si tu as le temps de jeter un coup d'oeil dans le rapport

j'ai fait le test hijackthis, si tu peux y jeter un coup d'oeil, j'ai l'impression de ne pas pouvoir profiter de toute les capacitées de mon pc.

merci!



Logfile of HijackThis v1.99.1
Scan saved at 19:08:36, on 16/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\log\work\Open Office\openoffice\program\soffice.exe
C:\Program Files\log\work\Open Office\openoffice\program\soffice.BIN
C:\Program Files\log\système\ccleaner\ccleaner.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Documents and Settings\easynote B3600\Bureau\Nouveau dossier (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/advanced_search?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\log\système\bitdefender\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\log\système\bitdefender\\bdswitch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\log\système\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\log\web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\log\web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\log\web\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\log\web\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39436E68-0E90-4447-B602-D64FB0FF1AAE}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A44CB3F-A5C5-45DD-90FC-842D3539E3AD}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{892C71DD-B0AD-4510-9D31-69F8EC77BE8D}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{90EDF8CE-B36B-486B-9020-799A76CF6A63}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{B53F7B8E-2305-4647-8CF8-BF060796149C}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.154 85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{39436E68-0E90-4447-B602-D64FB0FF1AAE}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.154 85.255.112.16
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\log\système\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Salut

très rapidement, je te donne la marche à suivre ; tu es pas mal infecté !

je sais pas si j'aurais le temps de continuer, j'invite donc Boule à poursuivre au cas où je tarde trop ;-)


* Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) dans ta prochaine réponse.


ensuite :

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :


O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39436E68-0E90-4447-B602-D64FB0FF1AAE}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A44CB3F-A5C5-45DD-90FC-842D3539E3AD}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{892C71DD-B0AD-4510-9D31-69F8EC77BE8D}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{90EDF8CE-B36B-486B-9020-799A76CF6A63}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{B53F7B8E-2305-4647-8CF8-BF060796149C}: NameServer = 85.255.116.154,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.154 85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{39436E68-0E90-4447-B602-D64FB0FF1AAE}: NameServer = 85.255.116.154,85.255.112.16

et reposte un nouveau hijackthis stp

@+

merci!

alors comme demandé, voici les rapports:


Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="csckx.exe"

...
...
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35759EF625A9-7F09-A714-A9CA-3F206D63{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2A899A5BB0F6-8989-8AD4-E625-B8639C34{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\uenmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\0mdm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1mdm
...

Random Runs removed from HKLM
"dmneu.exe"=-
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\XFIND.COM

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM
Impossible d'ex‚cuter C:\FIXWAREOUT\FINDT\LOCATE.COM

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

...






2e rapport:


Logfile of HijackThis v1.99.1
Scan saved at 21:13:32, on 17/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\log\système\bitdefender\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdmcon.exe
C:\Program Files\log\système\bitdefender\bdoesrv.exe
C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdnagent.exe
C:\Program Files\log\système\bitdefender\bdswitch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\log\système\ZoneAlarm\zlclient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\log\work\Open Office\openoffice\program\soffice.exe
C:\Program Files\log\work\Open Office\openoffice\program\soffice.BIN
C:\i\système\divers annaliseurs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = webi fantastic
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\log\système\bitdefender\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\log\système\bitdefender\\bdswitch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\log\système\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\log\web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\log\web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\log\web\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\log\web\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\log\système\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Salut toutes les deux

Cathy:

Télécharge Killbox:
http://www.killbox.net/downloads/KillBox.exe

Double clique sur killbox.exe (Pocket Killbox)

- coche: delete on reboot
dans la barre vide entre ceci: (exactement)

C:\WINDOWS\system32\pbfrv2.dll

- clique sur le rond rouge avec la croix blanche
- une fenêtre va apparaître pour confirmation cliques sur "YES"
- une seconde fenêtre te demande si tu veux redémarrer cliques sur "YES"

Laisse le pc redémarrer s'il ne redémarre pas de lui même alors fait le.


