Aidez moi svp je pense etre infecter

bonjour je pense etre infecter suite a des analyses en ligne ils me dis que j suis infecter
voila le raport hijacthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:47, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\DOCUME~1\home\LOCALS~1\Temp\fsonlinescanner.exe
D:\DOCUME~1\home\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
D:\DOCUME~1\home\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
D:\Documents and Settings\home\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.neufportail.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU build 1105
O4 - HKLM…\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [SSBkgdUpdate] “C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM…\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [ISUSScheduler] “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [DNS7reminder] “C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe” -r "D:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [RocketDock] “C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe”
O4 - HKCU…\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” /automount
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: Barre RoboForm - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com…
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - download.eset.com…
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - download.sp.f-secure.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com…
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe


End of file - 11934 bytes


;la c ets le raport d activescan *

ANALYSIS: 2009-05-27 10:23:36
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1335 [VPS 090526-0] 4.8.1335 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00013869 adware/cydoor Adware No 0 Yes No c:\windows\cdmxtras
00287187 rootkit/mhook HackTools No 0 Yes No hkey_local_machine\system\currentcontrolset\services\m_hook
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1042\A0347652.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
Yes C:\System Volume Information_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1025\A0341811.msi[unk_0071][hprbuires.dll12]
Yes C:\System Volume Information_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP1061\A0351016.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


la c est celui de findykill

############################## [ FindyKill V4.730 ]

User : home (Administrateurs) # SN115002420319

Update on 25/05/09 by Chiquitine29

Start at: 11:12:34 | 27/05/2009

Website : pagesperso-orange.fr…

Intel® Pentium® 4 CPU 3.06GHz

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : avast! antivirus 4.8.1335 [VPS 090526-0] 4.8.1335 [ Enabled | Updated ]

C:\ # Disque fixe local # 37,8 Go (1,35 Go free) [HDD] # NTFS

D:\ # Disque fixe local # 195,08 Go (72,82 Go free) [DATA] # NTFS

E:\ # Disque CD-ROM

F:\ # Disque amovible

G:\ # Disque amovible

H:\ # Disque amovible

I:\ # Disque amovible

J:\ # Disque CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\svchost.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files \ Folders ]

Deleted ! C:\WINDOWS\Prefetch\PATCH.EXE-35C66B6B.pf

################## [ Infected Temp Files ]

################## [ Registry / Infected keys ]

Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SK9OU0S
Deleted ! HKEY_USERS\S-1-5-21-2191374459-2331453074-770814102-1008\Software\MuleAppData

################## [ Cleaning Removable drives ]

Deleted ! C:\InfoSat.txt
Deleted ! D:\Avenger

################## [ Registry / Mountpoint2 ]

-> Not found !

################## [ States / Restarting of services ]

Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio -> # Type of startup =3

EapHost -> # Type of startup =2

Ip6Fw -> # Type of startup =2

SharedAccess -> # Type of startup =2

wuauserv -> # Type of startup =2

wscsvc -> # Type of startup =2

################## [ Searching Other Infections ]

Références de comparaison Bagle MD5 :

File … : D:\Avenger\winupgro.exe
CRC32 … : 1437e8d7
MD5 … : aa3cbe678c8b66069a82c644dd6fd33d

-> Nothing found.

################## [ Corrupted files # Re-Installation required ]

