pubwebmaster

Quoi comme "saloperie"... ? je n'aurais plus le temps non plus avant la semaine prochaine ! je n'ai pas eu d'autre pop up il me semble !

ComboFix 08-06-05.2 - Top-D Marin SA 2008-06-05 19:47:44.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.633 [GMT 2:00] Endroit: C:\Documents and Settings\Top-D Marin SA\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Top-D Marin SA\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM4b59b667.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bugyvfeu.dll C:\WINDOWS\system32\dqhkbmtn.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\guwlbuxt.ini C:\WINDOWS\system32\hslstfcn.ini C:\WINDOWS\system32\hxlsaxjc.dll C:\WINDOWS\system32\lboslxmf.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ncftslsh.dll C:\WINDOWS\system32\nfewplro.ini C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\sigfcpcl.dll C:\WINDOWS\system32\taimcyms.dll C:\WINDOWS\system32\tiwqnxkx.ini C:\WINDOWS\system32\ugqvmqex.dll C:\WINDOWS\system32\vuqpkirc.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\xkxnqwit.dll C:\WINDOWS\system32\YGNTCJlm.ini C:\WINDOWS\system32\YGNTCJlm.ini2 C:\WINDOWS\system32\ylmwqbfu.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_NWSAPAGENT -------\Service_NPF -------\Service_NwSapAgent ac ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))))))) . 2008-06-05 17:24 . 2008-06-05 17:24 <REP> d-------- C:\WINDOWS\system32\fr 2008-06-05 17:24 . 2008-06-05 17:24 <REP> d-------- C:\WINDOWS\system32\bits 2008-06-05 17:24 . 2008-06-05 17:24 <REP> d-------- C:\WINDOWS\l2schemas 2008-06-05 17:22 . 2008-06-05 17:22 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-06-05 16:41 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys 2008-06-05 16:41 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-06-05 16:41 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-06-05 16:41 . 2004-08-03 22:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys 2008-06-05 16:41 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-06-05 16:41 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty 2008-06-05 16:41 . 2004-08-03 22:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2008-06-05 16:41 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img 2008-06-05 16:41 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2008-06-05 15:00 . 2008-06-05 15:00 <REP> d-------- C:\Program Files\Alwil Software 2008-06-05 14:52 . 2008-06-05 14:52 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-05 14:34 . 2008-06-05 14:35 <REP> d-------- C:\WINDOWS\ERUNT 2008-06-05 13:36 . 2008-06-05 14:45 <REP> d-------- C:\SDFix 2008-06-05 13:33 . 2008-06-05 13:33 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-05 13:33 . 2008-06-05 13:33 <REP> d-------- C:\Documents and Settings\Top-D Marin SA\Application Data\Malwarebytes 2008-06-05 13:33 . 2008-06-05 13:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-05 13:33 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-05 13:33 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-05 12:37 . 2008-06-05 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-05 12:36 . 2008-06-05 12:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-05 12:17 . 2008-06-05 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-06-05 11:27 . 2008-06-05 12:24 <REP> d-------- C:\fixwareout 2008-06-05 10:52 . 2008-06-05 10:52 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-05 10:50 . 2008-06-05 15:20 <REP> d-------- C:\Program Files\Navilog1 2008-06-04 22:08 . 2008-06-04 22:08 <REP> d-------- C:\Program Files\Trend Micro 2008-06-03 17:17 . 2008-06-03 17:17 <REP> d-------- C:\Program Files\CCleaner 2008-06-03 17:17 . 2008-06-05 11:17 1,682 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-03 17:16 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-06-03 17:16 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-06-03 17:16 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-06-03 17:16 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-06-03 17:16 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-06-03 17:16 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-06-03 17:16 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-27 14:40 . 2008-05-27 14:45 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-22 07:04 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-04-14 02:34 70,656 ----a-w C:\WINDOWS\notepad.exe 2008-04-14 02:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 02:34 32,866 ------w C:\WINDOWS\slrundll.exe 2008-04-14 02:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe 2008-04-14 02:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 02:34 153,088 ----a-w C:\WINDOWS\regedit.exe 2008-04-14 02:34 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 02:34 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 02:34 10,752 ----a-w C:\WINDOWS\hh.exe 2008-04-14 02:34 1,037,824 ----a-w C:\WINDOWS\explorer.exe 2008-04-14 02:10 73,600 ----a-w C:\WINDOWS\system32\drivers\sr.sys 2008-04-14 02:09 80,384 ----a-w C:\WINDOWS\system32\drivers\parport.sys 2008-04-14 02:09 68,608 ----a-w C:\WINDOWS\system32\drivers\pci.sys 2008-04-14 02:09 46,848 ----a-w C:\WINDOWS\system32\drivers\p3.sys 2008-04-14 02:09 120,576 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys 2008-04-14 02:05 800,256 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys 2008-04-14 02:05 25,216 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys 2008-04-14 02:05 154,496 ----a-w C:\WINDOWS\system32\drivers\dmio.sys 2008-04-14 02:04 37,632 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys 2008-04-14 02:03 40,576 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys 2008-04-14 02:02 40,960 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys 2008-04-14 02:00 66,048 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-14 02:00 54,144 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-14 01:59 25,856 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-14 01:58 273,664 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-14 01:57 58,752 ----a-w C:\WINDOWS\system32\drivers\redbook.sys 2008-04-14 01:57 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys 2008-04-14 01:56 53,376 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys 2008-04-14 01:55 40,064 ----a-w C:\WINDOWS\system32\drivers\processr.sys 2008-04-14 01:54 41,856 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys 2008-04-14 01:54 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys 2008-04-14 01:53 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-14 01:53 23,680 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys 2008-04-14 01:52 188,672 ----a-w C:\WINDOWS\system32\drivers\acpi.