Ensuite:

Clic sur "demarrer", "executer", tape: services.msc ,cherche dans la liste cette ligne, fais un clic droit dessus choisis "propriétés" et régle la sur "désactivé"

- SymWMI Service

Puis

Télécharge, installe puis met à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici stp
Ewido: (en Anglais reste gratuit après la période d'essai)
--->http://www.commentcamarche.net/telecharger/telecharger-218-ewido

Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

A++

merci,
voici le rapport de ewido



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:04:09 18/12/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-1806163799-2067644962-1746317106-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} -> Adware.2020Search : Cleaned with backup (quarantined).
C:\!KillBox\pbfrv2.dll -> Adware.PowerSearch : Cleaned.
C:\!KillBox\pbfrv2.dll( 1) -> Adware.PowerSearch : Cleaned.
C:\Program Files\log\archivage\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned.
C:\portable 2003\i\ico\internet.exe -> Dialer.Allotick : Cleaned.
C:\portable 2003\i\ico\liv.exe -> Dialer.BlankDial : Cleaned.
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -> Downloader.Agent.ayy : Cleaned with backup (quarantined).
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\easynote B3600\Cookies\easynote b3600@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\WINDOWS\system32\dmabk.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmaih.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmaog.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmbir.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmeak.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmevq.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmeyt.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmfjk.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmgcz.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmgfu.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmhid.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmiso.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmjqh.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmjtf.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmkjt.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmlbe.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmmge.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmmuf.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmncl.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmneu.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmnkx.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmnuy.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmool.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmpem.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmpfk.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmqsa.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmsiv.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmttp.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmvkr.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmvus.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmwpt.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmxhv.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmxzq.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmymi.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmzhx.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmzuy.exe -> Trojan.Small.fb : Cleaned with backup (quarantined).


::Report end

très bien, merci

Tu as chopper une vilaine bête

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clique dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

http://www.bitdefender.com/scan8/ie.html

alors, test réalisé, bitdefender ne trouve rien, par contre sur mon pc, plusieurs attaques détectées par mon bitdefender: trojan.downloader.mohbprk.a

un nouveau test avec hijickthis?

Oui stp

Here we go!


Logfile of HijackThis v1.99.1
Scan saved at 21:10:55, on 18/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\log\système\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\log\système\bitdefender\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdmcon.exe
C:\Program Files\log\système\bitdefender\bdoesrv.exe
C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdnagent.exe
C:\Program Files\log\système\bitdefender\bdswitch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\log\système\ZoneAlarm\zlclient.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\log\web\Maxthon\Maxthon.exe
C:\i\système\divers annaliseurs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = webi fantastic
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\log\système\bitdefender\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRA~1\log\SYSTME~1\BITDEF~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\log\système\bitdefender\\bdswitch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\log\système\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\log\web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\log\web\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\log\web\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\log\web\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\log\système\ewido anti-spyware 4.0\guard.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\log\système\bitdefender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

C'est propre, néanmoins si tu as la version gratuite de Bitdefender je te conseille de la désinstaller et d'installer Avast ou Antivir tu sera ainsi mieux protégé

Regarde dans ton pare-feu ZoneAlarm si tu ne vois pas des lignes suspectes si oui supprime-les


Fait encore ça pour vérifier que c'est propre

Télécharge ComboFix
http://download.bleepingcomputer.com/sUBs/combofix.exe

Ferme ton navigateur web avant d'exécuter ce programme
Double-clique dessus et appuye sur "Y" pour continuer

Attends quelques minutes..un rapport va s'ouvrir enregistre son contenu, puis copie et colle le ici stp

voici le rapport combo:


((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))


