Option des dossiers disparue et l'accés de la BDR est bloqué [résolu]

alpha_26

24 Janvier 2009 11:03:21

Bonjour tout le monde,comme le sujet l'indique l'option des dossiers a disparue et l'accés de la BDR est bloqué soi disant par l'admin.j'ai été injecté par quelques saloperies, bloqué par fsecuse (pack securite neuf)mais il doit y avoir des "reste"aparrament aidez moi svp please.

Autres pages sur : option dossiers disparue acces bdr bloque resolu

| Etre averti des réponses
| Alerter

Répondre à alpha_26

Sham_Rock

24 Janvier 2009 23:55:53

bonsoir

1

Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.

Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse. (Ce rapport est sur ton bureau.)

2

Télécharge DDS et sauvegarde-le sur ton bureau.

Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.

Double-clique sur dds.scr pour lancer l'outil.

Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .

Clique Oui à la prochaine invite Optional Scan.

Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.

| Alerter

Répondre à Sham_Rock

alpha_26

25 Janvier 2009 09:19:51

bonjour Sham_rock,
Bon je viens de scanner tout ça, mais par contre "catchme" cesse de fonctionner immédiatement après avoir cliqué dessus,en mode mormal et en mode sans échec.
Je te mets le rapport dds et merci pour ton aide.

DDS (Ver_09-01-19.01) - NTFSx86
Run by util at 9:55:58,45 on 25/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1358 [GMT 1:00]

AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
FW: Pack Securite Plus 7.00 *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Windows\system32\lxbtcoms.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files\Lexmark 5200 Series\ezprint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Windows\system32\conime.exe
C:\Users\util\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.fr/
BHO: {0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - c:\windows\system32\duduhahi.dll
BHO: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Jnskdfmf9eldfd] c:\users\util\appdata\local\temp\csrssc.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxbtmon.exe] "c:\program files\lexmark 5200 series\lxbtmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5200 series\ezprint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [F-Secure Manager] "c:\program files\pack securite\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\pack securite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [vebohilori] Rundll32.exe "c:\windows\system32\jejuvusu.dll",s
mRun: [CPM7363a3b0] Rundll32.exe "c:\windows\system32\vohejido.dll",a
dRun: [Jnskdfmf9eldfd] c:\windows\temp\csrssc.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
LSP: c:\program files\pack securite\fsps\program\fslsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\windows\system32\norozuse.dll c:\windows\system32\vohejido.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vohejido.dll
STS: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\vohejido.dll
LSA: Notification Packages = scecli c:\windows\system32\norozuse.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnkjHxx

================= FIREFOX ===================

FF - ProfilePath - c:\users\util\appdata\roaming\mozilla\firefox\profiles\ty2p2323.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\pack securite\hips\fshs.sys [2008-12-20 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-12-20 35024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-20 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\pack securite\anti-virus\minifilter\fsvista.sys [2008-12-20 13168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\pack securite\anti-virus\minifilter\fsgk.sys [2008-12-20 59760]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\pack securite\anti-virus\win2k\fsfilter.sys [2008-12-20 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\pack securite\anti-virus\win2k\fsrec.sys [2008-12-20 25456]
S4 FCI;FCI;c:\windows\system32\fci.exe.exe:ext.exe --> c:\windows\system32\fci.exe.exe:ext.exe [?]
S4 ICF;ICF;c:\windows\system32\icf.exe.exe:ext.exe --> c:\windows\system32\icf.exe.exe:ext.exe [?]
S4 SrvCDEject;SrvCDEject;c:\program files\packard bell\srvCDEject.exe [2008-9-8 600064]

=============== Created Last 30 ================

2009-01-24 21:34 120 ---sh--- c:\windows\system32\irivopas.ini
2009-01-24 19:06 <DIR> --d----- c:\programdata\NVIDIA
2009-01-24 18:57 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-24 18:57 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-24 18:57 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-24 18:57 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-24 14:07 3,636 a------- c:\windows\system32\drivers\nvphy.bin
2009-01-24 09:34 120 ---sh--- c:\windows\system32\ubabarob.ini
2009-01-23 00:49 120 ---sh--- c:\windows\system32\edojoyis.ini
2009-01-23 00:26 120 ---sh--- c:\windows\system32\esunekih.ini
2009-01-22 12:07 120 ---sh--- c:\windows\system32\ivisozez.ini
2009-01-22 12:01 <DIR> --d----- c:\program files\CCleaner
2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG2
2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG1
2009-01-22 01:25 0 a------- C:\ntuser.dat
2009-01-22 01:12 33,832 a------- c:\windows\system32\jkcecsyi.exe
2009-01-22 01:02 33,832 a------- c:\windows\system32\xfgcfras.exe
2009-01-22 00:56 33,832 a------- c:\windows\system32\mesrtvdb.exe
2009-01-22 00:51 33,832 a------- c:\windows\system32\jakpnbzv.exe
2009-01-22 00:48 33,832 a------- c:\windows\system32\zmztyikl.exe
2009-01-22 00:40 33,832 a------- c:\windows\system32\soscivpb.exe
2009-01-22 00:37 33,832 a------- c:\windows\system32\ehhzendb.exe
2009-01-22 00:04 33,832 a------- c:\windows\system32\ixxapvwh.exe
2009-01-21 23:28 120 ---sh--- c:\windows\system32\yrbefagi.ini
2009-01-21 23:25 1,047,617 a--sh--- c:\windows\system32\xxHjknnn.ini2
2009-01-21 23:25 1,047,617 a--sh--- c:\windows\system32\xxHjknnn.ini
2009-01-21 23:21 15,000 a------- c:\windows\system32\hgfdge4unjdfdg.dll
2009-01-21 23:20 47,616 a------- c:\windows\system32\jkKbxxWo.dll
2009-01-21 23:12 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-01-21 23:12 238,088 a------- c:\windows\system32\xactengine3_1.dll
2009-01-21 23:12 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-01-21 23:12 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-01-21 23:12 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-01-21 23:12 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2009-01-21 23:12 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-01-21 23:10 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-01-21 23:10 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-01-21 23:10 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-01-21 23:10 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-01-20 21:42 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-01-20 21:42 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-01-15 08:48 90,112 a------- c:\windows\unvise32.exe
2009-01-15 08:48 <DIR> --d----- c:\program files\Pixie
2009-01-15 08:47 <DIR> a-d----- c:\program files\Furnish Pro
2009-01-14 19:22 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-09 17:17 <DIR> --d----- c:\programdata\Installations

