Virus "TR/Crypt.XPACK.Gen" détecté

bonjour,
je n’arrive pas à me débarrasser de ce p’tit virus et aux vues des forums il peut se fixer sur diverses parties de win et là ce n’est plus dans mes compétences.merci de m’aider.
ci-joint le rapport antivir pratiqué en mode “sans échec”.

Avira AntiVir Personal
Report file date: samedi 9 mai 2009 11:59

Scanning for 1385351 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Save mode
Username : Administrateur
Computer name : MATHIAS-1F85AC4

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 27/04/2009 10:07:45
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/04/2009 13:13:39
ANTIVIR3.VDF : 7.1.3.178 195584 Bytes 08/05/2009 18:44:22
Engineversion : 8.2.0.166
AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 13:13:54
AESCRIPT.DLL : 8.1.1.81 385401 Bytes 08/05/2009 18:44:33
AESCN.DLL : 8.1.1.10 127348 Bytes 03/04/2009 18:01:56
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.16 397686 Bytes 08/05/2009 18:44:31
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.128 1757559 Bytes 08/05/2009 18:44:29
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.42 348531 Bytes 08/05/2009 18:44:23
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 14/04/2009 17:44:01
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 27/04/2009 10:07:45
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 27/04/2009 10:07:45

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir desktop\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:,
Process scan…: on
Scan registry…: on
Search for rootkits…: on
Integrity checking of system files…: off
Scan all files…: All files
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium
Deviating risk categories…: +PCK,

Start of the scan: samedi 9 mai 2009 11:59

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector ‘C:’
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( ‘60’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\maison\Local Settings\Temp\hp_webrelease\drivers\dot4\wrapper\wrapper.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway_-Wood_Vol.1.part02.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-02_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part03.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-03_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part04.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-05_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part05.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-06_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part06.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-07_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part07.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-09_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part08.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-10_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part09.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-12_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part10.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-13_d_2.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part11.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-14_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part12.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-15_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part13.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-17_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part14.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-18_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part15.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-19_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part16.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-20_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part17.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-21_d_3.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part18.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-22_d_1.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part19.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-22_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part20.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-23_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part21.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-25_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part22.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-26_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part23.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-27_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part24.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-28_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part25.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-29_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part26.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-30_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part27.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-31_d_2.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part28.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-32_d_2.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part29.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-32_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part30.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-34_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part31.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-35_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part32.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-36_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part33.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-38_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part34.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-39_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part35.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-40_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part36.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-42_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part37.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-43_d.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part38.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-44_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part39.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-45_b.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part40.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-46_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part41.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-47_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part42.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-48_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-Wood_Vol.1.part43.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-49_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\maison\Mes documents\textures\Arroway_wood\Arroway-_Wood_Vol.1.part44.rar
[0] Archive type: RAR
–> Arroway - Wood Vol.1\Maps\wood-50_r.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0081818.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.3584 root kit
C:\WINDOWS\system32\nmdfgds0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Documents and Settings\maison\Local Settings\Temp\hp_webrelease\drivers\dot4\wrapper\wrapper.exe
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to ‘4a668e00.qua’!
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0081818.sys
[DETECTION] Contains recognition pattern of the RKIT/Agent.3584 root kit
[NOTE] The file was moved to ‘4a358dbe.qua’!
C:\WINDOWS\system32\nmdfgds0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to ‘4a698dfb.qua’!

End of the scan: samedi 9 mai 2009 16:05
Used time: 1:35:28 Hour(s)

The scan has been done completely.

11096 Scanned directories
824330 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
824325 Files not concerned
7369 Archives were scanned
88 Warnings
4 Notes

salut

jette un oeuil ici www.malekal.com…

Salut

http://i41.tinypic.com/263ymgi.jpgTélécharger ComboFix (par sUBs) sur le Bureau

ComboFix

==>Démarrer en mode sans echec
==>Double cliquer combofix.exe.
==>Appuyer sur la touche Y (Yes) pour démarrer le scan
==> Le rapport sera crée dans: C:\Combofix.txt, poste le ici

aprés
http://i41.tinypic.com/263ymgi.jpgposte un Log hijackthis–>Hijackthis

regarde–>renommer correctement Hijackthis==>renommer correctement Hijackthis

pourquoi ??–>certaines infections “Vundos” se cachent au lancement de hijackthis.exe et pas d’un autre .exe)

regarde générer un rapport–>Tutoriel

aprés en attendant ==> si ce n est pas fait
http://i41.tinypic.com/263ymgi.jpgtélécharges --> Malwarebytes (mbam)–>Malwarebytes

installes + mise a jour
et
Redémarre en “Mode sans échec” : redémarres ton ordinateur et tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)

• Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
• Sélectionnse tes disques durs" puis clique sur “Lancer l’examen”
• A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
• Suppression des éléments détectés --> cliques sur Supprimer la sélection a faire Impérativement==> Pas oubier “supprimer”
• S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

Bon Courage

bonsoir et un grand merci pour votre aides…
ci joint les 3 rapports:
combofix:
ComboFix 09-05-11.01 - maison 11/05/2009 20:57.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1765 [GMT 2:00]
Lancé depuis: c:\documents and settings\maison\Bureau\ComboFix.exe
AV: AntiVir Desktop On-access scanning enabled (Updated)

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\hkn6k.bat
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
L:\Autorun.inf
L:\hkn6k.bat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-11 au 2009-05-11 ))))))))))))))))))))))))))))))))))))
.

2009-05-10 18:46 . 2009-05-10 18:46 -------- d-----w c:\program files\Trend Micro
2009-05-09 09:58 . 2009-05-09 09:58 -------- d-sh–w c:\documents and settings\Administrateur\IETldCache
2009-05-03 18:02 . 2009-05-03 18:04 -------- d-----w c:\program files\AutoCAD 2009
2009-05-02 09:14 . 2009-05-02 09:14 -------- d-----w c:\documents and settings\maison\Application Data\OpenOffice.org
2009-05-02 09:13 . 2009-05-02 09:13 -------- d-----w c:\program files\JRE
2009-05-02 09:13 . 2009-05-02 09:13 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-25 18:25 . 2009-04-25 18:25 -------- d-----w c:\program files\RocketDock
2009-04-24 19:24 . 2009-04-24 19:24 -------- d-sh–w c:\documents and settings\LocalService\IETldCache
2009-04-24 19:24 . 2009-04-24 19:24 -------- d-----r c:\documents and settings\LocalService\Favoris
2009-04-23 13:20 . 2009-04-23 13:20 -------- d-----w c:\program files\AskBarDis
2009-04-23 13:19 . 2009-04-23 13:19 -------- d-----w c:\documents and settings\maison\Application Data\Foxit
2009-04-22 17:23 . 2009-05-11 17:49 -------- d-----w c:\documents and settings\maison\Tracing
2009-04-22 17:10 . 2009-04-24 13:27 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-22 17:09 . 2009-04-22 17:09 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-22 17:08 . 2009-04-22 17:10 -------- d-----w c:\program files\Microsoft
2009-04-22 17:08 . 2009-04-22 17:08 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-22 13:01 . 2009-04-22 13:01 -------- d-----w c:\program files\DWG TrueView 2010
2009-04-22 13:00 . 2009-04-22 13:00 94208 ----a-w c:\windows\system32\msstkprp.dll
2009-04-22 13:00 . 2009-04-22 13:00 429720 ----a-w c:\windows\system32\AcSignOpt.exe
2009-04-22 13:00 . 2009-04-22 13:00 29848 ----a-w c:\windows\system32\AcSignExt.dll
2009-04-22 13:00 . 2009-04-22 13:00 43160 ----a-w c:\windows\system32\AcSignIcon.dll
2009-04-22 13:00 . 2009-04-22 13:00 14488 ----a-w c:\windows\system32\AcSignExtRes.dll
2009-04-16 06:50 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 06:50 . 2009-03-06 14:20 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 06:50 . 2009-02-09 11:23 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 06:50 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 06:50 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 06:50 . 2009-02-09 10:53 685568 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 06:50 . 2009-02-09 10:53 735744 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 06:50 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 06:50 . 2009-02-09 10:53 739840 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 06:46 . 2008-12-16 12:31 354304 -c----w c:\windows\system32\dllcache\winhttp.dll
2009-04-16 06:46 . 2008-04-21 21:15 219136 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 19:21 . 2009-04-13 19:21 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-13 18:58 . 2009-02-24 19:35 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-04-13 18:58 . 2009-02-24 19:35 118520 ------w c:\windows\system32\pxinsi64.exe
2009-04-13 18:58 . 2009-04-13 18:58 -------- d-----w c:\program files\Fichiers communs\DivX Shared
2009-04-13 10:27 . 2009-04-13 10:27 -------- d-----w c:\documents and settings\maison\Local Settings\Application Data\FPU

