virus dans mon pc

bonjour
j'ai un virus sur mon msn mais je ne sais pas comment le supprimer ( apparement c'est malaware gwen 32)
pourriez vous m'orienté svp
j'ai avast spybot search and destroy
j'ai glary utility
je viens de telechargé hijackthis
tout mes programmes sont a jours

je suis sous vista

Bonjour
sujet-13078.html
postes les logs et attend le passage de nos chere nettoyeur de véroles

alors voici le log ( du moins je pense )

Logfile of random's system information tool 1.06 (written by random/random)
Run by khylian at 2010-01-28 14:24:30
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 80 GB (54%) free of 148 GB
Total RAM: 3071 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:39, on 28/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\khylian\Downloads\RSIT.exe
C:\Users\khylian\Downloads\khylian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\khylian\AppData\Roaming\Mozilla\Firefox\Profiles\ie7ubm1n.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MessLive Auto Update] C:\Users\khylian\Desktop\MessLive Patch.exe -a_update
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe

--
End of file - 9724 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{3ED3163D-7EEF-4300-8BBB-321DAAA885C7}.job
C:\Windows\tasks\User_Feed_Synchronization-{4F7369F0-980B-45BC-80BF-6CFCEDEB0DAD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-29 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Users\khylian\AppData\Roaming\Mozilla\Firefox\Profiles\ie7ubm1n.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-11 4702208]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2007-01-11 291760]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-12-11 82864]
"LXCRCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-23 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424]
"MessLive Auto Update"=C:\Users\khylian\Desktop\MessLive Patch.exe -a_update []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-09-16 5724184]
"WinUsr"=C:\Program Files\Winsudate\gibusr.exe [2010-01-13 88304]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-01-17 289584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
C:\Program Files\Mouse Driver\StartAutorun.exe [2008-05-30 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Minimizor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-09-16 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-12-21 8497696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-12-21 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
C:\Windows\system32\nvraidservice.exe [2007-12-07 196128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-12-21 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-10-11 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Setresolution]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
C:\Acer\EMPOWE~1\EAPLAU~1.EXE [2007-04-14 535336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDrive r]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewall policy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewall policy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b010d1b1-630a-11de-964d-002185080891}]
shell\AutoRun\command - L:\Sweex.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d48e3ba1-ca9a-11dd-9291-002185080891}]
shell\AutoRun\command - J:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d48e3bd5-ca9a-11dd-9291-002185080891}]
shell\AutoRun\command - K:\Autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-01-28 14:24:30 ----D---- C:\rsit
2010-01-28 12:05:34 ----A---- C:\Windows\msnfix.txt
2010-01-28 11:59:14 ----A---- C:\VundoFix.txt
2010-01-28 11:14:04 ----D---- C:\VundoFix Backups
2010-01-22 12:13:25 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 12:13:24 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 12:13:23 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 12:13:23 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 12:13:23 ----A---- C:\Windows\system32\occache.dll
2010-01-22 12:13:23 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 12:13:23 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 12:13:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 12:13:22 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 12:13:22 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-17 07:20:30 ----D---- C:\Program Files\uTorrent
2010-01-15 12:29:04 ----D---- C:\Users\khylian\AppData\Roaming\Bump Technologies, Inc
2010-01-15 12:08:47 ----D---- C:\Program Files\Lexmark 2400 Series
2010-01-15 12:08:41 ----A---- C:\Windows\system32\LXCRinst.dll
2010-01-15 12:08:41 ----A---- C:\Windows\system32\lxcrinpa.dll
2010-01-15 12:08:41 ----A---- C:\Windows\system32\lxcriesc.dll
2010-01-15 12:08:41 ----A---- C:\Windows\system32\LXCRhcp.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrutil.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrusb1.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrserv.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrprox.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrpplc.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrpmui.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrlmpm.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrjswr.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrinsr.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrinsb.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrins.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrih.exe
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrgf.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrcur.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrcub.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrcu.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrcoms.exe
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrcomm.dll
2010-01-15 12:08:40 ----A---- C:\Windows\system32\lxcrcomc.dll
2010-01-15 12:08:12 ----D---- C:\drivers
2010-01-15 10:56:22 ----D---- C:\Program Files\lx_cats
2010-01-15 10:55:55 ----D---- C:\Program Files\Lexmark Toolbar
2010-01-15 10:10:59 ----A---- C:\Windows\system32\lxcrdrs.dll
2010-01-15 10:10:59 ----A---- C:\Windows\system32\lxcrcnv4.dll
2010-01-15 10:10:59 ----A---- C:\Windows\system32\lxcrcfg.dll
2010-01-15 10:10:59 ----A---- C:\Windows\system32\lxcrcaps.dll
2010-01-13 13:04:55 ----D---- C:\Users\khylian\AppData\Roaming\Icones
2010-01-13 13:04:55 ----D---- C:\Program Files\Winsudate
2010-01-13 12:11:59 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 12:11:59 ----A---- C:\Windows\system32\fontsub.dll
2010-01-04 12:43:25 ----D---- C:\Program Files\Visual IP Trace