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys 2008-04-13 18:45 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys 2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys 2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys 2008-04-13 18:39 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys 2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys 2008-04-13 18:39 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys 2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys 2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys 2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys 2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys 2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys 2008-04-13 18:38 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @={E4000AC4-5E5F-4956-807A-C5854405D64F} [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl] [HKLM\~\startupfolder\C:^Documents and Settings^Top-D Marin SA^Menu Démarrer^Programmes^Démarrage^VirtualExpander.lnk] path=C:\Documents and Settings\Top-D Marin SA\Menu Démarrer\Programmes\Démarrage\VirtualExpander.lnk backup=C:\WINDOWS\pss\VirtualExpander.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\486a85fb] C:\WINDOWS\system32\ncftslsh.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afksdfks1] C:\WINDOWS\system32\asdls1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\afskfask8] C:\WINDOWS\system32\fsfjasj8.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\akgkagaksad9] C:\WINDOWS\system32\fsakfask9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apadslasla13] C:\WINDOWS\system32\alsdlaslx13.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asdsaxcxz13] C:\WINDOWS\system32\dasxcsx13.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asfkafsk4] C:\WINDOWS\system32\fdaolfdos4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asgfdjs2] C:\WINDOWS\system32\vbsdaas2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\askasdkcl3] C:\WINDOWS\system32\faskflxld3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aslgflsdakgsl1] C:\WINDOWS\system32\ogdflsd1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aslkgadlkgsl1] C:\WINDOWS\system32\oigdfgdfl1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonTrayIcon] --a------ 2005-09-05 17:51 45056 C:\WINDOWS\BisonCam\BisonTrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2008-04-14 04:34 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM4b59b667] C:\WINDOWS\system32\taimcyms.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey] --a------ 2001-12-26 15:12 472576 C:\WINDOWS\mHotkey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 04:33 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dasa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\daso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daskaskfsak6] C:\WINDOWS\system32\dsfids6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daskgfkkcx15] C:\WINDOWS\system32\dasdsaads15.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dsadlsa14] C:\WINDOWS\system32\dsakfsak14.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\faslkakj11] C:\WINDOWS\system32\kjgagklj11.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fysa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\fyso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gadkgak12] C:\WINDOWS\system32\fsafsakx12.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gajklgasjlkga] C:\WINDOWS\system32\aglajgkd16.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] -ra------ 2006-02-07 02:36 77824 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] -ra------ 2006-02-07 02:40 118784 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] -ra------ 2006-02-07 02:39 94208 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jtsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\jtso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTPWare] -ra------ 2005-10-27 05:50 512000 C:\Program Files\Elantech\ktp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\mhso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 04:34 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qjsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\qjso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2006-01-11 11:23 15961088 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rxsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\rxso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sakdasj6ksd5] C:\WINDOWS\system32\e656lklfs5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sakdasksd5] C:\WINDOWS\system32\eksdlfs5.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] -ra------ 2005-11-09 21:44 557056 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-03 10:26 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-08-10 13:00 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\tlso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wdso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wgsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wgso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wlsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wlso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\wmso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wosa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\woso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xcxdsaa7] C:\WINDOWS\system32\slcskxsdl7.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xzkadsfk10] C:\WINDOWS\system32\afslkfasl10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ztsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\ztso.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zxsa] C:\DOCUME~1\TOP-DM~1\LOCALS~1\Temp\zxso.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2005-11-28 13:33] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe82db40-bd9f-11db-b281-00030d000001}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 19:50:40 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-05 19:53:48 - machine was rebooted [Top-D Marin SA] ComboFix-quarantined-files.txt 2008-06-05 17:53:45 Pre-Run: 44,654,092,288 octets libres Post-Run: 44,573,478,912 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 355 --- E O F --- 2008-06-02 08:01:41

