Virus dans C:\WINDOWS\system32\ geedc.dll

Résolu
thomasdeb -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
J'ai une fenêtre de Antivir qui s'ouvre tout le temps pour me dire qu'il a trouvé un virus, un trojan plus précisément dans C:\WINDOWS\system32\ geedc.dll
La fenêtre n'arrête pas de s'ouvir toutes les deux secondes depuis que j'ai démarré mon ordinateur. ca serait gentil de m'aider...Un grand merci!
Configuration: Windows XP
Internet Explorer 7.0

18 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut thomasdeb,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    0
  2. thomasdeb
     
    Merci! Voila le rapport :

    ComboFix 07-12-02.6 - CARREFOUR 2007-12-04 19:50:30.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.327 [GMT 1:00]
    Running from: C:\Documents and Settings\CARREFOUR\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Fichiers communs\Yazzle1848OinUninstaller.exe
    C:\WINDOWS\system32\cdeeg.ini
    C:\WINDOWS\system32\cdeeg.ini2
    C:\WINDOWS\system32\jkkiggg.dll
    C:\WINDOWS\system32\nnnkihe.dll
    C:\WINDOWS\system32\ssqpq.dll
    C:\WINDOWS\system32\vturssq.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_IPRIP
    -------\Iprip

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-04 19:16 . 2007-12-04 19:16 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-12-04 18:04 . 2007-12-04 18:04 9 --a------ C:\WINDOWS\system32\1e7f8303
    2007-12-04 17:49 . 2007-12-04 17:49 331,872 --------- C:\WINDOWS\system32\geedc.dll
    2007-12-02 17:38 . 2007-12-02 17:38 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\FileMaker
    2007-12-02 17:38 . 2007-12-02 17:38 215 --a------ C:\WINDOWS\STRYBORD.INI
    2007-12-02 17:36 . 2007-12-02 17:42 <REP> d-------- C:\Program Files\Storyboard tools
    2007-12-02 17:34 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
    2007-11-26 20:35 . 2007-11-26 20:42 300,364 --a------ C:\WINDOWS\system32\geebc.dll
    2007-11-24 13:42 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\MOVAVI
    2007-11-24 13:41 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\ConvertMovie 5.0
    2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\AVS4YOU
    2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2007-11-24 13:16 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
    2007-11-24 13:15 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\AVS4YOU
    2007-11-24 13:15 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-11-24 13:15 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
    2007-11-24 13:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
    2007-11-24 13:15 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-11-24 13:15 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
    2007-11-24 13:15 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
    2007-11-24 13:15 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
    2007-11-24 13:15 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
    2007-11-24 13:00 . 2007-11-24 13:04 <REP> d-------- C:\Program Files\Video Convert Master
    2007-11-24 13:00 . 2002-11-25 17:53 425,984 --a------ C:\WINDOWS\system32\xvid.dll
    2007-11-24 13:00 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2007-11-24 13:00 . 2003-06-05 17:30 316,640 --a------ C:\WINDOWS\system32\WMSysPr9.prx
    2007-11-24 13:00 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
    2007-11-24 13:00 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-24 12:28 . 2007-11-24 12:37 <REP> d-------- C:\divx
    2007-11-24 11:59 . 2007-11-24 11:59 <REP> d-------- C:\Temp
    2007-11-24 11:40 . 2007-11-24 11:40 <REP> d-------- C:\Program Files\Micro Application
    2007-11-24 11:23 . 2007-11-24 11:23 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\TVU Networks
    2007-11-20 21:02 . 2007-11-24 15:56 156 --a------ C:\WINDOWS\Twunk001.MTX
    2007-11-20 21:02 . 2007-11-24 15:57 3 --a------ C:\WINDOWS\Twain001.Mtx
    2007-11-20 21:02 . 2007-11-20 21:02 0 --a------ C:\WINDOWS\Twunk002.MTX
    2007-11-20 20:55 . 2007-11-20 20:55 <REP> d-------- C:\Program Files\Vstplugins
    2007-11-20 19:18 . 2007-11-20 19:18 <REP> d-------- C:\MIKA
    2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Program Files\DVD Shrink
    2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-11-19 22:37 . 2002-05-23 11:57 1,295,495 -ra------ C:\Installation de Macromedia Studio MX.exe
    2007-11-19 21:18 . 2007-11-19 21:18 <REP> d-------- C:\VundoFix Backups
    2007-11-19 21:07 . 2007-12-04 19:23 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-19 21:07 . 2007-11-19 21:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-11-19 21:07 . 2007-11-19 21:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-11-19 21:07 . 2007-11-19 21:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-11-18 16:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-11-17 20:24 . 2007-11-18 12:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-11-17 20:19 . 2007-11-17 20:19 <REP> d-------- C:\Program Files\Bonjour
    2007-11-17 17:41 . 2007-11-17 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2007-11-17 12:55 . 2007-11-17 12:58 461,969,208 --a------ C:\ADBEPHSPCS3_WWF.exe
    2007-11-16 20:57 . 2007-11-16 20:57 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-11-16 20:48 . 2007-11-16 20:48 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Talkback
    2007-11-16 20:48 . 2007-11-16 20:48 0 --a------ C:\WINDOWS\nsreg.dat
    2007-11-10 16:47 . 2007-11-10 16:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2007-11-10 15:52 . 2007-11-10 15:52 <REP> d-------- C:\Program Files\Stardock
    2007-11-10 15:52 . 2007-05-26 12:34 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2007-11-05 21:35 . 2007-11-27 17:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Skype
    2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Skype
    2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-04 16:48 . 2007-11-04 16:48 <REP> d-------- C:\Program Files\CCleaner
    2007-11-04 15:37 . 2007-11-04 15:37 <REP> d-------- C:\Program Files\Network Stumbler