C:\Program Files\Fichiers communs\PAC7302\Monitor.exe
C:\Program Files\Fichiers communs\PAC7302\PXIINST32\Remover.exe
C:\Program Files\Fichiers communs\PAC7302\PXIINST64\Remover.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
C:\Program Files\Samsung\Samsung PC Studio 3\LiveUpdate.exe
C:\Program Files\Samsung\Samsung PC Studio 3\Update\LiveUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Ubisoft\Register\register.exe
C:\WINDOWS$hf_mig$\KB873339\update\update.exe
C:\WINDOWS$hf_mig$\KB885250\update\update.exe
C:\WINDOWS$hf_mig$\KB885835\update\update.exe
C:\WINDOWS$hf_mig$\KB885836\update\update.exe
C:\WINDOWS$hf_mig$\KB886185\update\update.exe
C:\WINDOWS$hf_mig$\KB887472\update\update.exe
C:\WINDOWS$hf_mig$\KB887742\update\update.exe
C:\WINDOWS$hf_mig$\KB888113\update\update.exe
C:\WINDOWS$hf_mig$\KB888302\update\update.exe
C:\WINDOWS$hf_mig$\KB890046\update\update.exe
C:\WINDOWS$hf_mig$\KB890859\update\update.exe
C:\WINDOWS$hf_mig$\KB891781\update\update.exe
C:\WINDOWS$hf_mig$\KB893066\update\update.exe
C:\WINDOWS$hf_mig$\KB893756\update\update.exe
C:\WINDOWS$hf_mig$\KB894391\update\update.exe
C:\WINDOWS$hf_mig$\KB896358\update\update.exe
C:\WINDOWS$hf_mig$\KB896422\update\update.exe
C:\WINDOWS$hf_mig$\KB896423\update\update.exe
C:\WINDOWS$hf_mig$\KB896424\update\update.exe
C:\WINDOWS$hf_mig$\KB896428\update\update.exe
C:\WINDOWS$hf_mig$\KB898461\update\update.exe
C:\WINDOWS$hf_mig$\KB899587\update\update.exe
C:\WINDOWS$hf_mig$\KB899591\update\update.exe
C:\WINDOWS$hf_mig$\KB900485\update\update.exe
C:\WINDOWS$hf_mig$\KB900725\update\update.exe
C:\WINDOWS$hf_mig$\KB901017\update\update.exe
C:\WINDOWS$hf_mig$\KB901190\update\update.exe
C:\WINDOWS$hf_mig$\KB901214\update\update.exe
C:\WINDOWS$hf_mig$\KB902400\update\update.exe
C:\WINDOWS$hf_mig$\KB904706\update\update.exe
C:\WINDOWS$hf_mig$\KB904942\update\update.exe
C:\WINDOWS$hf_mig$\KB905414\update\update.exe
C:\WINDOWS$hf_mig$\KB905749\update\update.exe
C:\WINDOWS$hf_mig$\KB905915\update\update.exe
C:\WINDOWS$hf_mig$\KB908519\update\update.exe
C:\WINDOWS$hf_mig$\KB908531\update\update.exe
C:\WINDOWS$hf_mig$\KB910437\update\update.exe
C:\WINDOWS$hf_mig$\KB911280\update\update.exe
C:\WINDOWS$hf_mig$\KB911562\update\update.exe
C:\WINDOWS$hf_mig$\KB911927\update\update.exe
C:\WINDOWS$hf_mig$\KB912919\update\update.exe
C:\WINDOWS$hf_mig$\KB913580\update\update.exe
C:\WINDOWS$hf_mig$\KB914388\update\update.exe
C:\WINDOWS$hf_mig$\KB914389\update\update.exe
C:\WINDOWS$hf_mig$\KB915865\update\update.exe
C:\WINDOWS$hf_mig$\KB916595\update\update.exe
C:\WINDOWS$hf_mig$\KB917344\update\update.exe
C:\WINDOWS$hf_mig$\KB917422\update\update.exe
C:\WINDOWS$hf_mig$\KB917953\update\update.exe
C:\WINDOWS$hf_mig$\KB918118\update\update.exe
C:\WINDOWS$hf_mig$\KB918439\update\update.exe
C:\WINDOWS$hf_mig$\KB919007\update\update.exe
C:\WINDOWS$hf_mig$\KB920213\update\update.exe
C:\WINDOWS$hf_mig$\KB920670\update\update.exe
C:\WINDOWS$hf_mig$\KB920683\update\update.exe
C:\WINDOWS$hf_mig$\KB920685\update\update.exe
C:\WINDOWS$hf_mig$\KB920872\update\update.exe
C:\WINDOWS$hf_mig$\KB921398\update\update.exe
C:\WINDOWS$hf_mig$\KB921503\update\update.exe
C:\WINDOWS$hf_mig$\KB922582\update\update.exe
C:\WINDOWS$hf_mig$\KB922616\update\update.exe
C:\WINDOWS$hf_mig$\KB922819\update\update.exe
C:\WINDOWS$hf_mig$\KB923414\update\update.exe
C:\WINDOWS$hf_mig$\KB923561\update\update.exe
C:\WINDOWS$hf_mig$\KB923694\update\update.exe
C:\WINDOWS$hf_mig$\KB923980\update\update.exe
C:\WINDOWS$hf_mig$\KB924191\update\update.exe
C:\WINDOWS$hf_mig$\KB924270\update\update.exe
C:\WINDOWS$hf_mig$\KB924496\update\update.exe
C:\WINDOWS$hf_mig$\KB925454\update\update.exe
C:\WINDOWS$hf_mig$\KB925486\update\update.exe
C:\WINDOWS$hf_mig$\KB925902\update\update.exe
C:\WINDOWS$hf_mig$\KB926255\update\update.exe
C:\WINDOWS$hf_mig$\KB926436\update\update.exe
C:\WINDOWS$hf_mig$\KB927779\update\update.exe
C:\WINDOWS$hf_mig$\KB927802\update\update.exe
C:\WINDOWS$hf_mig$\KB927891\update\update.exe
C:\WINDOWS$hf_mig$\KB928255\update\update.exe
C:\WINDOWS$hf_mig$\KB928843\update\update.exe
C:\WINDOWS$hf_mig$\KB929123\update\update.exe
C:\WINDOWS$hf_mig$\KB929969\update\update.exe
C:\WINDOWS$hf_mig$\KB930178\update\update.exe
C:\WINDOWS$hf_mig$\KB930916\update\update.exe
C:\WINDOWS$hf_mig$\KB931261\update\update.exe
C:\WINDOWS$hf_mig$\KB931768-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB931836\update\update.exe
C:\WINDOWS$hf_mig$\KB932823-v3\update\update.exe
C:\WINDOWS$hf_mig$\KB933360\update\update.exe
C:\WINDOWS$hf_mig$\KB935448\update\update.exe
C:\WINDOWS$hf_mig$\KB935839\update\update.exe
C:\WINDOWS$hf_mig$\KB935840\update\update.exe
C:\WINDOWS$hf_mig$\KB936021\update\update.exe
C:\WINDOWS$hf_mig$\KB936357\update\update.exe
C:\WINDOWS$hf_mig$\KB938127-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB938828\update\update.exe
C:\WINDOWS$hf_mig$\KB938829\update\update.exe
C:\WINDOWS$hf_mig$\KB939653-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB941202\update\update.exe
C:\WINDOWS$hf_mig$\KB941568\update\update.exe
C:\WINDOWS$hf_mig$\KB941644\update\update.exe
C:\WINDOWS$hf_mig$\KB941693\update\update.exe
C:\WINDOWS$hf_mig$\KB942615-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB942763\update\update.exe
C:\WINDOWS$hf_mig$\KB943055\update\update.exe
C:\WINDOWS$hf_mig$\KB943485\update\update.exe
C:\WINDOWS$hf_mig$\KB944533-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB944653\update\update.exe
C:\WINDOWS$hf_mig$\KB945553\update\update.exe
C:\WINDOWS$hf_mig$\KB946026\update\update.exe
C:\WINDOWS$hf_mig$\KB946648\update\update.exe
C:\WINDOWS$hf_mig$\KB947864-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB948590\update\update.exe
C:\WINDOWS$hf_mig$\KB948881\update\update.exe
C:\WINDOWS$hf_mig$\KB950749\update\update.exe
C:\WINDOWS$hf_mig$\KB950759-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB950760\update\update.exe
C:\WINDOWS$hf_mig$\KB950762\update\update.exe
C:\WINDOWS$hf_mig$\KB950974\update\update.exe
C:\WINDOWS$hf_mig$\KB951066\update\update.exe
C:\WINDOWS$hf_mig$\KB951072-v2\update\update.exe
C:\WINDOWS$hf_mig$\KB951376\update\update.exe
C:\WINDOWS$hf_mig$\KB951376-v2\update\update.exe
C:\WINDOWS$hf_mig$\KB951698\update\update.exe
C:\WINDOWS$hf_mig$\KB951748\update\update.exe
C:\WINDOWS$hf_mig$\KB951978\update\update.exe
C:\WINDOWS$hf_mig$\KB952004\update\update.exe
C:\WINDOWS$hf_mig$\KB952287\update\update.exe
C:\WINDOWS$hf_mig$\KB952954\update\update.exe
C:\WINDOWS$hf_mig$\KB953838-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB953839\update\update.exe
C:\WINDOWS$hf_mig$\KB954211\update\update.exe
C:\WINDOWS$hf_mig$\KB954459\update\update.exe
C:\WINDOWS$hf_mig$\KB954600\update\update.exe
C:\WINDOWS$hf_mig$\KB955069\update\update.exe
C:\WINDOWS$hf_mig$\KB955839\update\update.exe
C:\WINDOWS$hf_mig$\KB956390-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB956391\update\update.exe
C:\WINDOWS$hf_mig$\KB956572\update\update.exe
C:\WINDOWS$hf_mig$\KB956802\update\update.exe
C:\WINDOWS$hf_mig$\KB956803\update\update.exe
C:\WINDOWS$hf_mig$\KB956841\update\update.exe
C:\WINDOWS$hf_mig$\KB957095\update\update.exe
C:\WINDOWS$hf_mig$\KB957097\update\update.exe
C:\WINDOWS$hf_mig$\KB958215-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB958644\update\update.exe
C:\WINDOWS$hf_mig$\KB958687\update\update.exe
C:\WINDOWS$hf_mig$\KB958690\update\update.exe
C:\WINDOWS$hf_mig$\KB959426\update\update.exe
C:\WINDOWS$hf_mig$\KB960225\update\update.exe
C:\WINDOWS$hf_mig$\KB960714-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB960715\update\update.exe
C:\WINDOWS$hf_mig$\KB960803\update\update.exe
C:\WINDOWS$hf_mig$\KB961260-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB961373\update\update.exe
C:\WINDOWS$hf_mig$\KB963027-IE7\update\update.exe
C:\WINDOWS$hf_mig$\KB967715\update\update.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\Update.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\SoftwareDistribution\Download\011cdeb527c0ded3735dde8070aaf659\update\update.exe
C:\WINDOWS\SoftwareDistribution\Download\550530d3b934e720deb3ca1851e75ba0\update\update.exe

