Bonjour, mon fond d'écran, c'est changé en bleu et un rectangle avec marqué "Warning! Spyware detected on your computer; Install an antivirus or spyware remover to clean your computer". J'ai l'impression que sais un virus mais comment l'enlever? Merci de me répondre
Cordialement HIPPY

Bonjour, bienvenue sur la section sécurité de libellules.

Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests.

Voici comment démarrer.
Poste un rapport Hijackthis (v2.0.2) dans ta prochaine réponse stp :
Voici un tuto avec les liens nécessaires :
http://www.libellules.ch/poster_log_hijackthis.php

Je te remercie Falkra pour avoir répondu si vite
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:07:52, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rebiere\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lphceerj0e195] C:\WINDOWS\system32\lphceerj0e195.exe
O4 - HKLM\..\Run: [SMrhcaerj0e195] C:\Program Files\rhcaerj0e195\rhcaerj0e195.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

--
End of file - 5862 bytes
Tiens voila et merci encore.
Cordialement HIPPY.

Je te confirme une infection (faux codec)

• Télécharge SmitFraudFix de S!Ri sur le bureau :
  http://siri.urz.free.fr/Fix/SmitfraudFix.exe
• Note: si tu as une version de SmitfraudFix, ne l'utilise pas, élimine là et télécharge la dernière version.
• Double-clique sur smitfraudfix.exe
• Choisis l'option 1 pour créer un rapport des fichiers responsables de l'infection.
• Poste le rapport sur le forum dans ta prochaine réponse. (si tu ne le trouves pas, il est dans "C:\rapport.txt")

Si process.exe est détecté par ton antivirus ou un autre logiciel, n'en tiens pas compte (choisis d'ignorer) et ne bloque pas le fichier, il sert à terminer des processus, d'où l'alerte émise par ces antivirus qui y voient un danger potentiel. (doc).

SmitFraudFix v2.331

Rapport fait à 1:13:18,76, 24/07/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\RichVideoCodec.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\rebiere


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\rebiere\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\rebiere\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\RichVideoCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: Carte réseau Broadcom 802.11n - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5263248B-AE3A-40FD-8A91-2651E651FA2B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{81BEE455-B72F-4C0E-B1CD-80AA879005FF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5263248B-AE3A-40FD-8A91-2651E651FA2B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81BEE455-B72F-4C0E-B1CD-80AA879005FF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5263248B-AE3A-40FD-8A91-2651E651FA2B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{81BEE455-B72F-4C0E-B1CD-80AA879005FF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

SmitFraudFix v2.331

Rapport fait à 1:17:27,49, 24/07/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\system32\RichVideoCodec.dll supprimé
C:\Program Files\RichVideoCodec\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8058 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: Carte réseau Broadcom 802.11n - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5263248B-AE3A-40FD-8A91-2651E651FA2B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{81BEE455-B72F-4C0E-B1CD-80AA879005FF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5263248B-AE3A-40FD-8A91-2651E651FA2B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81BEE455-B72F-4C0E-B1CD-80AA879005FF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5263248B-AE3A-40FD-8A91-2651E651FA2B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{81BEE455-B72F-4C0E-B1CD-80AA879005FF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Bien !
On fait une vérification.

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactiveras ensuite

Télécharge Lop S&D (d'Eric_71) sur ton bureau

• Double-clique dessus pour lancer l'installation
• Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
• Sélectionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
• Patiente jusqu'à la fin du scan
• Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide).

--------------------\\ Lop S&D 4.2.2-3 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : rebiere ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 24/07/2008 | 1:28:32,93 ] [ PC : PAUL ]
[ MAJ : 22-07-2008 | 17:35 ]