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-24 14:47 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\dvdcss
    2007-11-20 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
    2007-11-20 19:54 --------- d-----w C:\Program Files\Sony
    2007-11-18 15:05 --------- d-----w C:\Program Files\Java
    2007-11-17 19:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-15 15:26 56,984 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-14 16:37 --------- d-----w C:\Program Files\LimeWire
    2007-11-03 17:27 --------- d--h--r C:\Documents and Settings\CARREFOUR\Application Data\SecuROM
    2007-11-03 17:22 --------- d-----w C:\Program Files\Sports Interactive
    2007-11-02 15:34 --------- d-----w C:\Program Files\aMSN
    2007-11-02 13:28 --------- d-----w C:\Program Files\Windows Live
    2007-11-02 13:28 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-02 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-11-02 13:27 3,966,288 ----a-w C:\MsgPlusLive-423.exe
    2007-10-29 20:25 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-28 16:29 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\SecondLife
    2007-10-28 15:45 1,271,557 ----a-w C:\wrar371fr.exe
    2007-10-27 10:33 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sports Interactive
    2007-10-27 10:11 --------- d--h--w C:\Program Files\Zero G Registry
    2007-10-15 18:48 --------- d-----w C:\Program Files\activePDF
    2007-10-15 17:46 --------- d-----w C:\Program Files\Microsoft SQL Server
    2007-10-15 17:45 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sony
    2007-10-15 17:42 --------- d-----w C:\Program Files\Sony Setup
    2007-05-09 15:33 4 --shatr C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
    2006-10-27 10:24 234 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\wklnhst.dat
    2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    2006-10-15 13:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260F0CE0-DDB8-4B9A-BC54-41E9D851BE3B}]
    2007-12-04 17:49 331872 --------- C:\WINDOWS\system32\geedc.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
    "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:04]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\geedc.dll

    S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-10-17 12:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-12-04 18:41:22 C:\WINDOWS\Tasks\User_Feed_Synchronization-{963202E6-12AC-49F5-83B8-F18820163D45}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-04 19:58:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-04 20:02:09 - machine was rebooted
    .
    --- E O F ---
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\1e7f8303
    C:\WINDOWS\system32\geedc.dll
    C:\WINDOWS\uninst.exe

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{260F0CE0-DDB8-4B9A-BC54-41E9D851BE3B}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    hijack this :

    Télécharge HijackThis ici :

    -> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html

    Tutoriel d´installation (images) :

    -> http://pchelpbordeaux.free.fr/tuto.html

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...