==================== Find3M ====================

2009-01-25 09:38 99,532 a--sh--- c:\windows\system32\vohejido.dll
2009-01-25 09:38 87,169 a--sh--- c:\windows\system32\zevitedu.dll
2009-01-24 21:34 101,533 a--sh--- c:\windows\system32\nusuzefa.dll
2009-01-24 21:34 87,137 a--sh--- c:\windows\system32\sapoviri.dll
2009-01-24 19:13 688,024 a------- c:\windows\system32\perfh00C.dat
2009-01-24 19:13 131,996 a------- c:\windows\system32\perfc00C.dat
2009-01-24 14:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-24 14:07 51,200 a------- c:\windows\inf\infpub.dat
2009-01-24 14:07 86,016 a------- c:\windows\inf\infstor.dat
2009-01-24 09:34 99,555 a--sh--- c:\windows\system32\tepusiga.dll
2009-01-23 00:48 101,700 a--sh--- c:\windows\system32\zuzigiju.dll
2009-01-23 00:26 100,504 a--sh--- c:\windows\system32\fitomupo.dll
2009-01-23 00:26 85,742 -------- c:\windows\system32\hikenuse.dll
2009-01-22 12:07 100,508 a--sh--- c:\windows\system32\bukipuke.dll
2009-01-22 12:07 86,317 a--sh--- c:\windows\system32\zezosivi.dll
2008-12-20 17:37 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-20 11:06 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-20 10:17 60,064 a------- c:\windows\system32\drivers\fsdfw.sys
2008-11-27 20:34 87,608 a------- c:\users\util\appdata\roaming\inst.exe
2008-11-27 20:34 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-11-27 20:34 47,360 a------- c:\users\util\appdata\roaming\pcouffin.sys
2008-11-26 15:04 86,016 a------- c:\windows\system32\XmotsSHExt.dll
2008-11-23 13:24 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-17 14:52 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 04:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-11-01 02:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
2008-09-24 08:09 174 a--sh--- c:\program files\desktop.ini
2008-09-24 05:41 665,600 a------- c:\windows\inf\drvindex.dat
2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\duduhahi.dll
1601-01-01 01:12 70,237 a--sh--- c:\windows\system32\duvapame.dll
1601-01-01 01:12 70,237 a--sh--- c:\windows\system32\fovaseku.dll
1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\jejuvusu.dll
1601-01-01 01:12 70,357 a--sh--- c:\windows\system32\mubodigi.dll
1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\norozuse.dll
1601-01-01 01:12 70,357 a--sh--- c:\windows\system32\vatoteju.dll
1601-01-01 01:12 70,237 a--sh--- c:\windows\system32\watebebo.dll

============= FINISH: 9:57:54,20 ===============

| Alerter

Répondre à alpha_26

Sham_Rock

25 Janvier 2009 19:38:51

bonsoir
bien infecté...

Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

viens sur le forum et édition "coller"

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

| Alerter

Répondre à Sham_Rock

alpha_26

26 Janvier 2009 17:50:21

Bonsoir, alors c'est pas brillant tout ça. Je n'est pas réussi a utilisé combofix il cesse de fonctionné immédiatement en mode normal et sans échec. Pareil avec spybot impossible a lancé et impossible a réinstallé puisque il me met en ecran bleu "erreur" a la fin de l'installation. J'ai réussi a récupéré ma base de registre et mes options de dossiers avec hijackthis en fixant les lignes correspondantes. je te files les rapports tout neuf voila bon courage lol

DDS (Ver_09-01-19.01) - NTFSx86
Run by util at 18:32:04,79 on 26/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1032 [GMT 1:00]

AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
FW: Pack Securite Plus 7.00 *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files\Lexmark 5200 Series\ezprint.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Windows\system32\lxbtcoms.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\util\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.fr/
BHO: {0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - c:\windows\system32\duduhahi.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [lxbtmon.exe] "c:\program files\lexmark 5200 series\lxbtmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 5200 series\ezprint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [F-Secure Manager] "c:\program files\pack securite\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\pack securite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LXBTCATS] rundll32 \3\LXBTtime.dll,_RunDLLEntry@16
mRun: [vebohilori] Rundll32.exe "c:\windows\system32\jejuvusu.dll",s
dRun: [Jnskdfmf9eldfd] c:\windows\temp\csrssc.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
LSP: c:\program files\pack securite\fsps\program\fslsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\windows\system32\norozuse.dll c:\windows\system32\pidikayi.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pidikayi.dll
STS: {C5BF49A2-94F3-42BD-F434-3604812C8955} - No File
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pidikayi.dll
LSA: Notification Packages = scecli c:\windows\system32\norozuse.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnkjHxx

================= FIREFOX ===================

FF - ProfilePath - c:\users\util\appdata\roaming\mozilla\firefox\profiles\ty2p2323.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\pack securite\hips\fshs.sys [2008-12-20 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-12-20 35024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-12-20 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\pack securite\anti-virus\minifilter\fsvista.sys [2008-12-20 13168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\pack securite\anti-virus\minifilter\fsgk.sys [2008-12-20 59760]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\pack securite\anti-virus\win2k\fsfilter.sys [2008-12-20 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\pack securite\anti-virus\win2k\fsrec.sys [2008-12-20 25456]
S4 FCI;FCI;c:\windows\system32\fci.exe.exe:ext.exe --> c:\windows\system32\fci.exe.exe:ext.exe [?]
S4 ICF;ICF;c:\windows\system32\icf.exe.exe:ext.exe --> c:\windows\system32\icf.exe.exe:ext.exe [?]
S4 SrvCDEject;SrvCDEject;c:\program files\packard bell\srvCDEject.exe [2008-9-8 600064]

=============== Created Last 30 ================

2009-01-25 17:48 <DIR> --d----- c:\program files\a-squared Free
2009-01-25 13:28 223,893,955 a------- c:\windows\MEMORY.DMP
2009-01-24 21:34 120 ---sh--- c:\windows\system32\irivopas.ini
2009-01-24 19:06 <DIR> --d----- c:\programdata\NVIDIA
2009-01-24 18:57 <DIR> --d----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-24 18:57 <DIR> --d----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-24 18:57 <DIR> --d----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-24 18:57 <DIR> --d----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-24 14:07 3,636 a------- c:\windows\system32\drivers\nvphy.bin
2009-01-24 09:34 120 ---sh--- c:\windows\system32\ubabarob.ini
2009-01-23 00:49 120 ---sh--- c:\windows\system32\edojoyis.ini
2009-01-23 00:26 120 ---sh--- c:\windows\system32\esunekih.ini
2009-01-22 12:07 120 ---sh--- c:\windows\system32\ivisozez.ini
2009-01-22 12:01 <DIR> --d----- c:\program files\CCleaner
2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG2
2009-01-22 01:25 0 a---h--- C:\ntuser.dat.LOG1
2009-01-22 01:25 0 a------- C:\ntuser.dat
2009-01-21 23:12 507,400 a------- c:\windows\system32\XAudio2_1.dll
2009-01-21 23:12 238,088 a------- c:\windows\system32\xactengine3_1.dll
2009-01-21 23:12 65,032 a------- c:\windows\system32\XAPOFX1_0.dll
2009-01-21 23:12 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2009-01-21 23:12 467,984 a------- c:\windows\system32\d3dx10_38.dll
2009-01-21 23:12 25,608 a------- c:\windows\system32\X3DAudio1_4.dll
2009-01-21 23:12 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2009-01-21 23:10 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-01-21 23:10 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-01-21 23:10 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-01-21 23:10 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-01-20 21:42 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2009-01-20 21:42 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-01-15 08:48 90,112 a------- c:\windows\unvise32.exe
2009-01-15 08:48 <DIR> --d----- c:\program files\Pixie
2009-01-15 08:47 <DIR> a-d----- c:\program files\Furnish Pro
2009-01-14 19:22 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-09 17:17 <DIR> --d----- c:\programdata\Installations

==================== Find3M ====================

2009-01-25 21:38 101,542 a--sh--- c:\windows\system32\zisopola.dll
2009-01-25 09:38 87,169 a--sh--- c:\windows\system32\zevitedu.dll
2009-01-24 21:34 101,533 a--sh--- c:\windows\system32\nusuzefa.dll
2009-01-24 21:34 87,137 a--sh--- c:\windows\system32\sapoviri.dll
2009-01-24 19:13 688,024 a------- c:\windows\system32\perfh00C.dat
2009-01-24 19:13 131,996 a------- c:\windows\system32\perfc00C.dat
2009-01-24 14:07 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-24 14:07 51,200 a------- c:\windows\inf\infpub.dat
2009-01-24 14:07 86,016 a------- c:\windows\inf\infstor.dat
2009-01-24 09:34 99,555 a--sh--- c:\windows\system32\tepusiga.dll
2009-01-23 00:48 101,700 a--sh--- c:\windows\system32\zuzigiju.dll
2009-01-23 00:26 100,504 a--sh--- c:\windows\system32\fitomupo.dll
2009-01-23 00:26 85,742 -------- c:\windows\system32\hikenuse.dll
2009-01-22 12:07 100,508 a--sh--- c:\windows\system32\bukipuke.dll
2009-01-22 12:07 86,317 a--sh--- c:\windows\system32\zezosivi.dll
2008-12-20 17:37 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-20 11:06 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-20 10:17 60,064 a------- c:\windows\system32\drivers\fsdfw.sys
2008-11-27 20:34 87,608 a------- c:\users\util\appdata\roaming\inst.exe
2008-11-27 20:34 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-11-27 20:34 47,360 a------- c:\users\util\appdata\roaming\pcouffin.sys
2008-11-26 15:04 86,016 a------- c:\windows\system32\XmotsSHExt.dll
2008-11-23 13:24 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-17 14:52 111,928 a------- c:\windows\system32\PnkBstrB.exe
2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 04:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-11-01 02:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
2008-09-24 08:09 174 a--sh--- c:\program files\desktop.ini
2008-09-24 05:41 665,600 a------- c:\windows\inf\drvindex.dat
2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2008-09-09 02:06 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2008-09-09 02:06 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
1601-01-01 01:12 70,215 a--sh--- c:\windows\system32\norozuse.dll