--------------------\\ Listing des dossiers dans Application Data

[02/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\About Obj City Loud
[07/05/2008|16:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/03/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18/05/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/03/2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[26/03/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[26/03/2008|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/03/2008|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[26/03/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[30/05/2008|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[19/06/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[09/07/2008|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[11/07/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[17/05/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[26/03/2008|14:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[26/03/2008|15:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[17/05/2008|18:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[26/03/2008|15:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/05/2008|16:29] C:\DOCUME~1\rebiere\APPLIC~1\Adobe
[23/05/2008|21:36] C:\DOCUME~1\rebiere\APPLIC~1\Apple Computer
[20/07/2008|23:22] C:\DOCUME~1\rebiere\APPLIC~1\codeblocks
[26/03/2008|14:55] C:\DOCUME~1\rebiere\APPLIC~1\desktop.ini
[04/07/2008|16:41] C:\DOCUME~1\rebiere\APPLIC~1\Desktopicon
[06/07/2008|17:59] C:\DOCUME~1\rebiere\APPLIC~1\dvdcss
[11/05/2008|12:45] C:\DOCUME~1\rebiere\APPLIC~1\FileZilla
[29/06/2008|10:37] C:\DOCUME~1\rebiere\APPLIC~1\FLV Extract
[04/07/2008|12:01] C:\DOCUME~1\rebiere\APPLIC~1\FMZilla
[26/03/2008|15:19] C:\DOCUME~1\rebiere\APPLIC~1\Identities
[26/03/2008|17:44] C:\DOCUME~1\rebiere\APPLIC~1\Macromedia
[04/05/2008|22:45] C:\DOCUME~1\rebiere\APPLIC~1\Microsoft
[26/03/2008|15:40] C:\DOCUME~1\rebiere\APPLIC~1\Mozilla
[23/07/2008|18:39] C:\DOCUME~1\rebiere\APPLIC~1\OpenOffice.org2
[10/07/2008|01:38] C:\DOCUME~1\rebiere\APPLIC~1\Publish Providers
[30/05/2008|18:47] C:\DOCUME~1\rebiere\APPLIC~1\Real
[23/07/2008|18:39] C:\DOCUME~1\rebiere\APPLIC~1\Skype
[23/07/2008|17:06] C:\DOCUME~1\rebiere\APPLIC~1\skypePM
[10/07/2008|01:38] C:\DOCUME~1\rebiere\APPLIC~1\Sony
[24/05/2008|11:25] C:\DOCUME~1\rebiere\APPLIC~1\Sun
[23/07/2008|14:05] C:\DOCUME~1\rebiere\APPLIC~1\teamspeak2
[30/05/2008|17:42] C:\DOCUME~1\rebiere\APPLIC~1\vlc
[11/04/2008|17:32] C:\DOCUME~1\rebiere\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[29/03/2008 13:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/07/2008 17:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[07/07/2008|12:05] C:\Program Files\Adobe
[26/03/2008|16:36] C:\Program Files\AlienGUIse
[26/03/2008|16:11] C:\Program Files\Alwil Software
[29/03/2008|13:08] C:\Program Files\Apple Software Update
[25/05/2008|16:52] C:\Program Files\BitDefender
[18/05/2008|11:08] C:\Program Files\Bonjour
[26/03/2008|15:26] C:\Program Files\Boot Camp
[05/07/2008|01:42] C:\Program Files\CodeBlocks
[26/03/2008|15:10] C:\Program Files\ComPlus Applications
[26/03/2008|15:23] C:\Program Files\DIFX