    @+
    0
  4. thomasdeb
     
    Voila le rapport Combofix :

    ComboFix 07-12-02.6 - CARREFOUR 2007-12-04 20:59:14.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.448 [GMT 1:00]
    Running from: C:\Documents and Settings\CARREFOUR\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\CARREFOUR\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\1e7f8303
    C:\WINDOWS\system32\geedc.dll
    C:\WINDOWS\uninst.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\1e7f8303
    C:\WINDOWS\system32\geedc.dll
    C:\WINDOWS\uninst.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-04 20:20 . 2007-12-04 21:02 6,557 --ahs---- C:\WINDOWS\system32\cdeeg.ini2
    2007-12-04 20:20 . 2007-12-04 21:04 6,557 --ahs---- C:\WINDOWS\system32\cdeeg.ini
    2007-12-04 19:16 . 2007-12-04 19:16 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-12-02 17:38 . 2007-12-02 17:38 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\FileMaker
    2007-12-02 17:38 . 2007-12-02 17:38 215 --a------ C:\WINDOWS\STRYBORD.INI
    2007-12-02 17:36 . 2007-12-02 17:42 <REP> d-------- C:\Program Files\Storyboard tools
    2007-11-26 20:35 . 2007-11-26 20:42 300,364 --a------ C:\WINDOWS\system32\geebc.dll
    2007-11-24 13:42 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\MOVAVI
    2007-11-24 13:41 . 2007-11-24 13:42 <REP> d-------- C:\Program Files\ConvertMovie 5.0
    2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\AVS4YOU
    2007-11-24 13:17 . 2007-11-24 13:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2007-11-24 13:16 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
    2007-11-24 13:15 . 2007-11-24 14:35 <REP> d-------- C:\Program Files\AVS4YOU
    2007-11-24 13:15 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-11-24 13:15 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
    2007-11-24 13:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
    2007-11-24 13:15 . 2007-02-27 19:36 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-11-24 13:15 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
    2007-11-24 13:15 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
    2007-11-24 13:15 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
    2007-11-24 13:15 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
    2007-11-24 13:00 . 2007-11-24 13:04 <REP> d-------- C:\Program Files\Video Convert Master
    2007-11-24 13:00 . 2002-11-25 17:53 425,984 --a------ C:\WINDOWS\system32\xvid.dll
    2007-11-24 13:00 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
    2007-11-24 13:00 . 2003-06-05 17:30 316,640 --a------ C:\WINDOWS\system32\WMSysPr9.prx
    2007-11-24 13:00 . 2007-02-27 19:36 53,248 --a------ C:\WINDOWS\system32\xvid.ax
    2007-11-24 13:00 . 2003-05-21 23:50 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-24 12:28 . 2007-11-24 12:37 <REP> d-------- C:\divx
    2007-11-24 11:59 . 2007-11-24 11:59 <REP> d-------- C:\Temp
    2007-11-24 11:40 . 2007-11-24 11:40 <REP> d-------- C:\Program Files\Micro Application
    2007-11-24 11:23 . 2007-11-24 11:23 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\TVU Networks
    2007-11-20 21:02 . 2007-11-24 15:56 156 --a------ C:\WINDOWS\Twunk001.MTX
    2007-11-20 21:02 . 2007-11-24 15:57 3 --a------ C:\WINDOWS\Twain001.Mtx
    2007-11-20 21:02 . 2007-11-20 21:02 0 --a------ C:\WINDOWS\Twunk002.MTX
    2007-11-20 20:55 . 2007-11-20 20:55 <REP> d-------- C:\Program Files\Vstplugins
    2007-11-20 19:18 . 2007-11-20 19:18 <REP> d-------- C:\MIKA
    2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Program Files\DVD Shrink
    2007-11-19 22:46 . 2007-11-19 22:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-11-19 22:37 . 2002-05-23 11:57 1,295,495 -ra------ C:\Installation de Macromedia Studio MX.exe
    2007-11-19 21:18 . 2007-11-19 21:18 <REP> d-------- C:\VundoFix Backups
    2007-11-19 21:07 . 2007-12-04 19:23 <REP> d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-19 21:07 . 2007-11-19 21:07 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-11-19 21:07 . 2007-11-19 21:07 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-11-19 21:07 . 2007-11-19 21:07 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-11-18 16:05 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
    2007-11-17 20:24 . 2007-11-18 12:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-11-17 20:19 . 2007-11-17 20:19 <REP> d-------- C:\Program Files\Bonjour
    2007-11-17 17:41 . 2007-11-17 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2007-11-17 12:55 . 2007-11-17 12:58 461,969,208 --a------ C:\ADBEPHSPCS3_WWF.exe
    2007-11-16 20:57 . 2007-11-16 20:57 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-11-16 20:48 . 2007-11-16 20:48 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Talkback
    2007-11-16 20:48 . 2007-11-16 20:48 0 --a------ C:\WINDOWS\nsreg.dat
    2007-11-10 16:47 . 2007-11-10 16:47 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
    2007-11-10 15:52 . 2007-11-10 15:52 <REP> d-------- C:\Program Files\Stardock
    2007-11-10 15:52 . 2007-05-26 12:34 42,672 --------- C:\WINDOWS\system32\wbsys.dll
    2007-11-05 21:35 . 2007-11-27 17:17 <REP> d-------- C:\Documents and Settings\CARREFOUR\Application Data\Skype
    2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Skype
    2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2007-11-05 21:34 . 2007-11-05 21:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-04 16:48 . 2007-11-04 16:48 <REP> d-------- C:\Program Files\CCleaner
    2007-11-04 15:37 . 2007-11-04 15:37 <REP> d-------- C:\Program Files\Network Stumbler