============= FINISH: 18:33:47,73 ===============

Logfile of HijackThis v1.99.1
Scan saved at 18:35:33, on 26/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files\Lexmark 5200 Series\ezprint.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\notepad.exe
C:\Users\util\Desktop\ComboFix.exe
C:\Users\util\Desktop\Nouveau dossier\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - C:\Windows\system32\duduhahi.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXBTCATS] rundll32 \3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [vebohilori] Rundll32.exe "C:\Windows\system32\jejuvusu.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL C:\Windows\system32\norozuse.dll c:\windows\system32\pidikayi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pidikayi.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: FCI - Unknown owner - C:\Windows\system32\fci.exe.exe:ext.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\Windows\system32\icf.exe.exe:ext.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

| Alerter

Répondre à alpha_26

Sham_Rock

26 Janvier 2009 19:39:20

bonsoir
on va feinter pour combofix...
tu vas le prendre sur ce lien:
http://www.sendspace.com/file/43qjpt

je l'ai dl chez moi et renommé pour leurrer l'infection, ça va marcher ;O)

| Alerter

Répondre à Sham_Rock

alpha_26

26 Janvier 2009 20:42:32

Bingo, bon on doit être sur la bonne voie sa marché je te files le rapport:

ComboFix 09-01-21.04 - util 2009-01-26 21:21:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.964 [GMT 1:00]
Lancé depuis: c:\users\util\Desktop\Comboalpha26.exe
AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
FW: Pack Securite Plus 7.00 *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\util\AppData\Roaming\inst.exe
c:\windows\system32\drivers\TDSSmccb.sys
c:\windows\system32\norozuse.dll
c:\windows\system32\TDSScrrx.dll
c:\windows\system32\TDSSfopt.log
c:\windows\system32\TDSSmbcb.dat
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSwqsc.dll
c:\windows\Tasks\mowwassq.job

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSSERV.SYS
-------\Service_FCI
-------\Service_ICF

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.

2009-01-25 17:48 . 2009-01-26 18:58 <REP> d-------- c:\program files\a-squared Free
2009-01-25 13:28 . 2009-01-25 13:29 223,893,955 --a------ c:\windows\MEMORY.DMP
2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\users\All Users\NVIDIA
2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\programdata\NVIDIA
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-24 14:07 . 2007-11-17 23:22 3,636 --a------ c:\windows\System32\drivers\nvphy.bin
2009-01-24 14:00 . 2009-01-24 14:00 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-24 13:59 . 2009-01-24 14:03 <REP> d-------- c:\windows\BDOSCAN8
2009-01-22 12:01 . 2009-01-22 12:01 <REP> d-------- c:\program files\CCleaner
2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG2
2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG1
2009-01-22 01:25 . 2009-01-22 01:25 0 --a------ C:\ntuser.dat
2009-01-21 23:12 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-01-21 23:12 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-01-21 23:12 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-01-21 23:12 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-01-21 23:12 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-01-21 23:12 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-01-21 23:12 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-01-21 23:10 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-01-21 23:10 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-01-21 23:10 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-01-21 23:10 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll
2009-01-20 21:42 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2009-01-20 21:42 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
2009-01-15 08:48 . 2009-01-15 08:48 <REP> d-------- c:\program files\Pixie
2009-01-15 08:48 . 2008-01-30 17:36 90,112 --a------ c:\windows\unvise32.exe
2009-01-15 08:47 . 2009-01-15 08:48 <REP> d-a------ c:\program files\Furnish Pro
2009-01-14 19:22 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\users\All Users\Installations
2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\programdata\Installations

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 17:52 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-23 23:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-23 22:59 --------- d-----w c:\program files\Soldier of Fortune II - Double Helix
2009-01-23 18:38 --------- d-----w c:\program files\Lx_cats
2009-01-23 10:48 --------- d-----w c:\users\util\AppData\Roaming\OFFICEOne7
2009-01-21 22:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 22:19 --------- d-----w c:\program files\eMule
2009-01-18 09:53 --------- d-----w c:\program files\Google
2009-01-15 02:04 --------- d-----w c:\program files\Windows Mail
2009-01-11 10:20 --------- d-----w c:\users\util\AppData\Roaming\vlc
2009-01-10 08:02 --------- d-----w c:\users\util\AppData\Roaming\Vso
2009-01-09 17:05 --------- d-----w c:\program files\Nokia
2009-01-09 16:57 --------- d-----w c:\program files\Common Files\Nokia
2009-01-08 20:25 --------- d-----w c:\users\util\AppData\Roaming\dvdcss
2008-12-21 08:08 --------- d-----w c:\programdata\Micro Application
2008-12-21 08:08 --------- d-----w c:\program files\Micro Application
2008-12-20 16:37 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-12-20 10:06 --------- d-----w c:\program files\Java
2008-12-20 09:36 --------- d-----w c:\program files\Pack Securite
2008-12-20 09:17 60,064 ----a-w c:\windows\system32\drivers\fsdfw.sys
2008-12-20 07:55 --------- d-----w c:\programdata\F-Secure
2008-12-20 07:53 --------- d-----w c:\programdata\fssg
2008-12-20 07:14 --------- d-----w c:\users\util\AppData\Roaming\F-Secure
2008-12-16 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-16 09:54 --------- d-----w c:\programdata\Symantec
2008-11-27 20:24 --------- d-----w c:\programdata\vsosdk
2008-11-27 19:34 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-27 19:34 47,360 ----a-w c:\users\util\AppData\Roaming\pcouffin.sys
2008-11-27 19:34 --------- d-----w c:\program files\VSO
2008-11-26 17:23 --------- d-----w c:\program files\Les mots fléchés
2008-11-26 14:00 --------- d-----w c:\program files\VideoLAN
2008-11-26 07:33 --------- d-----w c:\program files\Common Files\Adobe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-09-24 07:09 174 --sha-w c:\program files\desktop.ini
2008-09-08 15:53 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"lxbtmon.exe"="c:\program files\Lexmark 5200 Series\lxbtmon.exe" [2007-05-03 230320]
"EzPrint"="c:\program files\Lexmark 5200 Series\ezprint.exe" [2007-05-03 103344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G,c:\windows\system32\norozuse.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
backup=c:\windows\pss\OFFICE One Startup v7.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a------ 2007-01-18 13:03 79416 c:\program files\Packard Bell\FIJI\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-08 16:53 243200 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 11:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 15:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-02-21 02:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-01-11 10:40 232184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--a------ 2007-05-03 14:44 1116728 c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-01-18 10:54 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-09-26 14:50 206184 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 17:20 28672 c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3729243398-3042036631-2498703042-1002]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{680A32AE-C416-4BDB-B095-C113F211C852}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{23D12DBC-625C-4DAA-AAAC-98FF72C7C5EE}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{5186EFA6-5EE1-4FCF-8539-8BCC120A2CF7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D9A2403E-984E-40D8-B995-D4B693143A9F}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{A3CD637A-3E14-4506-A957-BFB12226EC77}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{DC7E2D74-E3E3-4395-8BB4-B42ED6D47B47}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9593063C-D537-471C-AD40-6093F583F5E3}"= UDP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
"{2047EB65-76C7-4889-95B9-D14901F17B5C}"= TCP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
"{3ECD2FBB-0259-4992-B896-79B4029EC43E}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe

rinter Status Window
"{3EC4A850-6A01-47FE-BFB9-BCFC889CB9C1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe

rinter Status Window
"{7036B6EE-4D48-4463-96F8-34F87914FA8E}"= UDP:c:\program files\Internet Explorer\iexplore.exe:iexplore
"{50E5DE7B-A8DD-4A8D-98C9-1552F6A990D7}"= TCP:c:\program files\Internet Explorer\iexplore.exe:iexplore
"{2DFC8131-C28F-47ED-A007-306F63C35C60}"= UDP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
"{0F1CD687-EEFF-4044-BECD-4F6D92C2EAF1}"= TCP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
"{1E7B515D-697F-456B-AFCD-29D087C02D68}"= UDP:c:\windows\System32\rundll32.exe:rundll32
"{9F2F7BD7-7105-4C01-98B2-719C70FE8F04}"= TCP:c:\windows\System32\rundll32.exe:rundll32
"{775CAC2B-6703-4BC5-95FE-6F16E8EF29F1}"= UDP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
"{0B6EA1EC-1459-46CC-A407-1EF4A45B9414}"= TCP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
"{942490DD-63E5-4729-AC2E-14EE25C6B413}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{877ED7C0-F1B8-490A-B0DA-D1D68C1BD9D8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CE9373E8-6AD5-4455-92F3-20113389DBBB}"= UDP:c:\windows\System32\wininit.exe:wininit
"{54BE0E2F-8E6C-4ECE-9A02-1F8CD55C8CF5}"= TCP:c:\windows\System32\wininit.exe:wininit
"{9F215583-7F07-4B26-B196-E5A6D39F57F9}"= UDP:c:\windows\ehome\ehtray.exe:ehtray
"{BCF5C20B-E6F2-425F-B2B5-B873E429A127}"= TCP:c:\windows\ehome\ehtray.exe:ehtray
"{2BA1F312-37F1-40FE-9C48-E6EACA30BBF7}"= UDP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
"{EBED74A1-1D04-488A-9B73-4C6B8B4BCA46}"= TCP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
"{3E277C36-DE00-4FB1-B2BF-2222822948BD}"= UDP:c:\windows\explorer.exe:Explorer
"{7852D5E1-2DE0-40D5-ABFC-C38F140C67FD}"= TCP:c:\windows\explorer.exe:Explorer
"{D0DF695D-F71E-46CF-B9C7-5C6F3114710D}"= UDP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR
"{B95B7272-17B4-4762-B01D-9933AE32A4A0}"= TCP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-12-20 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-12-20 35024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-12-20 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Pack Securite\Anti-Virus\minifilter\fsvista.sys [2008-12-20 13168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2008-12-20 59760]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [2008-12-20 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [2008-12-20 25456]
S4 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\srvCDEject.exe [2008-09-08 600064]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e20112d-939b-11dd-a12e-001731745480}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-26 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2008-10-01 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

2009-01-16 c:\windows\Tasks\Norton Internet Security - Analyse système complète - util.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2009-01-26 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2009-01-26 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-04-26 12:42]

2009-01-26 c:\windows\Tasks\User_Feed_Synchronization-{4E06830C-DA2B-42FC-BD3F-5E0F210D75AD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{0849d50c-aefe-4a8e-ac78-cbaef903dfd4} - c:\windows\system32\duduhahi.dll
HKLM-Run-LXBTCATS - \3\LXBTtime.dll
HKLM-Run-vebohilori - c:\windows\system32\jejuvusu.dll
SharedTaskScheduler-{C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pidikayi.dll
MSConfigStartUp-7050902c - c:\windows\system32\siyojode.dll
MSConfigStartUp-CPM7363a3b0 - c:\windows\system32\pidikayi.dll
MSConfigStartUp-Jnskdfmf9eldfd - c:\users\util\AppData\Local\Temp\csrssc.exe
MSConfigStartUp-vebohilori - c:\windows\system32\jejuvusu.dll
MSConfigStartUp-wpiqjz - c:\users\util\appdata\local\wpiqjz.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
LSP: c:\program files\Pack Securite\FSPS\program\fslsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\util\AppData\Roaming\Mozilla\Firefox\Profiles\ty2p2323.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 21:27:49
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 \3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3628)
c:\program files\Pack Securite\Spam Control\fsscoepl.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\conime.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Pack Securite\Anti-Virus\fsgk32st.exe
c:\program files\Pack Securite\Common\FSMA32.EXE
c:\program files\Pack Securite\Anti-Virus\fsgk32.exe
c:\windows\System32\lxbtcoms.exe
c:\program files\Pack Securite\Common\FSMB32.EXE
c:\program files\Pack Securite\Common\FCH32.EXE
c:\windows\System32\rundll32.exe
c:\program files\Pack Securite\Common\FAMEH32.EXE
c:\program files\Pack Securite\Anti-Virus\fsqh.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Pack Securite\Anti-Virus\fssm32.exe
c:\program files\Pack Securite\FSAUA\program\fsaua.exe
c:\program files\Pack Securite\FWES\program\fsdfwd.exe
c:\program files\Pack Securite\FSAUA\program\fsus.exe
c:\program files\Pack Securite\FSGUI\fsguidll.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Pack Securite\Anti-Virus\fsav32.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-01-26 21:32:46 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-26 20:32:32