[19/06/2008|16:36] C:\Program Files\Fichiers communs
[11/05/2008|12:57] C:\Program Files\FileZilla
[21/07/2008|03:21] C:\Program Files\Free Music Zilla
[11/06/2008|15:33] C:\Program Files\InstallShield Installation Information
[26/03/2008|15:26] C:\Program Files\Intel
[29/06/2008|10:33] C:\Program Files\Internet Explorer
[25/05/2008|09:54] C:\Program Files\Java
[30/05/2008|18:47] C:\Program Files\K-Lite Codec Pack
[27/03/2008|23:21] C:\Program Files\Messenger
[02/04/2008|17:35] C:\Program Files\Messenger Plus! Live
[26/03/2008|15:13] C:\Program Files\microsoft frontpage
[09/07/2008|22:37] C:\Program Files\Microsoft SQL Server
[26/03/2008|15:25] C:\Program Files\Motorola
[26/03/2008|15:11] C:\Program Files\Movie Maker
[24/07/2008|01:20] C:\Program Files\Mozilla Firefox
[29/06/2008|10:34] C:\Program Files\MSBuild
[26/03/2008|15:09] C:\Program Files\MSN
[26/03/2008|15:10] C:\Program Files\MSN Gaming Zone
[02/04/2008|17:35] C:\Program Files\MSN Messenger
[29/06/2008|10:32] C:\Program Files\MSXML 6.0
[23/07/2008|18:37] C:\Program Files\Navilog1
[26/03/2008|15:11] C:\Program Files\NetMeeting
[26/03/2008|15:10] C:\Program Files\Online Services
[24/05/2008|11:26] C:\Program Files\OpenOffice.org 2.4
[27/03/2008|23:20] C:\Program Files\Outlook Express
[18/05/2008|11:08] C:\Program Files\QuickTime
[26/03/2008|15:24] C:\Program Files\Realtek
[29/06/2008|10:34] C:\Program Files\Reference Assemblies
[28/03/2008|20:50] C:\Program Files\SAGEM
[28/03/2008|20:50] C:\Program Files\Securitoo
[26/03/2008|15:12] C:\Program Files\Services en ligne
[26/03/2008|15:24] C:\Program Files\SigmaTel
[19/06/2008|16:36] C:\Program Files\Skype
[09/07/2008|22:35] C:\Program Files\Sony
[09/07/2008|22:34] C:\Program Files\Sony Setup
[23/07/2008|23:36] C:\Program Files\Steam
[26/03/2008|18:36] C:\Program Files\Teamspeak2_RC2
[09/07/2008|22:37] C:\Program Files\Uninstall Information
[21/07/2008|02:41] C:\Program Files\Unlocker
[29/06/2008|19:13] C:\Program Files\VideoLAN
[09/07/2008|22:36] C:\Program Files\Vstplugins
[26/03/2008|16:13] C:\Program Files\Windows Live
[17/05/2008|18:25] C:\Program Files\Windows Media Connect 2
[17/05/2008|18:29] C:\Program Files\Windows Media Player
[26/03/2008|15:10] C:\Program Files\Windows NT
[26/03/2008|15:12] C:\Program Files\WindowsUpdate
[11/04/2008|17:32] C:\Program Files\WinRAR
[26/03/2008|15:13] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[07/05/2008|16:28] C:\Program Files\Fichiers communs\Adobe
[18/05/2008|11:08] C:\Program Files\Fichiers communs\Apple
[25/05/2008|12:14] C:\Program Files\Fichiers communs\BitDefender
[26/03/2008|15:24] C:\Program Files\Fichiers communs\InstallShield
[24/05/2008|11:25] C:\Program Files\Fichiers communs\Java
[09/07/2008|22:35] C:\Program Files\Fichiers communs\Microsoft Shared
[26/03/2008|15:11] C:\Program Files\Fichiers communs\MSSoap
[26/03/2008|14:55] C:\Program Files\Fichiers communs\ODBC
[26/03/2008|15:11] C:\Program Files\Fichiers communs\Services
[19/06/2008|16:36] C:\Program Files\Fichiers communs\Skype
[26/03/2008|14:55] C:\Program Files\Fichiers communs\SpeechEngines
[26/03/2008|16:24] C:\Program Files\Fichiers communs\Stardock
[27/03/2008|23:20] C:\Program Files\Fichiers communs\System