voilà: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:28:41, on 05.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/search?sourceid=navcl...08&q=sanpar R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: {5f08bd6d-6d22-d05b-ac34-3428309de9e8} - {8e9ed903-8243-43ca-b50d-22d6d6db80f5} - C:\WINDOWS\system32\vuqpkirc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" O4 - HKCU\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169557079879 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 4646 bytes

je viens de refaire un scan... Malwarebytes' Anti-Malware 1.14 Version de la base de données: 826 17:13:12 05.06.2008 mbam-log-6-5-2008 (17-13-12).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 69718 Temps écoulé: 1 hour(s), 23 minute(s), 2 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\mlJCTNGY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

les trucs allemand oui c'est normal ! mon ordi contien de document multilingue français allemand anglais...

j'ai suprimé les fichier avec MBAM j'avais cliqué sur supprimer la sélection...

j'ai juste une pop up maintenant que je surf j'en ai plus.... cela va déjà vraiement mieux... je vérifie encore...voici encore un hijackthis merci infiniment Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:58, on 05.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\antivundo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/search?sourceid=navcl...08&q=sanpar R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: {5f08bd6d-6d22-d05b-ac34-3428309de9e8} - {8e9ed903-8243-43ca-b50d-22d6d6db80f5} - C:\WINDOWS\system32\vuqpkirc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169557079879 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 3664 bytes