Avant-CF: 392,516,911,104 octets libres
Après-CF: 392,249,987,072 octets libres

323 --- E O F --- 2009-01-24 13:07:53

| Alerter

Répondre à alpha_26

Sham_Rock

27 Janvier 2009 20:31:49

re

1

Copie (Ctrl+C) le texte ci-dessous :

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :

Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
~~~~ Fais redémarrer ton ordinateur normalement et poste le rapport dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!

[#FF0000]Aide :

Comment utiliser MBAM.

Comment faire démarrer son ordinateur en mode sans échec.

| Alerter

Répondre à Sham_Rock

alpha_26

27 Janvier 2009 23:33:56

re,
Me revoilà au rapport!! Alors encore et encore des suppressions, mais il fait quoi mon antivirus!!??J'ai un petit souci qui est apparu:
j'ai plus de fond d'écran (a moins qu'on imagine un trou noir lol) et je n'est plus l'aperçu en miniature des images dans l'explorateur pareil pour choisir le fond d'écran du bureau je ne vois pas l'aperçu de mes images ou même des fond d'écran windows.Oula je sait pas si tu ma suivi mais bon si ta une piste

Question bête je suis injecté par quoi??!!J'ai attrapé ça en installant un crack(hoo po bien) ça m'apprendra!!!eh pan lol

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1699
Windows 6.0.6001 Service Pack 1

27/01/2009 23:50:00
mbam-log-2009-01-27 (23-50-00).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 143825
Temps écoulé: 29 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\Windows\System32\TDSScrrx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\TDSStmei.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\TDSSwqsc.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

_____________________________________________________________________________________________________

ComboFix 09-01-21.04 - util 2009-01-27 22:20:23.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1258 [GMT 1:00]
Lancé depuis: c:\users\util\Desktop\Comboalpha26.exe
Commutateurs utilisés :: c:\users\util\Desktop\CFScript.txt
AV: Pack Securite Plus 7.00 *On-access scanning disabled* (Updated)
FW: Pack Securite Plus 7.00 *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 ))))))))))))))))))))))))))))))))))))
.

2009-01-27 13:57 . 2009-01-27 13:57 <REP> d-------- c:\users\util\AppData\Roaming\XnView
2009-01-27 13:46 . 2009-01-27 14:00 <REP> d-------- c:\program files\XnView
2009-01-25 17:48 . 2009-01-26 18:58 <REP> d-------- c:\program files\a-squared Free
2009-01-25 13:28 . 2009-01-25 13:29 223,893,955 --a------ c:\windows\MEMORY.DMP
2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\users\All Users\NVIDIA
2009-01-24 19:06 . 2009-01-24 19:06 <REP> d-------- c:\programdata\NVIDIA
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-24 18:57 . 2009-01-24 18:57 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-01-24 14:07 . 2007-11-17 23:22 3,636 --a------ c:\windows\System32\drivers\nvphy.bin
2009-01-24 14:00 . 2009-01-24 14:00 <REP> d-------- c:\program files\Microsoft Silverlight
2009-01-24 13:59 . 2009-01-24 14:03 <REP> d-------- c:\windows\BDOSCAN8
2009-01-22 12:01 . 2009-01-22 12:01 <REP> d-------- c:\program files\CCleaner
2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG2
2009-01-22 01:25 . 2009-01-23 21:06 0 --ah----- C:\ntuser.dat.LOG1
2009-01-22 01:25 . 2009-01-22 01:25 0 --a------ C:\ntuser.dat
2009-01-21 23:12 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2009-01-21 23:12 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2009-01-21 23:12 . 2008-05-30 14:19 507,400 --a------ c:\windows\System32\XAudio2_1.dll
2009-01-21 23:12 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2009-01-21 23:12 . 2008-05-30 14:18 238,088 --a------ c:\windows\System32\xactengine3_1.dll
2009-01-21 23:12 . 2008-05-30 14:17 65,032 --a------ c:\windows\System32\XAPOFX1_0.dll
2009-01-21 23:12 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2009-01-21 23:10 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-01-21 23:10 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2009-01-21 23:10 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2009-01-21 23:10 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll
2009-01-20 21:42 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2009-01-20 21:42 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
2009-01-15 08:48 . 2009-01-27 13:08 <REP> d-------- c:\program files\Pixie
2009-01-15 08:48 . 2008-01-30 17:36 90,112 --a------ c:\windows\unvise32.exe
2009-01-15 08:47 . 2009-01-27 13:08 <REP> d-a------ c:\program files\Furnish Pro
2009-01-14 19:22 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\users\All Users\Installations
2009-01-09 17:17 . 2009-01-09 17:17 <REP> d-------- c:\programdata\Installations

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 12:08 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-27 12:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-23 22:59 --------- d-----w c:\program files\Soldier of Fortune II - Double Helix
2009-01-23 18:38 --------- d-----w c:\program files\Lx_cats
2009-01-23 10:48 --------- d-----w c:\users\util\AppData\Roaming\OFFICEOne7
2009-01-21 22:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 22:19 --------- d-----w c:\program files\eMule
2009-01-18 09:53 --------- d-----w c:\program files\Google
2009-01-15 02:04 --------- d-----w c:\program files\Windows Mail
2009-01-11 10:20 --------- d-----w c:\users\util\AppData\Roaming\vlc
2009-01-10 08:02 --------- d-----w c:\users\util\AppData\Roaming\Vso
2009-01-09 17:05 --------- d-----w c:\program files\Nokia
2009-01-09 16:57 --------- d-----w c:\program files\Common Files\Nokia
2009-01-08 20:25 --------- d-----w c:\users\util\AppData\Roaming\dvdcss
2008-12-21 08:08 --------- d-----w c:\programdata\Micro Application
2008-12-21 08:08 --------- d-----w c:\program files\Micro Application
2008-12-20 16:37 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2008-12-20 10:06 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-20 10:06 --------- d-----w c:\program files\Java
2008-12-20 09:36 --------- d-----w c:\program files\Pack Securite
2008-12-20 09:17 60,064 ----a-w c:\windows\system32\drivers\fsdfw.sys