--------------------\\ Process

( 44 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\rebiere\Cookies\rebiere@www.adserver5[1].txt
C:\DOCUME~1\rebiere\Cookies\rebiere@advertising[2].txt
C:\DOCUME~1\rebiere\Cookies\rebiere@pacificpoker[1].txt
C:\DOCUME~1\rebiere\Cookies\rebiere@888[1].txt
C:\DOCUME~1\rebiere\Cookies\rebiere@888[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

/!\ 1 Not 127.0.0.1 !!

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 01:29:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 429

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> C:\DOCUME~1\rebiere\Mes documents\keygen.exe


[F:1737][D:73]-> C:\DOCUME~1\rebiere\LOCALS~1\Temp
[F:134][D:0]-> C:\DOCUME~1\rebiere\Cookies
[F:13][D:5]-> C:\DOCUME~1\rebiere\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 1:29:28,70

Relance Lop S&D

• Choisis cette fois ci l'Option 2 ( Suppression )
• Ne ferme pas la fenêtre lors de la suppression !
• Poste le rapport généré ( C:\lopR.txt )

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

--------------------\\ Lop S&D 4.2.2-3 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : rebiere ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 24/07/2008 | 1:33:46,85 ] [ PC : PAUL ]
[ MAJ : 22-07-2008 | 17:35 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\rebiere\Cookies\rebiere@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\rebiere\Cookies\rebiere@advertising[2].txt
Supprime! - C:\DOCUME~1\rebiere\Cookies\rebiere@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\rebiere\Cookies\rebiere@888[1].txt
Supprime! - C:\DOCUME~1\rebiere\Cookies\rebiere@888[2].txt
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[02/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\About Obj City Loud
[07/05/2008|16:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[26/03/2008|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[18/05/2008|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/03/2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[26/03/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[26/03/2008|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/03/2008|21:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[26/03/2008|15:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mozilla
[30/05/2008|18:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[19/06/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[09/07/2008|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
[11/07/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[17/05/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[26/03/2008|14:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[26/03/2008|15:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[17/05/2008|18:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[26/03/2008|15:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[07/05/2008|16:29] C:\DOCUME~1\rebiere\APPLIC~1\Adobe
[23/05/2008|21:36] C:\DOCUME~1\rebiere\APPLIC~1\Apple Computer
[20/07/2008|23:22] C:\DOCUME~1\rebiere\APPLIC~1\codeblocks
[26/03/2008|14:55] C:\DOCUME~1\rebiere\APPLIC~1\desktop.ini
[04/07/2008|16:41] C:\DOCUME~1\rebiere\APPLIC~1\Desktopicon
[06/07/2008|17:59] C:\DOCUME~1\rebiere\APPLIC~1\dvdcss
[11/05/2008|12:45] C:\DOCUME~1\rebiere\APPLIC~1\FileZilla
[29/06/2008|10:37] C:\DOCUME~1\rebiere\APPLIC~1\FLV Extract
[04/07/2008|12:01] C:\DOCUME~1\rebiere\APPLIC~1\FMZilla
[26/03/2008|15:19] C:\DOCUME~1\rebiere\APPLIC~1\Identities
[26/03/2008|17:44] C:\DOCUME~1\rebiere\APPLIC~1\Macromedia
[04/05/2008|22:45] C:\DOCUME~1\rebiere\APPLIC~1\Microsoft
[26/03/2008|15:40] C:\DOCUME~1\rebiere\APPLIC~1\Mozilla
[23/07/2008|18:39] C:\DOCUME~1\rebiere\APPLIC~1\OpenOffice.org2
[10/07/2008|01:38] C:\DOCUME~1\rebiere\APPLIC~1\Publish Providers
[30/05/2008|18:47] C:\DOCUME~1\rebiere\APPLIC~1\Real
[23/07/2008|18:39] C:\DOCUME~1\rebiere\APPLIC~1\Skype
[23/07/2008|17:06] C:\DOCUME~1\rebiere\APPLIC~1\skypePM
[10/07/2008|01:38] C:\DOCUME~1\rebiere\APPLIC~1\Sony
[24/05/2008|11:25] C:\DOCUME~1\rebiere\APPLIC~1\Sun