voici le report sdfix crotte j'ai toujours des pop up il y a toujours quelque chose SDFix: Version 1.188 Run by Top-D Marin SA on 05.06.2008 at 14:38 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\wvUNhFur.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 14:43:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060301339] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060301339] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Documents and Settings\\Top-D Marin SA\\Application Data\\U3\\0000060433019102\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\Top-D Marin SA\\Application Data\\U3\\0000060433019102\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 31 Oct 2007 164,352 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\~WRL0076.tmp" Tue 23 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 22 Aug 2007 105,984 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Heinrich Meier GmbH\~WRL0045.tmp" Wed 22 Aug 2007 50,176 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Naumann-brune GmbH\~WRL1247.tmp" Sat 24 Nov 2007 57,856 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Opule\~WRL0581.tmp" Sat 10 Nov 2007 72,704 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Opule\~WRL1317.tmp" Thu 22 Nov 2007 38,911,488 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Owema Werkzeuge + Maschinen GmbH\~WRL1512.tmp" Sun 11 Nov 2007 3,650,048 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Antralux - allemand\~WRL0301.tmp" Sun 11 Nov 2007 3,648,512 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Antralux - anglais\~WRL1679.tmp" Tue 9 Oct 2007 2,911,744 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Antralux - anglais\~WRL2768.tmp" Wed 4 Jul 2007 38,910,464 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - fran‡ais\~WRL0028.tmp" Sat 16 Jun 2007 53,248 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - fran‡ais\~WRL0497.tmp" Thu 1 Nov 2007 38,870,528 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - fran‡ais\~WRL1773.tmp" Mon 30 Apr 2007 38,902,272 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - fran‡ais\~WRL2969.tmp" Mon 26 Nov 2007 301,056 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar publicit‚\~WRL0733.tmp" Sun 25 Nov 2007 283,136 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar publicit‚\~WRL2789.tmp" Sun 11 Nov 2007 16,922,624 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar - Plancher SA - Brochure\~WRL1402.tmp" Sun 11 Nov 2007 16,922,624 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar - Plancher SA - Brochure\~WRL1787.tmp" Sun 11 Nov 2007 16,925,696 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar - Plancher SA - Brochure\~WRL3763.tmp" Thu 22 Nov 2007 77,312 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - allemand\~WRL0611.tmp" Thu 22 Nov 2007 38,911,488 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - allemand\~WRL0965.tmp" Wed 4 Jul 2007 38,923,264 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - allemand\~WRL2543.tmp" Thu 17 May 2007 38,923,776 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\sch„tzle\~WRL1737.tmp" Tue 10 Apr 2007 22,545,920 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\SX\~WRL0083.tmp" Wed 31 Jan 2007 4,563,456 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\SX\~WRL1765.tmp" Wed 11 Apr 2007 3,407,360 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\SX\~WRL2745.tmp" Mon 9 Apr 2007 39,424 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\SX\~WRL3833.tmp" Tue 10 Apr 2007 76,754,432 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Xactform\~WRL2346.tmp" Wed 22 Aug 2007 107,008 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Zerspanungstechnik\~WRL0162.tmp" Wed 22 Aug 2007 3,087,872 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Zerspanungstechnik\~WRL0243.tmp" Wed 22 Aug 2007 38,930,432 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Zerspanungstechnik\~WRL2644.tmp" Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BITF.tmp" Tue 4 Dec 2007 7,876,096 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\Microsoft\Word\~WRL0215.tmp" Wed 31 Oct 2007 203,776 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\Microsoft\Word\~WRL1346.tmp" Wed 11 Apr 2007 38,946,304 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\Microsoft\Word\~WRL1869.tmp" Thu 1 Nov 2007 39,009,792 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\Microsoft\Word\~WRL2396.tmp" Wed 19 Sep 2007 192,512 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\Microsoft\Word\~WRL3749.tmp" Mon 27 Aug 2007 3,097,088 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\Microsoft\Word\~WRL3865.tmp" Fri 28 Dec 2007 147,968 ...H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\Microsoft\Word\~WRL3999.tmp" Tue 11 Apr 2006 2,461,696 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Application Data\U3\temp\Launchpad Removal.exe" Sun 25 Nov 2007 39,051,264 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Compta 1\CWS Tools\~WRL1054.tmp" Sun 25 Nov 2007 39,035,392 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Compta 1\CWS Tools\~WRL1644.tmp" Sun 25 Nov 2007 10,095,616 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Compta 1\CWS Tools\~WRL2306.tmp" Mon 26 Nov 2007 39,056,384 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Compta 1\CWS Tools\~WRL2822.tmp" Wed 17 Oct 2007 38,930,432 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Compta 1\CWS Tools\~WRL3002.tmp" Sat 24 Nov 2007 10,099,200 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - allemand\Sanpar internet Xactform - anglais\~WRL0070.tmp" Thu 6 Sep 2007 10,095,104 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - allemand\Sanpar internet Xactform - anglais\~WRL1394.tmp" Thu 6 Sep 2007 7,789,568 A..H. --- "C:\Documents and Settings\Top-D Marin SA\Mes documents\Sanpar internet Xactform - allemand\Sanpar internet Xactform - anglais\~WRL3108.tmp" Finished!

voici le rapport MBAM Malwarebytes' Anti-Malware 1.14 Version de la base de données: 826 14:29:40 05.06.2008 mbam-log-6-5-2008 (14-29-35).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 68566 Temps écoulé: 25 minute(s), 47 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 18 Valeur(s) du Registre infectée(s): 9 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 11 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\wvUNhFur.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\mlJCTNGY.dll (Trojan.Vundo) -> No action taken. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{87db48a8-c284-4661-a0e9-e055e08fed49} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87db48a8-c284-4661-a0e9-e055e08fed49} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvunhfur (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ExplNetProjowser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0c621287-f31b-403a-afe4-8509aecae127} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c621287-f31b-403a-afe4-8509aecae127} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\e405.e405mgr (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WNetPws (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser HeNetProjeects (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explsbsm.exelper Objects (Trojan.Zlob) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{87db48a8-c284-4661-a0e9-e055e08fed49} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM4b59b667 (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL (Trojan.Zlob) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljctngy -> No action taken. Dossier(s) infecté(s): C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> No action taken. C:\WINDOWS\system32\566828 (Trojan.BHO) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\system32\wvUNhFur.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{864A8D63-43CE-410F-AB7A-F8F4CA760E3A}\RP259\A0088329.exe (Rogue.VirusHeat) -> No action taken. C:\System Volume Information\_restore{864A8D63-43CE-410F-AB7A-F8F4CA760E3A}\RP259\A0088530.dll (Trojan.BHO) -> No action taken. C:\System Volume Information\_restore{864A8D63-43CE-410F-AB7A-F8F4CA760E3A}\RP259\A0088576.dll (Trojan.Zlob) -> No action taken. C:\WINDOWS\system32\nogkhxyi.exe (Trojan.LowZones) -> No action taken. C:\WINDOWS\system32\tabevjww.exe (Trojan.LowZones) -> No action taken. C:\WINDOWS\system32\uswaukmo.exe (Trojan.LowZones) -> No action taken. C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> No action taken. C:\WINDOWS\system32\Process.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\taimcyms.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\mlJCTNGY.dll (Trojan.Vundo) -> No action taken.