################################### [ Cracks / Keygens / Serials ]

-> Nothing found !

################## [ ! End of Report # FindyKill V4.730 ! ]


merci de me dire ce que je dois faire car apres toutes ses manipulation je n m en sors pas

quel ligne dois je supprimer d hijacthis

avec combofix

ComboFix 09-05-26.03 - home 27/05/2009 12:08:43.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.341 [GMT 2:00]
Lancé depuis: D:\Documents and Settings\home\Bureau\CCM.exe
AV: avast! antivirus 4.8.1335 [VPS 090526-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\WINDOWS\cdmxtras
C:\WINDOWS\cdmxtras\uninst.exe
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\pack.epk
C:\WINDOWS\system\smvss.exe
C:\WINDOWS\system32\cache329
C:\WINDOWS\system32\uxtheme(3).dll
C:\WINDOWS\system32\uxtheme(4).dll
D:\Documents and Settings\home\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-27 au 2009-05-27 ))))))))))))))))))))))))))))))))))))
.

2009-05-27 10:05:44 . 2009-05-27 10:07:12 0 d-s—w C:\ComboFix
2009-05-27 10:03:42 . 2008-06-19 15:24:30 28544 ----a-w C:\WINDOWS\system32\drivers\pavboot.sys
2009-05-27 10:03:27 . 2009-05-27 10:03:28 0 d-----w C:\WINDOWS\LastGood
2009-05-26 20:30:57 . 2009-05-26 20:30:57 0 dc----w D:\Documents and Settings\All Users\Application Data{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-05-26 19:41:48 . 2009-05-26 19:41:48 0 d-----w C:\Program Files\Panda Security
2009-05-25 18:56:24 . 2009-05-25 18:56:24 0 d-----w D:\Documents and Settings\home\Local Settings\Application Data\Scansoft
2009-05-25 14:36:58 . 2009-05-25 14:36:58 0 d-----w D:\Documents and Settings\All Users\Application Data\InstallShield
2009-05-25 14:36:29 . 2009-05-25 14:36:29 0 d-----w D:\Documents and Settings\home\Application Data\Nuance
2009-05-25 14:31:44 . 2009-05-25 14:31:44 0 d-----w D:\Documents and Settings\All Users\Application Data\ScanSoft
2009-05-25 14:31:43 . 2009-05-25 14:31:44 0 d-----w C:\Program Files\Fichiers communs\ScanSoft Shared
2009-05-25 14:31:38 . 2009-05-25 14:31:38 0 d-----w C:\Program Files\Fichiers communs\Nuance
2009-05-25 14:30:39 . 2009-05-25 14:30:39 0 d-----w C:\Program Files\Nuance
2009-05-25 14:30:38 . 2009-05-25 14:30:38 0 d-----w D:\Documents and Settings\All Users\Application Data\Nuance
2009-05-25 14:30:33 . 2009-05-25 14:36:50 0 d-----w C:\WINDOWS\speech
2009-05-15 18:29:50 . 2009-05-15 18:29:57 0 d-----w D:\Documents and Settings\home\Application Data\vlc
2009-05-13 08:57:33 . 2009-05-13 08:57:33 0 d-sh–w D:\Documents and Settings\home\IECompatCache
2009-05-13 08:56:46 . 2009-05-13 08:56:46 0 d-sh–w D:\Documents and Settings\home\PrivacIE
2009-05-13 08:32:44 . 2009-05-13 08:32:44 0 d-sh–w D:\Documents and Settings\home\IETldCache
2009-05-12 16:00:35 . 2009-05-12 16:00:35 0 d-----w C:\WINDOWS\ie8updates
2009-05-12 16:00:00 . 2009-04-25 05:30:39 102400 ------w C:\WINDOWS\system32\dllcache\iecompat.dll
2009-05-12 15:58:14 . 2009-05-12 15:59:53 0 dc-h–w C:\WINDOWS\ie8
2009-05-12 11:40:43 . 2009-05-12 11:40:43 23 --sha-w C:\WINDOWS\system32\edacded0_x.dat
2009-05-12 11:39:15 . 2009-05-12 12:24:32 0 d-----w C:\Program Files\MSECACHE
2009-05-11 16:47:59 . 2009-02-05 20:06:20 51376 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2009-05-11 16:47:59 . 2009-02-05 20:06:10 23152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2009-05-11 16:47:59 . 2009-02-05 20:05:11 26944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2009-05-11 16:47:58 . 2009-02-05 20:08:19 93296 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2009-05-11 16:47:58 . 2009-02-05 20:08:10 94032 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2009-05-11 16:47:58 . 2009-02-05 20:07:23 114768 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
2009-05-11 16:47:58 . 2009-02-05 20:07:12 20560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-05-11 16:47:58 . 2009-02-05 20:04:45 97480 ----a-w C:\WINDOWS\system32\AvastSS.scr
2009-05-11 16:47:43 . 2009-02-05 20:11:35 1256296 ----a-w C:\WINDOWS\system32\aswBoot.exe
2009-05-11 16:47:35 . 2009-05-11 16:47:35 0 d-----w C:\Program Files\Alwil Software
2009-05-11 06:44:53 . 2009-05-11 06:44:53 0 d-----w D:\Documents and Settings\home\Application Data\Malwarebytes
2009-05-11 06:44:47 . 2009-05-26 11:19:56 19096 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-05-11 06:44:45 . 2009-05-26 11:20:08 40160 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-11 06:44:43 . 2009-05-11 06:44:43 0 d-----w D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-11 06:44:42 . 2009-05-26 22:29:12 0 d-----w C:\Program Files\Malwarebytes’ Anti-Malware
2009-05-10 17:54:35 . 2009-05-26 19:21:34 0 d-----w D:\Documents and Settings\home.housecall6.6
2009-05-10 12:37:21 . 2009-05-10 13:12:24 0 d-----w D:\Documents and Settings\All Users\Application Data\avg8
2009-05-05 18:20:11 . 2009-05-05 18:20:11 230432 ----a-w C:\PA7302.DAT
2009-05-05 13:39:13 . 2009-05-05 13:39:13 0 d-----w D:\Documents and Settings\LocalService.AUTORITE NT.016\Local Settings\Application Data\Powercinema
2009-05-05 11:44:58 . 2007-11-08 08:29:52 458752 ----a-w C:\WINDOWS\system32\drivers\PAC7302.SYS
