re salut merci beaucoup pour tes conseilles voila les rapports :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:34, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\VM303_STI.EXE
D:\adobe\Reader\Reader_sl.exe
D:\Free Download Manager\FUM\fumoei.exe
C:\Program Files\Ares\Ares.exe
C:\Documents and Settings\tazebama.dl_
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: dcads - {9ac1f717-7914-c2dd-d436-89a3c5953f11} - C:\WINDOWS\system32\nsx3C.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Free Download Manager\iefdm2.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Uploader Oe Integration] D:\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://D:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://D:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://D:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://D:\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - D:\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{327C305E-6A82-4F49-9D34-E18700AE82BC}: NameServer = 85.255.116.40 85.255.112.101
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6055 bytes
-------------------------------------------------------------------
ComboFix 08-07-23.5 - alpha 2008-07-24 19:56:20.1 - NTFSx86
Endroit: C:\Downloads\Software\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\alpha\Application Data\MessengerSkinner
C:\Documents and Settings\alpha\Application Data\MessengerSkinner\Userdata\defaultPack.cab
C:\Documents and Settings\alpha\Application Data\MessengerSkinner\Userdata\languages.xml
C:\Documents and Settings\alpha\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\alpha\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\alpha\Application Data\tazebama
C:\Documents and Settings\alpha\Application Data\tazebama\tazebama.log
C:\Documents and Settings\alpha\Application Data\tazebama\zPharaoh.dat
C:\Documents and Settings\alpha\err.log
C:\Documents and Settings\hook.dl_
C:\Documents and Settings\tazebama.dl_
C:\Documents and Settings\tazebama.dll
C:\Program Files\instant access
C:\Program Files\instant access\Center\Crazy Girls.upd
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinner.exe
C:\Program Files\messengerskinner\MessengerSkinner.url
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages.xml
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\ktd32.atm
C:\WINDOWS\pack.epk
C:\WINDOWS\services.exe
C:\WINDOWS\system\sservice.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\fservice.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\qjvnml.dat
C:\WINDOWS\system32\qjvnml.exe
C:\WINDOWS\system32\qjvnml_nav.dat
C:\WINDOWS\system32\qjvnml_navps.dat
C:\WINDOWS\system32\reginv.dll
C:\WINDOWS\system32\spads.dll
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\sysinfo.exe
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\uvjlsyg.dat
C:\WINDOWS\system32\uvjlsyg_nav.dat
C:\WINDOWS\system32\uvjlsyg_navps.dat
C:\WINDOWS\system32\wegckonebbodqxki.dll
C:\WINDOWS\system32\winkey.dll
C:\WINDOWS\tmlpcert2007
C:\zPharaoh.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
.
2008-07-24 20:05 . 2008-07-24 20:05 <REP> d-------- C:\Documents and Settings\alpha\Application Data\tazebama
2008-07-24 19:47 . 2008-07-24 19:47 <REP> d-------- C:\MSNFix
2008-07-24 19:37 . 2008-07-24 19:41 <REP> d-------- C:\fixwareout
2008-07-24 12:18 . 2008-07-24 12:18 <REP> d-------- C:\Program Files\Trend Micro
2008-07-23 21:38 . 2008-07-23 21:38 <REP> d-------- C:\Program Files\NOS
2008-07-23 21:38 . 2008-07-23 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-23 17:55 . 2008-07-23 18:30 <REP> d-------- C:\Documents and Settings\alpha\Application Data\.purple
2008-07-23 17:54 . 2008-07-23 17:56 <REP> d-------- C:\Program Files\Aspell
2008-07-23 17:53 . 2008-07-23 17:57 <REP> d-------- C:\Program Files\Pidgin
2008-07-23 16:16 . 2008-07-23 16:16 <REP> d-------- C:\Documents and Settings\alpha\Application Data\InstallShield