[23/07/2008|14:05] C:\DOCUME~1\rebiere\APPLIC~1\teamspeak2
[30/05/2008|17:42] C:\DOCUME~1\rebiere\APPLIC~1\vlc
[11/04/2008|17:32] C:\DOCUME~1\rebiere\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[29/03/2008 13:08][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/07/2008 17:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[07/07/2008|12:05] C:\Program Files\Adobe
[26/03/2008|16:36] C:\Program Files\AlienGUIse
[26/03/2008|16:11] C:\Program Files\Alwil Software
[29/03/2008|13:08] C:\Program Files\Apple Software Update
[25/05/2008|16:52] C:\Program Files\BitDefender
[18/05/2008|11:08] C:\Program Files\Bonjour
[26/03/2008|15:26] C:\Program Files\Boot Camp
[05/07/2008|01:42] C:\Program Files\CodeBlocks
[26/03/2008|15:10] C:\Program Files\ComPlus Applications
[26/03/2008|15:23] C:\Program Files\DIFX
[19/06/2008|16:36] C:\Program Files\Fichiers communs
[11/05/2008|12:57] C:\Program Files\FileZilla
[21/07/2008|03:21] C:\Program Files\Free Music Zilla
[11/06/2008|15:33] C:\Program Files\InstallShield Installation Information
[26/03/2008|15:26] C:\Program Files\Intel
[29/06/2008|10:33] C:\Program Files\Internet Explorer
[25/05/2008|09:54] C:\Program Files\Java
[30/05/2008|18:47] C:\Program Files\K-Lite Codec Pack
[27/03/2008|23:21] C:\Program Files\Messenger
[02/04/2008|17:35] C:\Program Files\Messenger Plus! Live
[26/03/2008|15:13] C:\Program Files\microsoft frontpage
[09/07/2008|22:37] C:\Program Files\Microsoft SQL Server
[26/03/2008|15:25] C:\Program Files\Motorola
[26/03/2008|15:11] C:\Program Files\Movie Maker
[24/07/2008|01:20] C:\Program Files\Mozilla Firefox
[29/06/2008|10:34] C:\Program Files\MSBuild
[26/03/2008|15:09] C:\Program Files\MSN
[26/03/2008|15:10] C:\Program Files\MSN Gaming Zone
[02/04/2008|17:35] C:\Program Files\MSN Messenger
[29/06/2008|10:32] C:\Program Files\MSXML 6.0
[23/07/2008|18:37] C:\Program Files\Navilog1
[26/03/2008|15:11] C:\Program Files\NetMeeting
[26/03/2008|15:10] C:\Program Files\Online Services
[24/05/2008|11:26] C:\Program Files\OpenOffice.org 2.4
[27/03/2008|23:20] C:\Program Files\Outlook Express
[18/05/2008|11:08] C:\Program Files\QuickTime
[26/03/2008|15:24] C:\Program Files\Realtek
[29/06/2008|10:34] C:\Program Files\Reference Assemblies
[28/03/2008|20:50] C:\Program Files\SAGEM
[28/03/2008|20:50] C:\Program Files\Securitoo
[26/03/2008|15:12] C:\Program Files\Services en ligne
[26/03/2008|15:24] C:\Program Files\SigmaTel
[19/06/2008|16:36] C:\Program Files\Skype
[09/07/2008|22:35] C:\Program Files\Sony
[09/07/2008|22:34] C:\Program Files\Sony Setup
[23/07/2008|23:36] C:\Program Files\Steam
[26/03/2008|18:36] C:\Program Files\Teamspeak2_RC2
[09/07/2008|22:37] C:\Program Files\Uninstall Information
[21/07/2008|02:41] C:\Program Files\Unlocker
[29/06/2008|19:13] C:\Program Files\VideoLAN
[09/07/2008|22:36] C:\Program Files\Vstplugins
[26/03/2008|16:13] C:\Program Files\Windows Live
[17/05/2008|18:25] C:\Program Files\Windows Media Connect 2
[17/05/2008|18:29] C:\Program Files\Windows Media Player
[26/03/2008|15:10] C:\Program Files\Windows NT
[26/03/2008|15:12] C:\Program Files\WindowsUpdate
[11/04/2008|17:32] C:\Program Files\WinRAR
[26/03/2008|15:13] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[07/05/2008|16:28] C:\Program Files\Fichiers communs\Adobe
[18/05/2008|11:08] C:\Program Files\Fichiers communs\Apple
[25/05/2008|12:14] C:\Program Files\Fichiers communs\BitDefender
[26/03/2008|15:24] C:\Program Files\Fichiers communs\InstallShield
[24/05/2008|11:25] C:\Program Files\Fichiers communs\Java
[09/07/2008|22:35] C:\Program Files\Fichiers communs\Microsoft Shared
[26/03/2008|15:11] C:\Program Files\Fichiers communs\MSSoap
[26/03/2008|14:55] C:\Program Files\Fichiers communs\ODBC
[26/03/2008|15:11] C:\Program Files\Fichiers communs\Services
[19/06/2008|16:36] C:\Program Files\Fichiers communs\Skype
[26/03/2008|14:55] C:\Program Files\Fichiers communs\SpeechEngines
[26/03/2008|16:24] C:\Program Files\Fichiers communs\Stardock
[27/03/2008|23:20] C:\Program Files\Fichiers communs\System