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-24 14:47 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\dvdcss
    2007-11-20 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
    2007-11-20 19:54 --------- d-----w C:\Program Files\Sony
    2007-11-18 15:05 --------- d-----w C:\Program Files\Java
    2007-11-17 19:19 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-11-15 15:26 56,984 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-14 16:37 --------- d-----w C:\Program Files\LimeWire
    2007-11-03 17:27 --------- d--h--r C:\Documents and Settings\CARREFOUR\Application Data\SecuROM
    2007-11-03 17:22 --------- d-----w C:\Program Files\Sports Interactive
    2007-11-02 15:34 --------- d-----w C:\Program Files\aMSN
    2007-11-02 13:28 --------- d-----w C:\Program Files\Windows Live
    2007-11-02 13:28 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-02 13:28 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-11-02 13:27 3,966,288 ----a-w C:\MsgPlusLive-423.exe
    2007-10-29 20:25 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-10-28 16:29 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\SecondLife
    2007-10-28 15:45 1,271,557 ----a-w C:\wrar371fr.exe
    2007-10-27 10:33 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sports Interactive
    2007-10-27 10:11 --------- d--h--w C:\Program Files\Zero G Registry
    2007-10-15 18:48 --------- d-----w C:\Program Files\activePDF
    2007-10-15 17:46 --------- d-----w C:\Program Files\Microsoft SQL Server
    2007-10-15 17:45 --------- d-----w C:\Documents and Settings\CARREFOUR\Application Data\Sony
    2007-10-15 17:42 --------- d-----w C:\Program Files\Sony Setup
    2007-05-09 15:33 4 --shatr C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
    2006-10-27 10:24 234 ----a-w C:\Documents and Settings\CARREFOUR\Application Data\wklnhst.dat
    2006-10-15 13:35 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 22:00]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
    "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 13:17]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 13:13]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 13:17]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 20:54]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 12:38]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-11 18:04]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 22:00]

    S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
    S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe -k p2psvc
    S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys
    S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe -k p2psvc

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-10-17 12:08:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-12-04 19:18:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{963202E6-12AC-49F5-83B8-F18820163D45}.job"
    - C:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-04 21:07:01
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???HZ??????(?@???????@

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-04 21:10:26 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-04 20:02
    .
    --- E O F ---

    Et maintenant le Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:16:29, on 4/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\CARREF~1\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sport.be/fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYBE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/nl-be?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF&checklang=1
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://about.proquest.com/products-services/ebooks/ebooks-main.html
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://belgacom.extrafilm.be/ImageUploader4.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    a l´aide hijack this coche les lignes ci dessous
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYBE
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    comment fixer :

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    installe un par feu

    par feu : kerio

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    ou zone alarm plus facil a configurer mais moins performant

    http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

    et fais un scan complet avec antivir et post le rapport ici :

    une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    @+
    0
  7. david1970 Messages postés 55 Statut Membre
     
    bonsoir g!rly dis moi quel est le meilleur antivirus au monde merci
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    david,

    il n´y a pas de meilleur antivir...

    moi perso j´aime bien antivir, de plus il est gratuit...
    0
  9. david1970 Messages postés 55 Statut Membre
     
    mais antivir na pas pare-feu
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    oui mais comme tu voie ci dessus je conseil kerio ou zone alarm
    moi perso j´ai antivir et kerio plus des antispyware residents...
    0
  11. david1970 Messages postés 55 Statut Membre
     
    on ma dit que ya des antivirus avec pare-feu integret
    0
  12. thomasdeb
     
    J'ai installé Zone Alarm et j'ai fait ce que ti m'avais demandé dans hijack this.
    Maintenant je fais le scan dans antivir mais ca va prendre quelques temps donc je ne sais pas si je saurai poster le rapport encore ce soir mais sinon il sera la demain des que je peux...
    Un grand merci en tout cas a++
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    thomasdeb,

    de rien,

    je regarderais le rapport demain

    bonne fin de soirée ;-)