2009-05-05 11:44:58 . 2007-11-02 09:07:32 6656 ----a-w C:\WINDOWS\system32\CoInst_071029.dll
2009-05-05 11:44:58 . 2007-10-04 15:42:06 48128 ----a-w C:\WINDOWS\system32\Remove.exe
2009-05-05 11:44:54 . 2009-05-05 11:44:54 0 d-----w C:\Program Files\ANC
2009-05-05 11:44:53 . 2006-10-12 09:57:32 14336 ----a-w C:\WINDOWS\system32\P7302USD.dll
2009-05-05 11:44:52 . 2009-05-05 11:44:58 0 d-----w C:\Program Files\Fichiers communs\PAC7302
2009-05-05 11:44:52 . 2009-05-05 11:44:52 0 d-----w C:\WINDOWS\PixArt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 09:29:17 . 2004-08-16 15:41:35 582464 ----a-w C:\WINDOWS\system32\perfh00C.dat
2009-05-27 09:29:17 . 2004-08-16 15:41:35 108288 ----a-w C:\WINDOWS\system32\perfc00C.dat
2009-05-26 20:46:10 . 2007-10-23 10:04:38 0 d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-25 06:29:01 . 2007-01-05 16:08:44 0 d-----w C:\Program Files\eMule
2009-05-24 22:13:36 . 2007-03-09 20:15:23 0 d-----w C:\Program Files\Free Easy Burner
2009-05-24 07:48:35 . 2007-10-23 13:34:40 0 d-----w D:\Documents and Settings\home\Application Data\LimeWire
2009-05-22 09:39:18 . 2009-01-25 17:44:33 0 d-----w D:\Documents and Settings\home\Application Data\dvdcss
2009-05-21 21:22:33 . 2008-06-23 14:40:16 721904 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2009-05-15 08:15:01 . 2008-12-24 09:48:07 0 d-----w C:\Program Files\Microsoft Silverlight
2009-05-13 20:17:16 . 2007-10-23 13:11:42 190192 ----a-w D:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 12:09:19 . 2007-10-27 13:49:03 4212 —ha-w C:\WINDOWS\system32\zllictbl.dat
2009-05-11 16:53:41 . 2007-10-23 10:04:36 0 d-----w C:\Program Files\Spybot - Search & Destroy
2009-05-05 11:44:52 . 2006-10-16 15:13:01 0 d–h--w C:\Program Files\InstallShield Installation Information
2009-04-26 12:21:55 . 2008-03-07 17:17:03 0 d-----w C:\Program Files\Nokia
2009-04-13 11:04:54 . 2009-04-13 11:04:54 0 ----a-w C:\WINDOWS\system32\atiicdxx.dat
2009-04-13 10:48:15 . 2009-04-13 10:43:26 0 d-----w C:\Program Files\ATI
2009-04-13 10:47:32 . 2006-10-16 15:16:03 0 d-----w C:\Program Files\ATI Technologies
2009-04-13 07:14:02 . 2008-09-23 17:55:48 7332547 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2009-04-12 06:49:35 . 2007-12-09 18:00:42 0 d-----w D:\Documents and Settings\home\Application Data\U3
2009-03-08 02:34:58 . 2004-08-16 15:41:22 914944 ----a-w C:\WINDOWS\system32\wininet.dll
2009-03-08 02:34:30 . 2004-08-16 15:40:32 43008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2009-03-08 02:33:40 . 2004-08-16 15:40:03 18944 ----a-w C:\WINDOWS\system32\corpol.dll
2009-03-08 02:33:06 . 2004-08-16 15:41:17 420352 ----a-w C:\WINDOWS\system32\vbscript.dll
2009-03-08 02:32:56 . 2004-08-16 15:39:57 72704 ----a-w C:\WINDOWS\system32\admparse.dll
2009-03-08 02:32:50 . 2004-08-16 15:40:28 71680 ----a-w C:\WINDOWS\system32\iesetup.dll
2009-03-08 02:31:38 . 2004-08-16 15:40:29 34816 ----a-w C:\WINDOWS\system32\imgutil.dll
2009-03-08 02:31:18 . 2004-08-16 15:40:41 48128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2009-03-08 02:31:02 . 2004-08-16 15:40:40 45568 ----a-w C:\WINDOWS\system32\mshta.exe
2009-03-08 02:22:38 . 2004-08-16 15:40:42 156160 ----a-w C:\WINDOWS\system32\msls31.dll
2009-03-06 14:20:52 . 2004-08-16 15:40:58 286720 ----a-w C:\WINDOWS\system32\pdh.dll
2007-12-29 11:46:09 . 2007-08-20 10:56:43 56 --sh–r C:\WINDOWS\system32\64896FB009.sys
2007-12-29 11:46:54 . 2007-12-29 11:46:06 5018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 02:34:03 979968 3EFE912DD25D2586E6A0341DB0A66F69 C:\WINDOWS\explorer.exe
[-] 2007-06-13 13:10:53 1037312 B795475444D6D57A572C14B9E1A29839 C:\WINDOWS$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:22:28 979456 80A5400514EB32D393654768C4017E46 C:\WINDOWS$NtServicePackUninstall$\explorer.exe
[7] 2004-08-05 12:00:00 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA C:\WINDOWS$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:34:03 979968 3EFE912DD25D2586E6A0341DB0A66F69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 10:34:04 5724184]
“RocketDock”=“C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe” [2007-03-18 22:05:02 630784]
“RoboForm”=“C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2009-04-11 13:16:34 160592]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-14 02:33:59 15360]
“AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 16:39:54 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PAC7302_Monitor”=“C:\WINDOWS\PixArt\PAC7302\Monitor.exe” [2009-05-10 14:30:24 319488]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 20:08:45 81000]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe” [2007-03-16 09:45:30 63712]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 00:04:34 39792]
“SSBkgdUpdate”=“C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 07:03:38 210472]
“ISUSPM Startup”=“C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2005-02-16 14:15:22 221184]
“ISUSScheduler”=“C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” [2005-02-16 14:15:20 81920]
“DNS7reminder”=“C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe” [2007-03-19 07:20:42 259624]
“RTHDCPL”=“RTHDCPL.EXE” - C:\WINDOWS\RTHDCPL.exe [2005-12-09 14:49:42 15691264]