2008-07-23 15:33 . 2008-07-23 15:33 64,337 --a------ C:\WINDOWS\system32\axyjuduycaomgteeg.exe
2008-07-22 14:31 . 2008-07-24 13:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-22 14:31 . 2008-07-22 14:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-20 13:55 . 2008-07-20 13:55 <REP> d-------- C:\Program Files\TechSmith
2008-07-20 13:53 . 2008-07-20 13:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-19 13:15 . 2008-07-19 13:15 <REP> d-------- C:\Tintin
2008-07-19 11:47 . 2008-07-24 20:09 32,768 --a------ C:\Documents and Settings\tazebama.dll
2008-07-15 14:28 . 2008-07-15 14:28 313,856 --a------ C:\WINDOWS\system32\nsx3C.dll
2008-07-11 23:22 . 2008-07-24 20:09 154,751 --a------ C:\Documents and Settings\tazebama.dl_
2008-07-11 23:22 . 2008-07-24 20:09 154,751 --a------ C:\Documents and Settings\hook.dl_
2008-07-11 23:22 . 2008-07-19 11:32 32,768 --a------ C:\Documents and Settings\tazebama_original.dll
2008-07-11 23:22 . 2008-07-24 19:49 126 --a------ C:\autorun.MSNFix
2008-07-11 23:22 . 2008-07-24 20:09 126 -r-hs---- C:\autorun.inf
2008-07-07 16:48 . 2008-07-07 16:48 <REP> d-------- C:\Documents and Settings\MyDocuments
2008-07-07 16:48 . 2008-07-07 16:48 110,511 --a------ C:\Documents and Settings\MyDocuments\Readme.doc .exe
2008-07-07 16:48 . 2008-07-07 16:48 43,437 --a------ C:\Documents and Settings\MyDocuments.rar
2008-07-07 16:13 . 2008-07-24 20:05 155,151 -r-hs---- C:\zPharaoh.exe
2008-07-01 22:02 . 2008-07-01 22:02 <REP> d-------- C:\Program Files\Webshots
2008-06-28 23:12 . 2008-06-15 12:24 31,232 --a------ C:\WINDOWS\system\vdremote.dll
2008-06-28 23:12 . 2008-06-15 12:23 25,088 --a------ C:\WINDOWS\system\vdsvrlnk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 18:03 --------- d-----w C:\Documents and Settings\alpha\Application Data\Free Download Manager
2008-07-24 17:33 --------- d-----w C:\Documents and Settings\alpha\Application Data\Skype
2008-07-23 20:53 856,943 ----a-w C:\StubInstaller.exe
2008-07-23 19:41 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-23 16:28 --------- d-----w C:\Program Files\MSN Messenger
2008-07-23 15:04 227,183 ----a-w C:\WINDOWS\notepad.exe
2008-07-23 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-23 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 13:56 --------- d-----w C:\Program Files\Windows Live
2008-07-21 19:40 893,807 ----a-w C:\WINDOWS\iun6002.exe
2008-07-19 10:38 --------- d-----w C:\Program Files\Pvm
2008-07-19 09:54 --------- d-----w C:\Program Files\Kikoo
2008-07-11 21:03 317,295 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
2008-07-11 21:03 1,454,959 ----a-w C:\WINDOWS\system32\dxdiag.exe
2008-07-07 17:44 925,039 ------w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
2008-07-07 14:19 557,423 ----a-w C:\WINDOWS\system32\cmd.exe
2008-07-07 14:19 227,183 ----a-w C:\WINDOWS\system32\notepad.exe
2008-07-01 20:02 --------- d-----w C:\Documents and Settings\alpha\Application Data\Webshots
2008-06-26 09:48 --------- d-----w C:\Program Files\Google
2008-06-23 13:33 --------- d-----w C:\Program Files\Oak Systems
2008-06-16 14:05 --------- d-----w C:\Program Files\TranslateIt! 5.5 GEG
2008-06-14 18:58 --------- d-----w C:\Program Files\Audacity
2008-04-14 18:54 872 ----a-w C:\Documents and Settings\alpha\Application Data\waver_2.95.dat
2007-10-19 21:23 560 ----a-w C:\Documents and Settings\alpha\Application Data\ViewerApp.dat
2007-07-16 14:53 48 ----a-w C:\Documents and Settings\alpha\readme.bat
2007-06-06 12:16 82 ----a-w C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2006-11-19 18:46 20 ----a-w C:\Documents and Settings\alpha\PlayList for alpha.bin
2006-11-19 15:31 20 ----a-w C:\Documents and Settings\mohamed\PlayList for mohamed.bin
2005-09-08 07:25 276 ----a-w C:\Documents and Settings\alpha\install.cmd
2004-09-28 03:00 26,240 -c--a-w C:\WINDOWS\inf\RAMDSK.SYS
.