--------------------\\ Process

( 43 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 01:34:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 429

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> C:\DOCUME~1\rebiere\Mes documents\keygen.exe


[F:1737][D:73]-> C:\DOCUME~1\rebiere\LOCALS~1\Temp
[F:129][D:0]-> C:\DOCUME~1\rebiere\Cookies
[F:13][D:5]-> C:\DOCUME~1\rebiere\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 1:34:42,74

Encore des cracks, pas étonnant que tu aies choppé tout ça.

Poste un nouveau rapport HijackThis stp.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:58, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\rebiere\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lphceerj0e195] C:\WINDOWS\system32\lphceerj0e195.exe
O4 - HKLM\..\Run: [SMrhcaerj0e195] C:\Program Files\rhcaerj0e195\rhcaerj0e195.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

--
End of file - 5819 bytes

Ce qui suit n'est que pour ta machine, et ta machine seulement.
Ne pas utiliser sur une autre machine : dangereux.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
• Double-clique combofix.exe afin de l'exécuter.
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
• Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Mon fond d'écran n'est plus bleu avec marqué "Spyware.....", j'ai pu changer mon fond d'écran mais je ne sais pas si le virus et toujours présent. Je vous envoie le rapport Hijackthis, sachant que je fais une erreur de manipulation avec combofix.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31, on 2008-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rebiere\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lphceerj0e195] C:\WINDOWS\system32\lphceerj0e195.exe
O4 - HKLM\..\Run: [SMrhcaerj0e195] C:\Program Files\rhcaerj0e195\rhcaerj0e195.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

--
End of file - 6079 bytes

HIPPY a écrit:Mon fond d'écran n'est plus bleu avec marqué "Spyware.....", j'ai pu changer mon fond d'écran mais je ne sais pas si le virus et toujours présent. Je vous envoie le rapport Hijackthis, sachant que je fais une erreur de manipulation avec combofix.

Quel est le problème avec combofix ? Il faut le lancer, que se passe-t-il ?

Ben mon ecran c'est mit en bleu avec des écritures en blanc, je sais pas si c'est normal ou pas, et après plus rien, il y avait juste le programme combofi et voila. J'ai reboot l'ordi et plus le fond d'écran avec marqué "spyware....." donc voila.
Après, je sais pas si mon ordi et désinfecté.

As-tu un rapport dans c:\combofix.txt ? Si oui, poste le contenu dans ta prochaine réponse stp.
Sinon, essaie combofix en mode sans échec.

ComboFix 08-07-23.4 - rebiere 2008-07-24 21:07:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1551 [GMT 2:00]
Endroit: C:\Documents and Settings\rebiere\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\blphceerj0e195.scr
C:\WINDOWS\system32\phceerj0e195.bmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
.