======List of files/folders modified in the last 1 months======

2010-01-28 14:24:39 ----D---- C:\Windows\Prefetch
2010-01-28 14:24:33 ----D---- C:\Windows\Temp
2010-01-28 14:01:55 ----SHD---- C:\System Volume Information
2010-01-28 12:51:16 ----D---- C:\Windows\System32
2010-01-28 12:51:16 ----D---- C:\Windows\inf
2010-01-28 12:51:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-28 12:48:56 ----D---- C:\Windows\Tasks
2010-01-28 12:47:06 ----D---- C:\Users\khylian\AppData\Roaming\uTorrent
2010-01-28 12:39:41 ----D---- C:\Program Files\Mozilla Firefox
2010-01-28 12:05:34 ----D---- C:\Windows
2010-01-28 11:58:29 ----D---- C:\Windows\system32\Tasks
2010-01-28 08:52:12 ----D---- C:\ProgramData\Google Updater
2010-01-26 19:33:33 ----D---- C:\Windows\winsxs
2010-01-26 19:33:33 ----D---- C:\Program Files\Internet Explorer
2010-01-26 19:11:26 ----D---- C:\Windows\system32\catroot
2010-01-22 13:08:22 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-22 13:07:06 ----D---- C:\Windows\system32\migration
2010-01-22 12:43:36 ----D---- C:\ProgramData
2010-01-22 12:12:36 ----D---- C:\Windows\system32\catroot2
2010-01-20 09:37:20 ----D---- C:\Program Files
2010-01-20 07:13:37 ----SHD---- C:\Windows\Installer
2010-01-20 07:13:37 ----SHD---- C:\Config.Msi
2010-01-19 12:47:15 ----D---- C:\Program Files\MyDefrag v4.2.6
2010-01-19 12:18:20 ----D---- C:\Users\khylian\AppData\Roaming\GlarySoft
2010-01-19 12:17:54 ----D---- C:\Program Files\Trend Micro
2010-01-19 12:15:04 ----D---- C:\Windows\system32\sysprep
2010-01-19 12:15:04 ----D---- C:\Windows\system32\drivers
2010-01-19 12:15:04 ----D---- C:\Windows\Acer_Normal
2010-01-19 12:14:59 ----D---- C:\Users\khylian\AppData\Roaming\Vidalia
2010-01-19 12:14:59 ----D---- C:\Users\khylian\AppData\Roaming\Tor
2010-01-19 12:14:53 ----D---- C:\Program Files\No-IP
2010-01-19 12:14:53 ----D---- C:\Program Files\Microsoft Works
2010-01-19 12:05:02 ----SD---- C:\Windows\Downloaded Program Files
2010-01-17 16:26:53 ----D---- C:\ProgramData\Messenger Plus!
2010-01-17 07:17:55 ----D---- C:\Program Files\Messenger Plus! Live
2010-01-15 12:28:59 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-13 12:33:38 ----D---- C:\Program Files\Windows Mail
2010-01-13 10:48:27 ----D---- C:\ProgramData\Adobe
2010-01-13 10:48:27 ----D---- C:\Program Files\Common Files\Adobe
2010-01-13 10:48:21 ----D---- C:\Program Files\Adobe
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-04 13:00:20 ----D---- C:\Program Files\Visual IP Trace 2009
2010-01-04 13:00:09 ----D---- C:\Program Files\NeoTrace Express