[code]<pre>
----a-w 155,401 2008-07-11 20:38:22 C:\Documents and Settings\alpha\Mes documents\Impossible de supprimer virus autorun (1-1)_fichiers\Impossible de supprimer virus autorun (1-1)_fichiers .exe
----a-w 110,511 2008-07-07 14:48:21 C:\Documents and Settings\MyDocuments\Readme.doc .exe
</pre>/code
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ac1f717-7914-c2dd-d436-89a3c5953f11}]
2008-07-15 14:28 313856 --a------ C:\WINDOWS\system32\nsx3C.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
"Free Uploader Oe Integration"="D:\Free Download Manager\FUM\fumoei.exe" [2008-07-07 17:40 197487]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-07-23 22:53 1104239]
"LeechGet"="" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\WINDOWS\VM303_STI.EXE" [2005-11-05 04:06 61440]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 01:32 5537792]
"{8375fe3d-c1bd-2d66-deba-5215e2a98157}"="C:\WINDOWS\system32\wegckonebbodqxki.dll" [N/A]
"Adobe Reader Speed Launcher"="D:\adobe\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"DirectX For Microsoft® Windows"="C:\WINDOWS\system32\fservice.exe" [N/A]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^alpha^Menu Démarrer^Programmes^Démarrage^SM.lnk]
path=C:\Documents and Settings\alpha\Menu Démarrer\Programmes\Démarrage\SM.lnk
backup=C:\WINDOWS\pss\SM.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^alpha^Menu Démarrer^Programmes^Démarrage^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\alpha\Menu Démarrer\Programmes\Démarrage\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^alpha^Menu Démarrer^Programmes^Démarrage^Webshots.lnk]
path=C:\Documents and Settings\alpha\Menu Démarrer\Programmes\Démarrage\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^alpha^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\alpha\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-07-23 22:53 1104239 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
C:\Program Files\Dealio\DealioAU.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
--a------ 2005-11-05 04:06 61440 C:\WINDOWS\VM303_STI.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:54 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-07-07 17:40 2601886 D:\Free Download Manager\fdm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
--a------ 2008-07-07 17:40 410479 D:\Free Download Manager\FUM\fum.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
C:\Program Files\Free Download Manager\FUM\fumoei.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2007-03-02 15:24 257088 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\messengerskinner]
C:\Program Files\MessengerSkinner\MessengerSkinner.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qjvnml]
c:\windows\system32\qjvnml.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uvjlsyg]
c:\windows\system32\uvjlsyg.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 06:55 110592 C:\WINDOWS\system32\bthprops.cpl
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Documents and Settings\\alpha\\Bureau\\shared\\WoW-2.0.0-enUS-Installer-downloader.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Administrateur\\Mes documents\\Mes documents\\utorrent.exe"=
"C:\\Documents and Settings\\mohamed\\Bureau\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25075:TCP"= 25075:TCP:AresChatServer
"5000:TCP"= 5000:TCP:AresChatServer
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2006-12-17 19:38]
R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1997-10-08 04:04]
R2 MapMem;MapMem;C:\WINDOWS\system32\drivers\MapMem.sys [1997-10-08 04:04]
R2 NTRemap;NTRemap;C:\WINDOWS\system32\drivers\NTRemap.sys [1997-10-08 04:04]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24]
S3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 tcpip_patcher;tcpip_patcher;C:\Program Files\Ares\tcpip_patcher.sys [2005-10-25 17:25]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2005-11-30 06:50]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-01-19 17:55]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\zPharaoh.exe
\Shell\explore\command - D:\zPharaoh.exe