D:\Documents and Settings\home\Menu D?marrer\Programmes\D?marrage
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y’z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Clock v6.5.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk
backup=C:\WINDOWS\pss\OFFICE One Clock v6.5.lnkCommon Startup

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
path=D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
backup=C:\WINDOWS\pss\OFFICE One Notes v6.5.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe”=
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\eMule\emule.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=
“C:\Program Files\Neuf\Media Center\httpd\httpd.exe”= C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)
“C:\Program Files\LimeWire\LimeWire.exe”=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [27/05/2009 12:03:42 28544]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [11/05/2009 18:47:58 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [11/05/2009 18:47:58 20560]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\drivers\3xHybrid.sys [16/10/2006 17:13:54 799744]
R3 PAC7302;PC Camera;C:\WINDOWS\system32\drivers\PAC7302.SYS [05/05/2009 13:44:58 458752]
S3 Teriemamhice;Teriemamhice; [x]
S3 ZSMC302;Cammaestro 4.2GU build 1105;C:\WINDOWS\system32\drivers\usbvm302.sys [14/08/2007 12:30:58 195263]
S4 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys --> C:\WINDOWS\system32\drivers\fsdfw.sys [?]

— Autres Services/Pilotes en mémoire —

NewlyCreated - EAPHOST
NewlyCreated - FSBTS
NewlyCreated - IP6FW
NewlyCreated - PAVBOOT
Deregistered - fsbts

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“C:\WINDOWS\system32\rundll32.exe” “C:\WINDOWS\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’

2009-05-27 C:\WINDOWS\Tasks\Extension de garantie.job

  • C:\APPS\SMP\PBCARNOT.EXE [2005-11-09 11:55:02 . 2005-11-09 11:55:02]

2009-05-25 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job

  • C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-05-11 16:52:38 . 2009-01-26 13:31:12]

2009-05-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D01FF9FF-C3BA-40F5-8A10-A2EBEDDCD2ED}.job

  • C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58:32 . 2009-03-08 02:31:54]
    .
        • ORPHELINS SUPPRIMES - - - -

HKCU-Run-EleFunAnimatedWallpaper - (no file)
HKLM-Run-BigDogPath - C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU
HKLM-Run-Amazing3DAquariumWallpaper - (no file)
SafeBoot-procexp90.Sys

.
------- Examen supplémentaire -------
.
uStart Page = www.neufportail.fr…
uInternet Connection Wizard,ShellNext = iexplore
IE: Barre RoboForm - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Enregistrer le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
DPF: Microsoft XML Parser for Java - [C:\WINDOWS\Java\classes\xmldso.cab…](file://C:\WINDOWS\Java\classes\xmldso.cab)
FF - ProfilePath - D:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\jlmwirww.default
FF - prefs.js: browser.search.defaulturl - www.google.com…
FF - prefs.js: browser.startup.homepage - www.neufportail.fr…
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
.
Edité le 27/05/2009 à 14:50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:45, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Documents and Settings\home\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.neufportail.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU build 1105
O4 - HKLM…\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [SSBkgdUpdate] “C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM…\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [ISUSScheduler] “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [DNS7reminder] “C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe” -r "D:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [RocketDock] “C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe”
O4 - HKCU…\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” /automount
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: Barre RoboForm - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com…
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com…
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - download.sp.f-secure.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com…
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe


End of file - 11881 bytes


merci a toi

Malwarebytes’ Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 3

28/05/2009 10:46:28
mbam-log-2009-05-28 (10-46-28).txt

Type de recherche: Examen rapide
Eléments examinés: 210215
Temps écoulé: 7 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

tiens voila le raport de malwarebytes
rien trouver
mais j avais vu que oui certaine clefs de registre etait infecter comment je peu faire
avec ccleaner reparer registre ca va les desinfecter ou ca fais que de les reparer
merci de ton aide

ok merci de ton aide oui il demarre en mode sans echec
pense tu que je suis encore infecter
dois je refaire une analyse hijackthis en mode sans echec pour voir si tout est parti
car je ne peu touours pas ouvrir le programme hijackthis ca bloque ca dis programme windowsw 32 non valide
je comprend pas je pouvai encore l utiliser y a pas longtemp

je voulais te demander ce que je risque de faire une reparation du registre avec ccleaner car il me trouve un paquet d erreur
le virus peu t il revenir
Edité le 28/05/2009 à 20:35

ok merci j ai refais une analyse
est ce que tu vois quelque chose de suspect
j ai pas reussi a le reinstaller apres l avoir enlever
ca me dis que le programme est deja dans mes dossiers
mais ca va j ai reussi a faire un scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:27, on 29/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Neuf\Media Center\MediaCenter.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
D:\Documents and Settings\home\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.neufportail.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [SSBkgdUpdate] “C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM…\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM…\Run: [ISUSScheduler] “C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM…\Run: [DNS7reminder] “C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe” -r "D:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [RocketDock] “C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe”
O4 - HKCU…\Run: [RoboForm] “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe” /automount
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y’z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: Barre RoboForm - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [C:\Program…](file://C:\Program) Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx1.hotmail.com…
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - messenger.zone.msn.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com…
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com…
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - download.sp.f-secure.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - messenger.zone.msn.com…
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe


End of file - 11941 bytes

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

D:\FindyKill.txt: trouvé !
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
D:\Documents and Settings\home\Bureau\EliBaglA.exe: trouvé !
D:\Documents and Settings\home\Bureau\HijackThis.exe: trouvé !
D:\Documents and Settings\home\Bureau\Rsit.exe: trouvé !

salut ok c est cool pourtant j ai fais un scan en ligne avec panda active scan et il me trouve 2 virus mais il les supprime pas

tiens j ai fais ce que tu ma dis le rapport est au dessu j attend ta repose ce que je dois faire merci

salut je m etais absenter je retrouve pas le scan que j ai fais
j e ai refais une avec combofix
ComboFix 09-05-28.07 - home 29/05/2009 12:59.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.538 [GMT 2:00]
Lancé depuis: d:\documents and settings\home\Bureau\CCM.exe
AV: avast! antivirus 4.8.1335 [VPS 090528-0] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
.
---- Exécution préalable -------
.
C:\InfoSat.txt
c:\windows\cdmxtras
c:\windows\cdmxtras\uninst.exe
c:\windows\Fonts\acrsec.fon
c:\windows\pack.epk
c:\windows\system\smvss.exe
c:\windows\system32\cache329
c:\windows\system32\uxtheme(3).dll
c:\windows\system32\uxtheme(4).dll
d:\documents and settings\home\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
.

2009-05-28 09:55 . 2009-05-28 09:55 -------- d-sh–w d:\documents and settings\Administrateur\IECompatCache
2009-05-28 09:15 . 2009-05-28 09:15 -------- d-----w d:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-05-27 21:38 . 2009-05-27 21:41 -------- d-----w C:\rsit
2009-05-27 12:58 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-27 10:35 . 2009-05-27 10:35 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-05-26 20:30 . 2009-05-26 20:30 -------- dc----w d:\documents and settings\All Users\Application Data{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-05-26 19:41 . 2009-05-26 19:41 -------- d-----w c:\program files\Panda Security
2009-05-25 18:56 . 2009-05-25 18:56 -------- d-----w d:\documents and settings\home\Local Settings\Application Data\Scansoft
2009-05-25 14:36 . 2009-05-25 14:36 -------- d-----w d:\documents and settings\All Users\Application Data\InstallShield
2009-05-25 14:36 . 2009-05-25 14:36 -------- d-----w d:\documents and settings\home\Application Data\Nuance
2009-05-25 14:31 . 2009-05-25 14:31 -------- d-----w d:\documents and settings\All Users\Application Data\ScanSoft
2009-05-25 14:31 . 2009-05-25 14:31 -------- d-----w c:\program files\Fichiers communs\ScanSoft Shared
2009-05-25 14:31 . 2009-05-25 14:31 -------- d-----w c:\program files\Fichiers communs\Nuance
2009-05-25 14:30 . 2009-05-25 14:30 -------- d-----w c:\program files\Nuance
2009-05-25 14:30 . 2009-05-25 14:30 -------- d-----w d:\documents and settings\All Users\Application Data\Nuance
2009-05-25 14:30 . 2009-05-25 14:36 -------- d-----w c:\windows\speech
2009-05-15 18:29 . 2009-05-15 18:29 -------- d-----w d:\documents and settings\home\Application Data\vlc
2009-05-13 08:57 . 2009-05-13 08:57 -------- d-sh–w d:\documents and settings\home\IECompatCache
2009-05-13 08:56 . 2009-05-13 08:56 -------- d-sh–w d:\documents and settings\home\PrivacIE
2009-05-13 08:32 . 2009-05-13 08:32 -------- d-sh–w d:\documents and settings\home\IETldCache
2009-05-12 16:00 . 2009-05-12 16:00 -------- d-----w c:\windows\ie8updates
2009-05-12 16:00 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-12 15:58 . 2009-05-12 15:59 -------- dc-h–w c:\windows\ie8
2009-05-12 11:40 . 2009-05-12 11:40 23 --sha-w c:\windows\system32\edacded0_x.dat
2009-05-12 11:39 . 2009-05-12 12:24 -------- d-----w c:\program files\MSECACHE
2009-05-11 16:47 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-11 16:47 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-11 16:47 . 2009-02-05 20:05 26944 ----a-w c:\windows\system32\drivers\aavmker4.sys
2009-05-11 16:47 . 2009-02-05 20:08 93296 ----a-w c:\windows\system32\drivers\aswmon.sys
2009-05-11 16:47 . 2009-02-05 20:08 94032 ----a-w c:\windows\system32\drivers\aswmon2.sys
2009-05-11 16:47 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-11 16:47 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-11 16:47 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-11 16:47 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-11 16:47 . 2009-05-11 16:47 -------- d-----w c:\program files\Alwil Software
2009-05-11 06:44 . 2009-05-11 06:44 -------- d-----w d:\documents and settings\home\Application Data\Malwarebytes
2009-05-11 06:44 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-11 06:44 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 06:44 . 2009-05-11 06:44 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-11 06:44 . 2009-05-26 22:29 -------- d-----w c:\program files\Malwarebytes’ Anti-Malware
2009-05-10 17:54 . 2009-05-26 19:21 -------- d-----w d:\documents and settings\home.housecall6.6
2009-05-10 12:37 . 2009-05-10 13:12 -------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-05-05 18:20 . 2009-05-05 18:20 230432 ----a-w C:\PA7302.DAT
2009-05-05 13:39 . 2009-05-05 13:39 -------- d-----w d:\documents and settings\LocalService.AUTORITE NT.016\Local Settings\Application Data\Powercinema
2009-05-05 11:44 . 2007-11-08 08:29 458752 ----a-w c:\windows\system32\drivers\PAC7302.SYS
2009-05-05 11:44 . 2007-11-02 09:07 6656 ----a-w c:\windows\system32\CoInst_071029.dll
2009-05-05 11:44 . 2007-10-04 15:42 48128 ----a-w c:\windows\system32\Remove.exe
2009-05-05 11:44 . 2009-05-05 11:44 -------- d-----w c:\program files\ANC
2009-05-05 11:44 . 2006-10-12 09:57 14336 ----a-w c:\windows\system32\P7302USD.dll
2009-05-05 11:44 . 2009-05-05 11:44 -------- d-----w c:\program files\Fichiers communs\PAC7302
2009-05-05 11:44 . 2009-05-05 11:44 -------- d-----w c:\windows\PixArt