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 17:52 . 2004-08-10 19:00 84526 ----a-w c:\windows\system32\perfc00C.dat
2009-05-11 17:52 . 2004-08-10 19:00 510324 ----a-w c:\windows\system32\perfh00C.dat
2009-05-11 17:47 . 2009-03-06 19:27 -------- d-----w c:\program files\Steam
2009-05-08 19:49 . 2008-09-22 18:39 -------- d–h--w c:\program files\InstallShield Installation Information
2009-05-06 17:20 . 2008-12-31 17:24 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-03 18:09 . 2008-10-04 19:47 106208 ----a-w c:\documents and settings\maison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 18:05 . 2008-12-30 13:33 -------- d-----w c:\program files\Fichiers communs\Autodesk Shared
2009-05-01 07:38 . 2008-11-09 09:15 -------- d-----w c:\program files\eMule
2009-04-27 10:07 . 2009-03-20 17:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-26 18:40 . 2008-09-22 18:17 -------- d-----w c:\program files\uTorrent
2009-04-25 06:29 . 2009-02-02 11:16 -------- d-----w c:\program files\Malwarebytes’ Anti-Malware
2009-04-25 06:22 . 2009-01-06 18:56 -------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2009-04-23 13:19 . 2008-11-10 20:01 -------- d-----w c:\program files\Foxit Software
2009-04-23 13:12 . 2008-10-05 19:47 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-04-22 17:09 . 2008-09-22 19:22 -------- d-----w c:\program files\Windows Live
2009-04-22 12:50 . 2008-12-30 13:33 -------- d-----w c:\program files\Autodesk
2009-04-13 18:58 . 2009-01-31 19:08 -------- d-----w c:\program files\DivX
2009-04-06 13:32 . 2009-02-02 11:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-02-02 11:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-31 18:23 . 2008-09-21 18:12 -------- d-----w c:\program files\Java
2009-03-21 08:54 . 2008-09-22 18:39 -------- d-----w c:\program files\Google
2009-03-20 17:06 . 2009-03-20 17:06 -------- d-----w c:\program files\Avira
2009-03-18 19:47 . 2009-03-18 19:47 -------- d-----w c:\program files\Cyanide
2009-03-09 03:19 . 2008-12-01 19:00 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 03:34 . 2004-08-10 19:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 03:34 . 2004-08-10 19:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 03:33 . 2004-08-10 19:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 03:33 . 2004-08-10 19:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 03:32 . 2004-08-10 19:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 03:32 . 2004-08-10 19:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 03:31 . 2004-08-10 19:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 03:31 . 2004-08-10 19:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 03:31 . 2004-08-10 19:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 03:22 . 2004-08-10 19:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-10 19:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-24 19:35 . 2008-09-26 17:56 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 10:58 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe” [2009-02-06 3885408]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2008-04-14 1695232]
“Steam”=“c:\program files\steam\steam.exe” [2009-03-06 1410296]
“RocketDock”=“c:\program files\RocketDock\RocketDock.exe” [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-09-17 13574144]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-09-17 86016]
“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2008-09-06 413696]
“LifeCam”=“c:\program files\Microsoft LifeCam\LifeExp.exe” [2008-08-04 160800]
“VX1000”=“c:\windows\vVX1000.exe” [2008-08-04 721936]
“Ashampoo FireWall”=“c:\program files\Ashampoo\Ashampoo FireWall\FireWall.exe” [2007-04-05 3251800]
“avgnt”=“c:\program files\Avira\AntiVir Desktop\avgnt.exe” [2009-03-02 209153]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-03-09 148888]
“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
“BluetoothAuthenticationAgent”=“bthprops.cpl” - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\maison\Menu D?marrer\Programmes\D?marrage
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-9 113664]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“c:\Program Files\Microsoft LifeCam\LifeCam.exe”=
“c:\Program Files\Microsoft LifeCam\LifeEnC2.exe”=
“c:\Program Files\Microsoft LifeCam\LifeExp.exe”=
“c:\Program Files\Microsoft LifeCam\LifeTray.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=
“c:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe”=
“c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe”=
“c:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe”=
“c:\WINDOWS\system32\PnkBstrA.exe”=
“c:\WINDOWS\system32\PnkBstrB.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“c:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe”=
“c:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe”=
“c:\Program Files\Autodesk\Backburner\monitor.exe”=
“c:\Program Files\Autodesk\Backburner\manager.exe”=
“c:\Program Files\Autodesk\Backburner\server.exe”=
“c:\Program Files\EA Games\Mirror’s Edge\Binaries\MirrorsEdge.exe”=
“c:\Program Files\Cyanide\Dungeon Party\DungeonParty.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [28/12/2008 12:07 15656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/03/2009 19:07 108289]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [28/12/2008 12:07 2749736]
S4 Dmupdeacccen;Dmupdeacccen; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - C:\hkn6k.bat
\Shell\open\Command - C:\hkn6k.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00071d36-bcc3-11dd-969e-00160a0f1bfc}]
\Shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{320642c3-881a-11dd-9620-00160a0f1bfc}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{320642c4-881a-11dd-9620-00160a0f1bfc}]
\Shell\AutoRun\command - M:\hkn6k.bat
\Shell\open\Command - M:\hkn6k.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{816a0374-33ca-11de-97a2-00160a0f1bfc}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
“c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP
.