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2003-10-10 52128]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 irda;Protocole IrDA; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-20 3514368]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-17 1971928]
R3 irsir;Pilote série infrarouge Microsoft; C:\Windows\system32\DRIVERS\irsir.sys [2008-01-21 20992]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-21 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-09-01 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-06-03 25280]
S3 KMWDFilter;KMWDFilter; \??\C:\Windows\System32\Drivers\KMWDFilter.SYS [2008-03-22 17024]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mirrorv3;mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 30752]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-21 7629632]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-10-12 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-06-13 247808]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [2008-01-17 24635]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-02-19 655360]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Mouse Driver\KMWDSrv.exe [2008-05-30 208896]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\system32\libusbd-nt.exe [2005-03-09 18944]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 lxcr_device;lxcr_device; C:\Windows\system32\lxcrcoms.exe [2006-12-11 537520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-03 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2010-01-13 70896]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Apache2;Apache2; C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe [2006-07-27 20539]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S2 mysql;mysql; C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql []
S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-15 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-25 2736890]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-01-06 104944]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

personne pour m'aider??

soit patient, les pros passeront

ok merci
j'attends alors

Salut à toi et bienvenue,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

[*:kzc0mpbd]Lance l'installation du programme en exécutant le fichier téléchargé.[/*:m:kzc0mpbd]
[*:kzc0mpbd]Double-clique maintenant sur le raccourci de Toolbar-S&D.( avec Vista, clic droit sur le raccourcis et lancer comme Administrateur )[/*:m:kzc0mpbd]
[*:kzc0mpbd]Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.[/*:m:kzc0mpbd]
[*:kzc0mpbd]Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.[/*:m:kzc0mpbd]
[*:kzc0mpbd]Poste le rapport généré. (C:\TB.txt)[/*:m:kzc0mpbd]

// ! Important ! \\
=======================

Ps:
======
Conseil d'ordre général
Aller sur le Net avec Windows Internet Explorer, n'est pas souhaitable.
Pour vous en convaincre, un petit test de votre navigateur
http://acid3.acidtests.org/
Comparez-donc Windows Internet Explorer avec Mozilla-Firefox (ce dernier devrait atteindre les 71 )
Quand à Windows Internet Explorer, j'en laisse la surprise...

Toutefois, ce qui ne veut pas dire que Windows Internet Explorer, ne doit pas être à jour ! (vérifier que vous avez la dernière version ! )

Télécharger Mozilla-Firefox 3.0. X. (le X représente évidemment la dernière version ) et le mettre à l'install comme Navigateur par défaut.
http://www.mozilla-europe.org/fr/firefox/
-->source ici de conseils
Eviter à tous prix de poster dans plusieurs Forum à la fois...pas de multi-postage donc !
sujet-29815.html


Poster les 2 rapports demandés (log.txt et info.txt)
En cas de fichier trop gros, suffit de le diviser sur deux réponses, ou plus.....




PS:
si tu ne peux pas télécharger en direct avec la machine infectée, il est évident qu'il faut faire usage, d'une carte SD ou clé usb via un autre PC.

voici le rapport
(j'ai poster nulle par d'autre ) que ici


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : BIOS Date: 04/16/08 08:43:57 Ver: 08.00.15
USER : khylian ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081221-0] 4.8.1229 (Not Activated)
C:\ (Local Disk) - NTFS - Total:144 Go (Free:80 Go)
D:\ (Local Disk) - NTFS - Total:144 Go (Free:104 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 29/01/2010|13:36 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.google.com"
"Start Page"="http://www.orange.fr/"
"Start Page Restore"="http://www.orange.fr/"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.fr.acer.yahoo.com"
"Default_Page_URL"="http://fr.fr.acer.yahoo.com"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\khylian\AppData\Roaming\uTorrent\Adobe Photoshop CS4 Extended + Keygens.rar.torrent
C:\Users\khylian\AppData\Roaming\uTorrent\photoshop CS3 + crack + patch fr.iso.torrent
C:\Users\khylian\AppData\Roaming\uTorrent\Photoshop CS3 with Crack.zip.torrent
C:\Users\khylian\Documents\Keygens
C:\Users\khylian\Documents\Keygens\keygen.exe