\Shell\open\command - D:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e973cc6-9c14-11dc-bae9-00142adda85f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b426ffa-4209-11dc-a003-00142adda85f}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85a43d30-4797-11dd-b412-00142adda85f}]
\Shell\AutoRun\command - F:\zPharaoh.exe
\Shell\explore\command - F:\zPharaoh.exe
\Shell\open\command - F:\zPharaoh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eddae06c-097a-11dd-b394-00142adda85f}]
\Shell\AutoRun\command - zPharaoh.exe
\Shell\explore\command - zPharaoh.exe
\Shell\open\command - zPharaoh.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-27 15:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://fr.yahoo.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
O8 -: &Webshots Photo Search - C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 -: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html
O8 -: Download ALL with IDA
O8 -: Download with IDA
O8 -: Tout télécharger avec Free Download Manager - file://D:\Free Download Manager\dlall.htm
O8 -: Télécharger avec Free Download Manager - file://D:\Free Download Manager\dllink.htm
O8 -: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2007\\Wizard.html
O8 -: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html
O8 -: Télécharger la sélection avec Free Download Manager - file://D:\Free Download Manager\dlselected.htm
O8 -: Télécharger la vidéo avec Free Download Manager - file://D:\Free Download Manager\dlfvideo.htm
O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: Yahoo! Pool 2 - hxxp://origin.games.yahoo.net/games/clients/y/poti_x.cab
C:\WINDOWS\Downloaded Program Files\Yahoo! Pool 2.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 20:05:48
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\Documents and Settings\alpha\Local Settings\Application Data\Ares\Data\PHashIdxTemp.dat 85010 bytes
C:\Documents and Settings\alpha\Local Settings\Application Data\Ares\Data\TempPHash.dat
Scan termin‚ avec succŠs
Les fichiers cach‚s: 2
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Qoobox\Quarantine\C\Documents and Settings\tazebama.dl_.vir
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-24 20:14:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-24 18:14:02
Pre-Run: 539,570,176 octets libres
Post-Run: 780,992,512 octets libres
336 --- E O F --- 2008-02-25 17:38:05
---------------------------------------------------------------------------
FixWareout
Username "alpha" - 24/07/2008 19:39:01 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.40 85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{327C305E-6A82-4F49-9D34-E18700AE82BC}
"nameserver"="85.255.116.40" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{6A0E5345-D8E3-4C5D-8EFA-F3A20D19C093}
"nameserver"="85.255.116.40,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7E9C60B3-F26A-4E90-B1FA-F06CA990CFC5}
"nameserver"="85.255.116.40,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F794894E-17B0-4395-8EC5-6FF75834F2EA}
"nameserver"="85.255.116.40,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7E9C60B3-F26A-4E90-B1FA-F06CA990CFC5}
"DhcpNameServer"="85.255.116.40,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{BA08FF0A-E27C-4E98-BC6F-1D270E48B55B}
"DhcpNameServer"="85.255.116.40,85.255.112.101" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F794894E-17B0-4395-8EC5-6FF75834F2EA}
"DhcpNameServer"="85.255.116.40,85.255.112.101" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdrqx.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"{8375fe3d-c1bd-2d66-deba-5215e2a98157}"="C:\\WINDOWS\\System32\\Rundll32.exe \"C:\\WINDOWS\\system32\\wegckonebbodqxki.dll\" DllStart"
"Adobe Reader Speed Launcher"="\"D:\\adobe\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LeechGet"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Uploader Oe Integration"="D:\\Free Download Manager\\FUM\\fumoei.exe"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
j'ai une quéstion pour installé intérnet explorer 7 ?
en plus j'ai ue un souci avec avira antivir j'ai pas pu le télécharger . merci pour ton aide