• • • • ORPHELINS SUPPRIMES - - - -

HKCU-Run-360desktop - c:\program files\360desktop\360desktop.exe

.
------- Examen supplémentaire -------
.
uStart Page = www.yahoo.fr…
uInternet Connection Wizard,ShellNext = french.ircfast2.com…
uInternet Settings,ProxyOverride = *.local
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Ashampoo\Ashampoo FireWall\spi.dll
FF - ProfilePath - c:\documents and settings\maison\Application Data\Mozilla\Firefox\Profiles\2lek2fwn.default
FF - prefs.js: browser.startup.homepage - www.yahoo.fr…
FF - prefs.js: keyword.URL - search.live.com…
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-05-11 20:58
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
“ImagePath”="??\c:\docume~1\maison\LOCALS~1\Temp\ASFWHide"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1409082233-1425521274-839522115-1003\Software\SecuROM\License information*]
“datasecu”=hex:1b,9d,4e,46,0d,dc,a8,b2,8e,b5,ed,f6,6e,de,fa,ee,c7,f6,0d,b2,e0,
a6,48,b1,0d,06,07,16,c6,96,d8,8b,50,07,e8,b5,99,a2,f2,8c,5a,59,27,9f,e7,61,
“rkeysecu”=hex:35,2b,65,93,e9,f4,9b,7d,c1,e6,99,4f,2c,45,df,94
.
Heure de fin: 2009-05-11 20:59
ComboFix-quarantined-files.txt 2009-05-11 18:59

Avant-CF: 200 927 391 744 octets libres
Après-CF: 205 375 582 208 octets libres

231 — E O F — 2009-04-30 07:48

hijacktthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:44, on 11/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HTC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = french.ircfast2.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM…\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM…\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM…\Run: [Ashampoo FireWall] “C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [Steam] “c:\program files\steam\steam.exe” -silent
O4 - HKCU…\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program… Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE…
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

–
End of file - 6917 bytes

et enfin…
malwarebyte:
Malwarebytes’ Anti-Malware 1.36
Version de la base de données: 2109
Windows 5.1.2600 Service Pack 3

11/05/2009 21:56:40
mbam-log-2009-05-11 (21-56-40).txt

Type de recherche: Examen complet (C:|L:|M:|)
Eléments examinés: 240751
Temps écoulé: 45 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\hkn6k.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nmdfgds0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\olhrwef.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\L\hkn6k.bat.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0082838.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0082843.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0082855.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0082856.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0082868.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP287\A0082869.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information_restore{66FC130C-A9B7-42C4-A46E-BECF9AFF894E}\RP289\A0082964.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
M:\hkn6k.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.