voilà le rapport du moment : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:45, on 05.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\antivundo.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/search?sourceid=navcl...08&q=sanpar R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {0C621287-F31B-403A-AFE4-8509AECAE127} - C:\WINDOWS\system32\mlJCTNGY.dll O2 - BHO: (no name) - {87DB48A8-C284-4661-A0E9-E055E08FED49} - C:\WINDOWS\system32\wvUNhFur.dll O2 - BHO: {5f08bd6d-6d22-d05b-ac34-3428309de9e8} - {8e9ed903-8243-43ca-b50d-22d6d6db80f5} - C:\WINDOWS\system32\vuqpkirc.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bM4b59b667] Rundll32.exe "C:\WINDOWS\system32\taimcyms.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169557079879 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: wvUNhFur - C:\WINDOWS\SYSTEM32\wvUNhFur.dll O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 4174 bytes

oui tout le rapport est là je pensais qu'après c'était ok mais j'ai encore de pop up !! le rapport hijackthis arrive

rapport fix Username "Top-D Marin SA" - 05.06.2008 11:28:16 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Cache de résolution DNS vidé. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "BM4b59b667"="Rundll32.exe \"C:\\WINDOWS\\system32\\taimcyms.dll\",s" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~

ok je n'avais pas vu ta réponse rapide... je télécharge fixwareout de ce pas et suis ta marche à suivre.. merci

Rapport avec SmitFraudFix v2.323 Rapport fait à 11:17:04.51, 05.06.2008 Executé à partir de C:\Documents and Settings\Top-D Marin SA\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\NOTEPAD.EXE C:\Program Files\AVG\AVG8\avgui.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Top-D Marin SA »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Top-D Marin SA\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TOP-DM~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"="delayingly" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="avgrsstx.dll" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel® PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{83BC597C-59D3-49AB-96B8-22B722BAE1FE}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{83BC597C-59D3-49AB-96B8-22B722BAE1FE}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBE927EC-56BC-478F-B3F8-BDDCC73101EE}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

J'ai suivit la procèdure mais je suis toujours infecté... il y a certain lien de programme de cette discussion qui sontbrisé c'est peut être ce qui cause problème !! http://forum.zebulon.fr/resolu-message-win...rt-t129855.html Mon bureau est retaurer l'ordinateur tourne vraiement mieux qu'avant mais j'ai toujours de pub qui s'ouvre (site de rencontre, téléchargement d'anti spyware libresystem.com etc.) Ce sont ces derniers pop up que je veux erradiquer ! rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:12, on 05.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [bM4b59b667] Rundll32.exe "C:\WINDOWS\system32\taimcyms.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169557079879 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1C66FA69-564C-44E5-868B-CA59693AE878}: NameServer = 85.255.115.94,85.255.112.137 O17 - HKLM\System\CCS\Services\Tcpip\..\{83BC597C-59D3-49AB-96B8-22B722BAE1FE}: NameServer = 85.255.115.94,85.255.112.137 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB599E89-DA87-4604-831C-3CA9887E084F}: NameServer = 85.255.115.94,85.255.112.137 O17 - HKLM\System\CCS\Services\Tcpip\..\{DA0B6B88-65C9-427D-B28B-B26ADEC890F2}: NameServer = 85.255.115.94,85.255.112.137 O17 - HKLM\System\CCS\Services\Tcpip\..\{DBE927EC-56BC-478F-B3F8-BDDCC73101EE}: NameServer = 85.255.115.94,85.255.112.137 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.137 O17 - HKLM\System\CS1\Services\Tcpip\..\{1C66FA69-564C-44E5-868B-CA59693AE878}: NameServer = 85.255.115.94,85.255.112.137 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.137 O17 - HKLM\System\CS2\Services\Tcpip\..\{1C66FA69-564C-44E5-868B-CA59693AE878}: NameServer = 85.255.115.94,85.255.112.137 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.137 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 5317 bytes