2008-07-24 01:28 . 2008-07-24 01:34 <REP> d-------- C:\Lop SD
2008-07-24 01:13 . 2008-07-24 01:17 3,004 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-24 01:12 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-24 01:12 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-24 01:12 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-24 01:12 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-24 01:12 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-24 01:12 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-24 01:12 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-24 01:12 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-24 01:12 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 18:29 . 2008-07-23 18:37 <REP> d-------- C:\Program Files\Navilog1
2008-07-10 01:38 . 2008-07-10 01:38 <REP> d-------- C:\Documents and Settings\rebiere\Application Data\Publish Providers
2008-07-09 22:37 . 2008-07-09 22:37 <REP> d-------- C:\Program Files\Microsoft SQL Server
2008-07-09 22:37 . 2008-07-10 01:38 <REP> d-------- C:\Documents and Settings\rebiere\Application Data\Sony
2008-07-09 22:37 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-09 22:37 . 2002-12-17 17:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2008-07-09 22:37 . 2002-10-20 15:01 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2008-07-09 22:36 . 2008-07-09 22:36 <REP> d-------- C:\Program Files\Vstplugins
2008-07-09 22:36 . 2008-07-09 22:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-09 22:35 . 2008-07-09 22:35 <REP> d-------- C:\Program Files\Sony
2008-07-09 22:34 . 2008-07-09 22:34 <REP> d-------- C:\Program Files\Sony Setup
2008-07-06 02:04 . 2008-07-11 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-05 01:42 . 2008-07-05 01:42 <REP> d-------- C:\Program Files\CodeBlocks
2008-07-05 01:42 . 2008-07-20 23:22 <REP> d-------- C:\Documents and Settings\rebiere\Application Data\codeblocks
2008-07-04 16:41 . 2008-07-21 02:41 <REP> d-------- C:\Program Files\Unlocker
2008-07-04 16:41 . 2008-07-04 16:41 <REP> d-------- C:\Documents and Settings\rebiere\Application Data\Desktopicon
2008-07-03 18:56 . 2008-07-03 18:56 <REP> d-------- C:\WINDOWS\Sun
2008-07-03 18:49 . 2008-07-21 03:21 <REP> d-------- C:\Program Files\Free Music Zilla
2008-06-29 17:40 . 2008-07-21 03:16 <REP> d-------- C:\downloads
2008-06-29 17:40 . 2008-07-04 12:01 <REP> d-------- C:\Documents and Settings\rebiere\Application Data\FMZilla
2008-06-29 17:31 . 2008-07-03 18:43 <REP> d-------- C:\Documents and Settings\rebiere\dwhelper
2008-06-29 10:37 . 2008-06-29 10:37 <REP> d-------- C:\Documents and Settings\rebiere\Application Data\FLV Extract
2008-06-29 10:36 . 2008-06-29 10:36 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-06-29 10:34 . 2008-06-29 10:36 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-29 10:34 . 2008-06-29 10:34 <REP> d-------- C:\Program Files\Reference Assemblies
2008-06-29 10:34 . 2008-06-29 10:34 <REP> d-------- C:\Program Files\MSBuild
2008-06-29 10:34 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-29 10:32 . 2008-06-29 10:32 <REP> d-------- C:\Program Files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 19:06 --------- d-----w C:\Documents and Settings\rebiere\Application Data\OpenOffice.org2
2008-07-24 18:29 --------- d-----w C:\Program Files\Steam
2008-07-24 15:56 --------- d-----w C:\Documents and Settings\rebiere\Application Data\Skype
2008-07-24 14:18 --------- d-----w C:\Documents and Settings\rebiere\Application Data\teamspeak2
2008-07-24 14:06 --------- d-----w C:\Documents and Settings\rebiere\Application Data\skypePM
2008-07-06 15:59 --------- d-----w C:\Documents and Settings\rebiere\Application Data\dvdcss
2008-06-29 17:13 --------- d-----w C:\Program Files\VideoLAN
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 14:36 --------- d-----w C:\Program Files\Skype
2008-06-19 14:36 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-06-19 14:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-30 16:47 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-05-30 15:42 --------- d-----w C:\Documents and Settings\rebiere\Application Data\vlc
2008-05-25 14:52 --------- d-----w C:\Program Files\BitDefender
2008-05-25 10:14 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-05-25 07:54 --------- d-----w C:\Program Files\Java
2008-05-24 09:26 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-05-24 09:25 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-06-20 13:10 1271032]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-06-03 15:08 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IRW"="C:\WINDOWS\system32\IRW.exe" [2007-10-08 21:56 147456]
"Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [2007-10-08 23:06 419120]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-08 21:59 16384512 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\rebiere\Menu D‚marrer\Programmes\D‚marrage\
Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe [2008-03-26 16:24:01 2074360]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\polo_vwf\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\polo_vwf\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Steam\\steamapps\\polo_vwf\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"C:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\WINDOWS\system32\AppleOSSMgr.exe [2007-10-08 23:04]
R2 AppleTimeSrv;Apple Time Service;C:\WINDOWS\system32\AppleTimeSrv.exe [2007-10-08 23:05]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 KeyAgent;KeyAgent;C:\WINDOWS\system32\drivers\KeyAgent.sys [2007-10-08 21:56]
R2 MacHALDriver;Mac HAL;C:\WINDOWS\system32\drivers\MacHALDriver.sys [2007-10-08 21:56]
R3 applebt;Apple Built-in Bluetooth;C:\WINDOWS\system32\DRIVERS\applebt.sys [2007-10-08 21:56]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\WINDOWS\system32\DRIVERS\IRFilter.sys [2007-10-08 21:56]
R3 KeyMagic;USB Keyboard HID Filter;C:\WINDOWS\system32\DRIVERS\KeyMagic.sys [2007-10-08 21:56]
S3 BthKicker;Apple Bluetooth Device Driver;C:\WINDOWS\system32\DRIVERS\BthKicker.sys [2007-10-08 21:56]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-24 05:09:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-lphceerj0e195 - C:\WINDOWS\system32\lphceerj0e195.exe
HKLM-Run-SMrhcaerj0e195 - C:\Program Files\rhcaerj0e195\rhcaerj0e195.exe


.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 21:08:22
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-24 21:09:07
ComboFix-quarantined-files.txt 2008-07-24 19:08:54

Pre-Run: 4,457,959,424 octets libres
Post-Run: 4,581,371,904 octets libres

160 --- E O F --- 2008-07-10 08:39:02