    @+
    0
  14. thomasdeb
     
    Bonsoir g!rly,
    J'ai fait tout ce que tu m'as demandé et j'ai fait l'analyse Antivir. Je suis désolé pour le retard mais l'analyse a pris beaucoup de temps. Je te met le rapport Antivir comme demandé :

    AntiVir PersonalEdition Classic
    Report file date: mercredi 5 décembre 2007 19:40

    Scanning for 960575 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: PC170492831317

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 7/09/2007 10:48:42
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 7/09/2007 10:48:42
    LUKE.DLL : 7.0.5.3 147496 Bytes 7/09/2007 10:48:43
    LUKERES.DLL : 7.0.6.1 10280 Bytes 7/09/2007 10:48:43
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:41:37
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 16:41:52
    ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 19:31:48
    ANTIVIR3.VDF : 7.0.1.44 70144 Bytes 4/12/2007 19:28:19
    AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 7/11/2007 18:06:48
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 21/04/2007 19:47:13
    AVPREF.DLL : 7.0.2.2 25640 Bytes 7/09/2007 10:48:42
    AVREP.DLL : 7.0.0.1 155688 Bytes 21/04/2007 19:47:16
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 4/08/2007 09:46:39
    AVREG.DLL : 7.0.1.6 30760 Bytes 7/09/2007 10:48:42
    AVARKT.DLL : 1.0.0.20 278568 Bytes 7/09/2007 10:48:40
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/09/2007 10:48:42
    NETNT.DLL : 7.0.0.0 7720 Bytes 21/04/2007 19:47:15
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/09/2007 10:48:32
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 7/09/2007 10:48:32
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/09/2007 10:48:43

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: mercredi 5 décembre 2007 19:40

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'epmworker.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
    Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
    Scan process 'HPQTOA~1.EXE' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'QTTask.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'QPService.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
    Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
    Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    54 processes with 54 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '35' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\qoobox\Quarantine\catchme2007-12-04_210640.71.zip
    [0] Archive type: ZIP
    --> geedc.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\qoobox\Quarantine\C\WINDOWS\system32\geedc.dll.vir
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{B0D22BE2-A227-4068-A48A-E6B79217B4BA}\RP251\A0143544.dll
    [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{B0D22BE2-A227-4068-A48A-E6B79217B4BA}\RP254\A0143621.dll
    [DETECTION] Is the Trojan horse TR/Trash.Gen
    [INFO] The file was deleted!
    Begin scan in 'D:\' <HP_RECOVERY>

    End of the scan: mercredi 5 décembre 2007 22:20
    Used time: 2:40:13 min

    The scan has been done completely.

    14775 Scanning directories
    747423 Files were scanned
    4 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    4 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    747419 Files not concerned
    9864 Archives were scanned
    2 Warnings
    31 Notes

    Je ne sais pas si je dois encore faire quelque chose ou pas. Un grand merci en tout cas...
    A+++
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut thomas

    fais ceci :

    Désactive ta restauration système:
    pour cela :
    Click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration système;
    coche la case désactiver la restauration systèm et applique.
    puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
    dans la nouvelle fenettre click sur l´onglet restauration systèm
    décoche la case désactiver la restauration systèm et applique.

    et tu peux supprimer tous les outils que nous avons utilisé

    dis moi quoi

    @+
    0
  16. thomasdeb
     
    Voilà j'ai fait tout cela. Je ne dois pas créer un nouveau point de restauration ? Et dans mon lecteur C, j'ai un dossier qui s'est crée quand j'ai installé Combofix je pense qui s'appelle Qoobox, avec notamment à l'intérieur le fichier CFScript, je le supprime aussi ?
    Je n'ai plus eu d'alertes de virus. Merci!
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    bah en faite la manip que je t´ai ecrit sur le point de restauration cré un nouveau point propre

    oui supprime le fichier qoobox

    de rien ;-)

    @+
    0
  18. thomasdeb
     
    Voila je pense que c'est terminé. je te remercie beaucoup beaucoup....
    Bonne soirée a+
    Thomas
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok
    bonne soirée ;-)
    bonne continuation
    bye`
    0