voili,voilou…

Merci pour le tuto
en revanche le souci est :“quels sont les virus que je dois éliminer manuellement”…je dois avouer ne pas être en mesure d’identifier les virus par leur petit nom.
De même le nettoyage du menu démarrrage ne me pose pas de pb en terme de manip mais je m’y perd dans le nom des programmes.Je sais que je ne dois pas eliminer"taskmanager" mais pour les autres…
Petit détail, et pas des moindres, la dernière fois que j’ai voulu un nettoyage du disque mon utilitaire de nettoyage windows ne fonctionne pas…une autre solution peut-être ou un logiciel qui pourrait faire le travail?(j’utilise ccleaner,et un defrag régulièrement)
encore merci…

Salut

relances hijackthis==> cliques sur
“Do A System Scan Only”

coches ces lignes

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = french.ircfast2.com…
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

Femes tes autres applications==>cliques ensuite sur FIX CHECKED

aprés
Télécharges sur le bureau

===>[strike]OTMovelt
Copier ce texte

Double-clic sur OTMoveIt
==> Dans le cadre de Gauche ==> clic-droit ==> coller
==> Clic MoveIt!
==> si redémarrage demandé==> Clic : YES
==> Un rapport dans ==> C:_OTMoveIt\MovedFiles\date du jour_heure à copier puis à coller==>ici

ensuite

Restauration de ton système :

==> sert à supprimer les infections qui se trouvent dans la restauration du système.

==>Cliques sur démarrer.
==>Clic droit sur “Poste de travail” puis choisir “Propriétés”.
==>Sélectionnes l’onglet “Restauration du système”.
==>Coches “Désactiver la Restauration du système sur tous les lecteurs” ou “Désactiver la Restauration du système” puis appliquer.
Redémarres ton P

Puis retournes sur “Poste de travail” , “Propriétés” décoches cette fois “Désactiver la Restauration du système” puis ok.

aprés

Création du point de restauration:

==>vas dans le Menu Démarrer puis dans Programmes,
==> Accessoires et enfin dans Outils système,
==>Choisis Restauration du système,
=>Sélectionnes==> Créer un point de restauration,
==>Cliques sur Suivant,
==>Entres un nom pour le point de restauration : ce nom assez simple et évoquateur,
=> Cliques ==>Créer et le point de restauration se créé automatiquement.

tu es confirmeras pour ==> hijackthis+ OTMovelt+ restauration du systéme

et ensuite

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.==>Toolbar S&D

==>Lance l’installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue de ton choix puis, valide avec la touche Entrée.
Ensuite, choisis l’option 1 (Recherche).
Patiente jusqu’à la fin de la recherche.
Le contenu du rapport est situé dans : C:\TB.txt
Poste-le rapport ici

Désolé si j’ai mis un peu de temps à répondre…toujours est-il que voilà les rapports:

File/Folder C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
File/Folder C:\Program Files\AskBarDis not found.
File/Folder not found.
File/Folder :Commands not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [Reboot] not found.

Created on 05/16/2009 07:56:18

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 5000+ )
BIOS : Default System BIOS
USER : maison ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:182 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (USB)
L:\ (Local Disk) - NTFS - Total:465 Go (Free:77 Go)
M:\ (USB) - FAT32 - Total:3827 Mo (Free:0 Go)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 16/05/2009| 8:03 )

-----------\ Recherche de Fichiers / Dossiers …

-----------\ Extensions

(maison) - {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} => cooliris
(maison) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.yahoo.fr/”
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch”

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://go.microsoft.com/fwlink/?LinkId=69157”
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896”
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.msn.com/”

--------------------\ Recherche d’autres infections

--------------------\ Cracks & Keygens …

C:\DOCUME~1\maison\Mes documents\torrents OK\autocad 2009\Keygens
C:\DOCUME~1\maison\Mes documents\torrents OK\autocad 2009\Keygens\install lisez-moi.txt
C:\DOCUME~1\maison\Mes documents\torrents OK\autocad 2009\Keygens\xf-acad9-32-BITS.exe
C:\DOCUME~1\maison\Mes documents\torrents OK\autocad 2009\Keygens\xf-acad9-64-BITS.exe

1 - “C:\ToolBar SD\TB_1.txt” - 16/05/2009| 8:04 - Option : [1]

-----------\ Fin du rapport a 8:04:25,23

voilà pour le rapport.