2006-12-19 20:27 <REP> dr-h----- C:\Documents and Settings\easynote B3600\Recent
2006-12-18 17:51 <REP> d-------- C:\WINDOWS\BDOSCAN8
2006-12-17 23:24 <REP> d-------- C:\!KillBox
2006-12-17 20:59 <REP> d-------- C:\fixwareout
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\xerox
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\windows nt
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\windows media player
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\outlook express
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\netmeeting
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\msn gaming zone
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\movie maker
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\microsoft frontpage
2006-12-17 17:01 <REP> d-------- C:\Program Files\log\internet explorer
2006-12-17 16:16 <REP> d-------- C:\Program Files\log\HardwareDetection
2006-12-17 15:36 49,936 --a------ C:\WINDOWS\system32\SeCEdit.exe
2006-12-17 15:36 384,784 --a------ C:\WINDOWS\system32\wsecedit.dll
2006-12-17 15:36 29,968 --a------ C:\WINDOWS\system32\Rshx32_5.dll
2006-12-17 15:36 242,448 --a------ C:\WINDOWS\system32\scedll.dll
2006-12-17 15:14 <REP> d-------- C:\Program Files\log\Yahoo!
2006-12-17 15:14 <REP> d-------- C:\Program Files\log\Dynamic Toolbar
2006-12-17 12:47 2,212 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-17 12:46 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-17 12:46 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-17 12:46 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-17 12:46 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-17 12:46 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-17 12:46 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-13 20:02 <REP> d-------- C:\Documents and Settings\easynote B3600\Contacts
2006-12-13 20:01 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-07 17:35 45,568 --a------ C:\winupdtm.dll
2006-12-07 17:34 44,544 --a------ C:\eied_s7_c_231bf2.exe
2006-12-07 17:34 15,872 --a------ C:\wupdmng.dll
2006-12-07 00:20 <REP> d-------- C:\WINDOWS\Minidump
2006-12-06 11:04 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-12-06 11:04 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-12-06 11:04 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-22 10:52 <REP> d-------- C:\portable 2003


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-19 19:38 -------- d-------- C:\Program Files\Windows Media Player
2006-12-19 07:21 -------- d-------- C:\Documents and Settings\easynote B3600\Application Data\OpenOffice.org2
2006-12-17 17:01 -------- dr------- C:\Program Files\log
2006-12-13 20:01 -------- d-a-s---- C:\Documents and Settings\easynote B3600\Application Data\Microsoft
2006-12-13 20:00 -------- d-------- C:\Program Files\MSN Messenger
2006-10-25 23:09 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-10-25 23:09 -------- d-------- C:\Program Files\Fichiers communs\ACD Systems
2006-10-22 11:25 -------- d-------- C:\Program Files\Fichiers communs
2006-10-06 10:14 61440 --a------ C:\WINDOWS\system32\sockspy.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"BDMCon"="C:\\PROGRA~1\\log\\SYSTME~1\\BITDEF~1\\bdmcon.exe"
"BDOESRV"="C:\\Program Files\\log\\système\\bitdefender\\\\bdoesrv.exe"
"BDNewsAgent"="C:\\PROGRA~1\\log\\SYSTME~1\\BITDEF~1\\bdnagent.exe"
"BDSwitchAgent"="C:\\Program Files\\log\\système\\bitdefender\\\\bdswitch.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"Zone Labs Client"="\"C:\\Program Files\\log\\système\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoRecentDocsMenu"=dword:00000001
"NoSMMyDocs"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoUserNameInStartMenu"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoCDBurning"=dword:00000000
"NoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=dword:00000001
"NoSMMyDocs"=dword:00000001
"NoSMMyPictures"=dword:00000001
"NoStartMenuMyMusic"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DevDetect"
"hkey"="HKLM"
"command"="DevDetect.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\log\\web\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\log\\système\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MySqlInventime"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Rappel d'enregistrement 1.job

Completion time: 06-12-19 23:28:47.59
C:\ComboFix.txt ... 06-12-19 23:28

¤ Clic sur démarrer, rechercher, et supprime ce fichier :

- swxcacls.exe


¤ Rends toi sur se site, en haut à droite clic sur "choose"
Tu clic sur C:
Tu cherches les fichiers ci-dessous et tu clic sur "ouvrir" dès que c'est fait tu clic sur "send" tu attends un peu et colle le rapport ici une fois qu'il a terminé stp

http://www.virustotal.com/en/virustotalx.html

C:\winupdtm.dll < à analyser
C:\wupdmng.dll < à analyser