2008-12-20 07:55 --------- d-----w c:\programdata\F-Secure
2008-12-20 07:53 --------- d-----w c:\programdata\fssg
2008-12-20 07:14 --------- d-----w c:\users\util\AppData\Roaming\F-Secure
2008-12-16 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-16 09:54 --------- d-----w c:\programdata\Symantec
2008-11-27 20:24 --------- d-----w c:\programdata\vsosdk
2008-11-27 19:34 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-27 19:34 47,360 ----a-w c:\users\util\AppData\Roaming\pcouffin.sys
2008-11-27 19:34 --------- d-----w c:\program files\VSO
2008-11-26 14:04 86,016 ----a-w c:\windows\System32\XmotsSHExt.dll
2008-11-23 12:24 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-17 13:52 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-09-24 07:09 174 --sha-w c:\program files\desktop.ini
2008-09-08 15:53 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-26_21.30.25.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-27 20:16:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-27 20:16:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-01-26 20:27:29 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-27 20:18:43 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-01-27 20:18:43 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-01-26 20:27:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-27 20:18:38 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-01-27 20:18:38 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-01-26 18:20:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-27 08:02:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-26 18:20:08 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-27 08:02:23 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-26 18:20:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-27 08:02:23 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-26 20:14:17 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-01-27 12:08:41 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-01-26 20:21:49 10,432 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3729243398-3042036631-2498703042-1002_UserData.bin
+ 2009-01-27 20:18:28 10,782 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3729243398-3042036631-2498703042-1002_UserData.bin
- 2009-01-26 20:21:49 75,860 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-01-27 20:18:28 76,334 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-01-26 20:21:46 57,702 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-01-27 20:18:28 58,354 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-24 12:37:45 150,381,073 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-27 12:31:58 150,920,980 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"lxbtmon.exe"="c:\program files\Lexmark 5200 Series\lxbtmon.exe" [2007-05-03 230320]
"EzPrint"="c:\program files\Lexmark 5200 Series\ezprint.exe" [2007-05-03 103344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OFFICE One Startup v7.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OFFICE One Startup v7.lnk
backup=c:\windows\pss\OFFICE One Startup v7.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a------ 2007-01-18 13:03 79416 c:\program files\Packard Bell\FIJI\ABoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-08 16:53 243200 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 11:36 229376 c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 15:21 1449984 c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-02-21 02:18 366400 c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-01-11 10:40 232184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
--a------ 2007-05-03 14:44 1116728 c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-01-18 10:54 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-09-26 14:50 206184 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-20 17:20 28672 c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3729243398-3042036631-2498703042-1002]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{680A32AE-C416-4BDB-B095-C113F211C852}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{23D12DBC-625C-4DAA-AAAC-98FF72C7C5EE}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{5186EFA6-5EE1-4FCF-8539-8BCC120A2CF7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D9A2403E-984E-40D8-B995-D4B693143A9F}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{A3CD637A-3E14-4506-A957-BFB12226EC77}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{DC7E2D74-E3E3-4395-8BB4-B42ED6D47B47}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9593063C-D537-471C-AD40-6093F583F5E3}"= UDP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
"{2047EB65-76C7-4889-95B9-D14901F17B5C}"= TCP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
"{3ECD2FBB-0259-4992-B896-79B4029EC43E}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe

rinter Status Window
"{3EC4A850-6A01-47FE-BFB9-BCFC889CB9C1}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbtpswx.exe

rinter Status Window
"{7036B6EE-4D48-4463-96F8-34F87914FA8E}"= UDP:c:\program files\Internet Explorer\iexplore.exe:iexplore
"{50E5DE7B-A8DD-4A8D-98C9-1552F6A990D7}"= TCP:c:\program files\Internet Explorer\iexplore.exe:iexplore
"{2DFC8131-C28F-47ED-A007-306F63C35C60}"= UDP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
"{0F1CD687-EEFF-4044-BECD-4F6D92C2EAF1}"= TCP:c:\program files\Pack Securite\FSGUI\quaranti.exe:QUARANTI
"{1E7B515D-697F-456B-AFCD-29D087C02D68}"= UDP:c:\windows\System32\rundll32.exe:rundll32
"{9F2F7BD7-7105-4C01-98B2-719C70FE8F04}"= TCP:c:\windows\System32\rundll32.exe:rundll32
"{775CAC2B-6703-4BC5-95FE-6F16E8EF29F1}"= UDP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
"{0B6EA1EC-1459-46CC-A407-1EF4A45B9414}"= TCP:c:\program files\Lexmark 5200 Series\ezprint.exe:ezprint
"{942490DD-63E5-4729-AC2E-14EE25C6B413}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{877ED7C0-F1B8-490A-B0DA-D1D68C1BD9D8}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{CE9373E8-6AD5-4455-92F3-20113389DBBB}"= UDP:c:\windows\System32\wininit.exe:wininit
"{54BE0E2F-8E6C-4ECE-9A02-1F8CD55C8CF5}"= TCP:c:\windows\System32\wininit.exe:wininit
"{9F215583-7F07-4B26-B196-E5A6D39F57F9}"= UDP:c:\windows\ehome\ehtray.exe:ehtray