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 29/01/2010|13:37 - Option : [1]

-----------\\ Fin du rapport a 13:37:14,49

re,

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

voici le second rapport



-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : BIOS Date: 04/16/08 08:43:57 Ver: 08.00.15
USER : khylian ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081221-0] 4.8.1229 (Not Activated)
C:\ (Local Disk) - NTFS - Total:144 Go (Free:80 Go)
D:\ (Local Disk) - NTFS - Total:144 Go (Free:104 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 30/01/2010| 5:46 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.google.com"
"Start Page"="http://www.orange.fr/"
"Start Page Restore"="http://www.orange.fr/"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://fr.fr.acer.yahoo.com"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\khylian\AppData\Roaming\uTorrent\Adobe Photoshop CS4 Extended + Keygens.rar.torrent
C:\Users\khylian\AppData\Roaming\uTorrent\photoshop CS3 + crack + patch fr.iso.torrent
C:\Users\khylian\AppData\Roaming\uTorrent\Photoshop CS3 with Crack.zip.torrent
C:\Users\khylian\Documents\Keygens
C:\Users\khylian\Documents\Keygens\keygen.exe


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 29/01/2010|13:37 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 30/01/2010| 5:47 - Option : [2]

-----------\\ Fin du rapport a 5:47:08,48

re,


Ensuite fais ceci:

Télécharge Malwarebytes' Anti-Malware et installe le (assure toi qu'il se soit bien mis à jour avant de passer à la suite).

-->source ici
note:
=========
Si tu as déjà le logiciel sur ta machine, faire une mise à jour

ensuite,

* Redémarre en mode sans échec :

o Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
o A la place du chargement normal de Windows, un menu avec différentes options devrait aparaître.
o Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
o Choisis ton compte.

* Si besoin: pour une aide visuelle clic ici

* Lance MBAM et sélectionne "Exécuter un examen rapide". Patiente le temps du scan.
* Une fois le scan terminé,clique sur "Supprimer la sélection".


Si MBAM a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Enregistre le rapport sur ton Bureau lorsqu'il s'affichera.
Poste le rapport dans ta prochaine réponse.

ps:
--->aide visuelle sur Mbam ici

voici le rapport


Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3670
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18882

01/02/2010 09:10:35
mbam-log-2010-02-01 (09-10-35).txt

Type de recherche: Examen rapide
Eléments examinés: 112020
Temps écoulé: 4 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.Gibmedia) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Winsudate (Adware.Gibmedia) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Winsudate\gibcom.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibidl.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibupt.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\minftnet.exe (Adware.Agent) -> Quarantined and deleted successfully.

re,

Fais un Scan seul Hijackthis
====================================

Fais un nouveau rapport Hijackthis et colle le rapport, (clique droit -> lancer en tant qu'administrateur sous Vista)
Hijackthis est sensé être déjà installé sur ta machine si tu as fais la procédure RSTI.
Il se trouve donc à cet endroit sous le nom de :

Citation

C:\Users\khylian\Downloads\khylian.exe



--->aide visuelle, clic ici

ps: la version de Hijackthis doit être:

oui il est installé
voici le rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:38:49, on 01/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\khylian\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\khylian\AppData\Roaming\Mozilla\Firefox\Profiles\ie7ubm1n.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MessLive Auto Update] C:\Users\khylian\Desktop\MessLive Patch.exe -a_update
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: E&xporter vers Microsoft Excel - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apache2 - Apache Software Foundation - C:\PROGRA~1\EASYPH~1.0B1\Apache\bin\apache.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 8699 bytes

re,

Fais un scan seul avec Hijackthis. (clique droit -> lancer en tant qu'adminstrateur sous Vista)
cocher + fixer ces lignes, qui sont à l'intérieur du cadre


Citation

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MessLive Auto Update] C:\Users\khylian\Desktop\MessLive Patch.exe -a_update
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)



source du tuto ici

ensuite:

On va désinstaller le sevice Bonjour, (inutile )
télécharger ce petit utilitaire sur le bureau
http://download.gizmoproject.com/jasmin ... onjour.exe
Une fois celà fais, lance l'outil que tu viens de télécharger (double-clic dessus )
Le service est désinstallé.

reposte ensuite un rapport seul de hijackthis.