5e0-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{0CBFB9D3-EDC0-446C-8F80-0FC19A01CC88} - C:\WINDOWS\system32\khfcBtQJ.dll
HKCU-Run-defragsys - C:\WINDOWS\svchost.exe
HKCU-Run-AdVantage - C:\Program Files\AdVantage\AdVantage.exe
HKCU-Run-Steam - c:\program files\steam\steam.exe
HKLM-Run-BigDogPath - C:\WINDOWS\VM_STI.EXE
HKLM-Run-defragsys - C:\WINDOWS\svchost.exe
Notify-iifcyvUk - iifcyvUk.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\BUREAU\Application Data\Mozilla\Firefox\Profiles\trzu1ns7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:frfficial
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 19:07:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-07 19:11:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 17:11:15

Pre-Run: 15,474,601,984 octets libres
Post-Run: 15,564,849,152 octets libres

286 --- E O F --- 2008-08-22 08:32:50

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

• Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
• Afin de lancer la recherche, clic sur"Rechercher".
• Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

Lol je m'en été pa apercu mais c parti jé plu ce viruse et jé a nouveau acces au panneau de configuration


merci bcp