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 09:55 . 2007-10-23 10:04 -------- d-----w d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-27 09:29 . 2004-08-16 15:41 582464 ----a-w c:\windows\system32\perfh00C.dat
2009-05-27 09:29 . 2004-08-16 15:41 108288 ----a-w c:\windows\system32\perfc00C.dat
2009-05-25 06:29 . 2007-01-05 16:08 -------- d-----w c:\program files\eMule
2009-05-24 22:13 . 2007-03-09 20:15 -------- d-----w c:\program files\Free Easy Burner
2009-05-24 07:48 . 2007-10-23 13:34 -------- d-----w d:\documents and settings\home\Application Data\LimeWire
2009-05-22 09:39 . 2009-01-25 17:44 -------- d-----w d:\documents and settings\home\Application Data\dvdcss
2009-05-21 21:22 . 2008-06-23 14:40 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-15 08:15 . 2008-12-24 09:48 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-13 20:17 . 2007-10-23 13:11 190192 ----a-w d:\documents and settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 12:09 . 2007-10-27 13:49 4212 —ha-w c:\windows\system32\zllictbl.dat
2009-05-11 16:53 . 2007-10-23 10:04 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-05 11:44 . 2006-10-16 15:13 -------- d–h--w c:\program files\InstallShield Installation Information
2009-04-26 12:21 . 2008-03-07 17:17 -------- d-----w c:\program files\Nokia
2009-04-13 11:04 . 2009-04-13 11:04 0 ----a-w c:\windows\system32\atiicdxx.dat
2009-04-13 10:48 . 2009-04-13 10:43 -------- d-----w c:\program files\ATI
2009-04-13 10:47 . 2006-10-16 15:16 -------- d-----w c:\program files\ATI Technologies
2009-04-13 07:14 . 2008-09-23 17:55 7332547 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-04-12 06:49 . 2007-12-09 18:00 -------- d-----w d:\documents and settings\home\Application Data\U3
2009-03-08 02:34 . 2004-08-16 15:41 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-16 15:40 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-16 15:40 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-16 15:41 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-16 15:39 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-16 15:40 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-16 15:40 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-16 15:40 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-16 15:40 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-16 15:40 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-16 15:40 286720 ----a-w c:\windows\system32\pdh.dll
2007-12-29 11:46 . 2007-08-20 10:56 56 --sh–r c:\windows\system32\64896FB009.sys
2007-12-29 11:46 . 2007-12-29 11:46 5018 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 02:34 979968 3EFE912DD25D2586E6A0341DB0A66F69 c:\windows\explorer.exe
[-] 2007-06-13 13:10 1037312 B795475444D6D57A572C14B9E1A29839 c:\windows$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:22 979456 80A5400514EB32D393654768C4017E46 c:\windows$NtServicePackUninstall$\explorer.exe
[7] 2004-08-05 12:00 1036288 4C33E5B9A6197B6ED215F6CFBA0A2DAA c:\windows$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 02:34 979968 3EFE912DD25D2586E6A0341DB0A66F69 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-05-27_10.11.31 )))))))))))))))))))))))))))))))))))))))))
.

  • 2009-05-28 17:13 . 2009-05-28 17:13 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat
  • 2008-08-13 13:03 . 2008-08-13 13:03 65536 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
  • 2008-08-13 13:03 . 2008-08-13 13:03 798720 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
  • 2005-05-16 17:34 . 2005-05-16 17:34 213048 c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
  • 2009-02-03 13:24 . 2009-02-03 13:24 296336 c:\windows\Downloaded Program Files\rufsi.dll
  • 2009-04-22 16:05 . 2009-04-22 16:05 406640 c:\windows\Downloaded Program Files\fslauncher.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 5724184]
“RocketDock”=“c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe” [2007-03-18 630784]
“RoboForm”=“c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe” [2009-04-11 160592]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe” [2008-03-20 216520]
“EleFunAnimatedWallpaper”="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PAC7302_Monitor”=“c:\windows\PixArt\PAC7302\Monitor.exe” [2009-05-10 319488]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“Adobe Photo Downloader”=“c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe” [2007-03-16 63712]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-10-15 39792]
“SSBkgdUpdate”=“c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 210472]
“ISUSPM Startup”=“c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2005-02-16 221184]
“ISUSScheduler”=“c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe” [2005-02-16 81920]
“DNS7reminder”=“c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe” [2007-03-19 259624]
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2005-12-09 15691264]

d:\documents and settings\home\Menu D?marrer\Programmes\D?marrage
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]
Y’z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-5-21 155648]

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Clock v6.5.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Clock v6.5.lnk
backup=c:\windows\pss\OFFICE One Clock v6.5.lnkCommon Startup

[HKLM~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
path=d:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OFFICE One Notes v6.5.lnk
backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe”=
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\eMule\emule.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\Windows Live\Messenger\livecall.exe”=
“c:\Program Files\LimeWire\LimeWire.exe”=
“c:\program files\Neuf\Media Center\httpd\httpd.exe”= c:\program files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [27/05/2009 14:58 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/05/2009 18:47 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/05/2009 18:47 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [16/10/2006 17:13 799744]
R3 PAC7302;PC Camera;c:\windows\system32\drivers\PAC7302.SYS [05/05/2009 13:44 458752]
S3 Teriemamhice;Teriemamhice; [x]
S3 ZSMC302;Cammaestro 4.2GU build 1105;c:\windows\system32\drivers\usbvm302.sys [14/08/2007 12:30 195263]
S4 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.
Contenu du dossier ‘Tâches planifiées’