"{BCF5C20B-E6F2-425F-B2B5-B873E429A127}"= TCP:c:\windows\ehome\ehtray.exe:ehtray
"{2BA1F312-37F1-40FE-9C48-E6EACA30BBF7}"= UDP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
"{EBED74A1-1D04-488A-9B73-4C6B8B4BCA46}"= TCP:c:\program files\Pack Securite\FWES\program\fsdfwd.exe:fsdfwd
"{3E277C36-DE00-4FB1-B2BF-2222822948BD}"= UDP:c:\windows\explorer.exe:Explorer
"{7852D5E1-2DE0-40D5-ABFC-C38F140C67FD}"= TCP:c:\windows\explorer.exe:Explorer
"{D0DF695D-F71E-46CF-B9C7-5C6F3114710D}"= UDP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR
"{B95B7272-17B4-4762-B01D-9933AE32A4A0}"= TCP:c:\comboalpha26\FINDSTR.cfexe:FINDSTR

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite\HIPS\fshs.sys [2008-12-20 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-12-20 35024]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-12-20 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Pack Securite\Anti-Virus\minifilter\fsvista.sys [2008-12-20 13168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2008-12-20 59760]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite\Anti-Virus\win2k\fsfilter.sys [2008-12-20 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite\Anti-Virus\win2k\fsrec.sys [2008-12-20 25456]
S4 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\srvCDEject.exe [2008-09-08 600064]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e20112d-939b-11dd-a12e-001731745480}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-27 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2008-10-01 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

2009-01-16 c:\windows\Tasks\Norton Internet Security - Analyse système complète - util.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2009-01-27 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2009-01-27 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PACKSE~1\ANTI-V~1\fsav.exe [2007-04-26 12:42]

2009-01-27 c:\windows\Tasks\User_Feed_Synchronization-{4E06830C-DA2B-42FC-BD3F-5E0F210D75AD}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.fr/
LSP: c:\program files\Pack Securite\FSPS\program\fslsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\util\AppData\Roaming\Mozilla\Firefox\Profiles\ty2p2323.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 22:23:03
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4300)
c:\program files\Pack Securite\Spam Control\fsscoepl.dll
.
Heure de fin: 2009-01-27 22:26:01
ComboFix-quarantined-files.txt 2009-01-27 21:25:55
ComboFix2.txt 2009-01-26 20:32:47

Avant-CF: 387 810 422 784 octets libres
Après-CF: 387,815,870,464 octets libres

292 --- E O F --- 2009-01-27 20:25:08

| Alerter

Répondre à alpha_26

alpha_26

27 Janvier 2009 23:54:22

Te creuse pas la tête pour mon souci de fond d'écran et de miniature sa vient de se remettre en ordre pourtant j'ai rien fait mystère!!!!!!!!!peut être les scans ont remis ça en place.merci encore de m'aider

| Alerter

Répondre à alpha_26

Sham_Rock

28 Janvier 2009 16:39:58

bonjour
on continue...
Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

Autorise les Active x.

Clique sur Démarrer Online Scanner.

Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.

Colle son rapport ici.

Poste un nouveau rapport Hijackthis.

Aide : Comment faire un scan en ligne avec Kaspersky .

| Alerter

Répondre à Sham_Rock

alpha_26

29 Janvier 2009 09:35:33

bonjour,
alors voilà les rapports:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 28, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 28, 2009 17:04:02
Records in database: 1721069
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
K:\

Scan statistics:
Files scanned: 104583
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:08:00

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\drivers\__.zip Infected: Backdoor.Win32.TDSS.bkw 1
C:\Windows\System32\sapoviri.0ll Infected: Backdoor.Win32.Agent.adbl 1

The selected area was scanned.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 28, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, January 28, 2009 19:46:32
Records in database: 1721477
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\Windows\System32

Scan statistics:
Files scanned: 18090
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:18:03

File name / Threat name / Threats count
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK2YHIJG\pldr8[2].htm Infected: Trojan-Downloader.Win32.Agent.bflj 1
C:\Windows\System32\sapoviri.0ll Infected: Backdoor.Win32.Agent.adbl 1

The selected area was scanned.
_____________________________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 10:26:04, on 29/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files\Lexmark 5200 Series\ezprint.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\util\Desktop\Nouveau dossier\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\pack securite\fsps\program\fslsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

voili voilou merci encore

| Alerter

Répondre à alpha_26

Sham_Rock

29 Janvier 2009 13:11:21

re
supprime:
C:\Qoobox
C:\Windows\System32\sapoviri.0ll

~Télécharge CCleaner:

http://www.filehippo.com/download_ccleaner/

~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html

d'autres soucis?

| Alerter

Répondre à Sham_Rock

alpha_26

29 Janvier 2009 13:34:30

re,
voilà j'ai supprimé le dossier:c:\qoobox et l'autre m*rde dans system32 non j'ai pas d'autre souci et je te remercie encore de m'avoir aidé.

| Alerter

Répondre à alpha_26

Sham_Rock

29 Janvier 2009 13:38:18

re
Supprime tous les programmes installés pour la désinfection.

Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.

Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

:hello:

| Alerter

Répondre à Sham_Rock

alpha_26

29 Janvier 2009 14:27:22

re,désolé de t'embeté encore un peu lol
J'ai pas compris ce qu'il faut que je supprime. J'ai ccleaner, hijackthis, spybot, mbam,a-squared, combofix, dds et catchme.
merci encore

| Alerter

Répondre à alpha_26

Sham_Rock

29 Janvier 2009 21:42:57

re
supprime/désinstalle:
hijackthis, spybot, a-squared, combofix, dds et catchme.
garde:
CCleaner, MBAM

:hello:

| Alerter

Répondre à Sham_Rock

Tom's guide dans le monde