2009-05-29 c:\windows\Tasks\Extension de garantie.job

  • c:\apps\SMP\PBCARNOT.EXE [2005-11-09 11:55]

2009-05-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

  • c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-05-11 13:31]

2009-05-29 c:\windows\Tasks\User_Feed_Synchronization-{D01FF9FF-C3BA-40F5-8A10-A2EBEDDCD2ED}.job

  • c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = www.neufportail.fr…
    uInternet Connection Wizard,ShellNext = iexplore
    IE: Barre RoboForm - [c:\program…](file://c:\program) files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Enregistrer le formulaire - [c:\program…](file://c:\program) files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Personnaliser le menu - [c:\program…](file://c:\program) files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Remplir le formulaire - [c:\program…](file://c:\program) files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    DPF: Microsoft XML Parser for Java - [c:\windows\Java\classes\xmldso.cab…](file://c:\windows\Java\classes\xmldso.cab)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com…
    FF - ProfilePath - d:\documents and settings\home\Application Data\Mozilla\Firefox\Profiles\jlmwirww.default
    FF - prefs.js: browser.search.defaulturl - www.google.com…
    FF - prefs.js: browser.startup.homepage - www.neufportail.fr…
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    .

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-05-29 13:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2191374459-2331453074-770814102-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

              • ‘winlogon.exe’(668)
                c:\windows\system32\Ati2evxx.dll
                .
                Heure de fin: 2009-05-29 13:04
                ComboFix-quarantined-files.txt 2009-05-29 11:04

Avant-CF: 2 302 038 016 octets libres
Après-CF: 2 276 786 176 octets libres

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
238 — E O F — 2009-05-14 06:24

on vos que certaines cle sont bloquees pourquoi merci de me dire ce que l analyse a detecter

ce rapport date de 4 jours
je me souvien plus quand j ai utiliser fixewarout
c est vrai j ai fais plusieurs manip et j sais plus trop ou j en suis je vais faire ce que tu me dis
merci
je sais pas quel fichier est infecter comment faire pour l enlever
j ai pas telecharger de crack comment faire merci
Edité le 02/06/2009 à 09:41

salut je revien a toi apres avoir fais ce que tu ma dis en 1er avec SDFIX voila le rapport par contre en mode sans echec ca a pas marcher j ai donc fais en mode sans echec avec prise en charge de reseau j espere que ca trompe pas l analyse merci de me tenir au courant si je peu faire la deuxieme chose que tu me dis avec smitfraudfix j attend ton feu vert
tien voila le rapport

SDFix: Version 1.240
Run by home on 02/06/2009 at 13:16

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\TMLPWIN.EXE - Deleted

Removing Temp Files

ADS Check :

                             [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-06-02 13:23:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden services & system hive …

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:76,6a,bb,83,9c,98,e0,d3,35,6d,5a,00,fb,7e,30,e7,15,91,d2,98,7c,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 52”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:76,6a,bb,83,9c,98,e0,d3,35,6d,5a,00,fb,7e,30,e7,15,91,d2,98,7c,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 52”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:ef,0c,86,a2,2f,77,2c,f7,b0,18,65,b6,e2,85,b3,d6,de,e3,30,37,4a,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 52”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:76,6a,bb,83,9c,98,e0,d3,35,6d,5a,00,fb,7e,30,e7,15,91,d2,98,7c,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 52”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
“s1”=dword:2df9c43f
“s2”=dword:110480d0
“h0”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:0b,ff,41,88,18,11,03,ea,1b,4d,dd,bc,b4,dd,f4,c4,cd,cd,91,ae,26,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 52”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
“h0”=dword:00000000
“ujdew”=hex:0b,ff,41,88,18,11,03,ea,1b,4d,dd,bc,b4,dd,f4,c4,cd,cd,91,ae,26,…
“p0”=“C:\Program Files\Alcohol Soft\Alcohol 52”
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]

scanning hidden registry entries …

scanning hidden files …

folder error: D:\Documents and Settings\home

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe”="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe::Enabled:SPLINTER CELL PANDORA"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:
:enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\eMule\emule.exe”="C:\Program Files\eMule\emule.exe:
:Enabled:eMule"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe:
:Enabled:Windows Live Messenger (Phone)”
“C:\Program Files\LimeWire\LimeWire.exe”=“C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire PRO 4.16.4”
“C:\Program Files\Neuf\Media Center\httpd\httpd.exe”=“C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\AOL 9.0\waol.exe”="C:\Program Files\AOL 9.0\waol.exe:
:Enabled:AOL 9.0"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:
:Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)”

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 16 Oct 2006 215 …SH. — “C:\BOOT.BAK”
Mon 26 Jan 2009 1,740,632 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe”
Mon 26 Jan 2009 5,365,592 A.SHR — “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe”
Thu 5 Mar 2009 2,260,480 A.SHR — “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe”
Sat 29 Dec 2007 56 …SHR — “C:\WINDOWS\system32\64896FB009.sys”
Sat 29 Dec 2007 5,018 A.SH. — “C:\WINDOWS\system32\KGyGaAvL.sys”

Finished!


tiens j ai relu ton mes et je me suis dis que si ca craignais tu m aurais di d attendre
donc voila le deuxieme rapport de smitfraudfix
j attend de tes nouvelles avec impatience car tu m a fais peur quand tu ma dis que j etais bien infecter
car j utilise mon ordi et j ai peur que ca propage!!!
ENCORE UN GRAND MERCI

SmitFraudFix v2.418

Rapport fait à 13:39:18,29, 02/06/2009
Executé à partir de D:\Documents and Settings\home\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\home\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» D:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\home

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\home\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\home\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\home\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
“Source”=“About:Home”
“SubscribedURL”=“About:Home”
“FriendlyName”=“Ma page d’accueil”

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“System”=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d’ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip…{E4EE3385-904F-4E50-9145-3C60CB345595}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip…{E4EE3385-904F-4E50-9145-3C60CB345595}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip…{E4EE3385-904F-4E50-9145-3C60CB345595}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip…{E4EE3385-904F-4E50-9145-3C60CB345595}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
Edité le 02/06/2009 à 13:45

Ce message n’était pas conforme aux règles d’utilisation du nouveau forum :

J ATTEND TA REPONSE AVANT DE FAIRE NETTOYAGE
SI BESOIN
MERCI