Infection win32:Small-gen2 besoin d'aide Résolu

Question

Bonjour,
A chaque démarrage j'ai un message d'avast qui me dit avoir trouvé un cheval de troie,
nom du fichier: C:\DOCUME~1\ethan\LOCALS~1\Temp	mp13.tmp,
Nom logiciel malveillant: Win32:Small-gen2 [Trj],
version vps: 071206-0, 06/12/2007

je mets en quarantaine et au démarrage suivant rebelote, 

je vous joint les rapportshijackthis et ccleaner

hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 15:59:43, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
C:\Program Files\utilitaire\avast\aswUpdSv.exe
C:\Program Files\utilitaire\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\utilitaire\avast\ashMaiSv.exe
C:\Program Files\utilitaire\avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe
C:\Program Files\utilitaire
ero\InCD\InCD.exe
C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe
C:\Program Files\utilitaire\hp\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\msupd14766.exe
C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=ENG
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\utilitaire
ero\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe"  -osboot
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias
o-spy.exe /autorun
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: msupd14766.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
O4 - Global Startup: Update_0711_KB091802.exe
O4 - Global Startup: Update_0711_KB091803.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\utilitaire\avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\utilitaire\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\utilitaire\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\utilitaire\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

ccleaner:
Logfile of HijackThis v1.99.1
Scan saved at 15:59:43, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
C:\Program Files\utilitaire\avast\aswUpdSv.exe
C:\Program Files\utilitaire\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\utilitaire\avast\ashMaiSv.exe
C:\Program Files\utilitaire\avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe
C:\Program Files\utilitaire
ero\InCD\InCD.exe
C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe
C:\Program Files\utilitaire\hp\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\msupd14766.exe
C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=ENG
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\utilitaire
ero\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe"  -osboot
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias
o-spy.exe /autorun
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: msupd14766.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
O4 - Global Startup: Update_0711_KB091802.exe
O4 - Global Startup: Update_0711_KB091803.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\utilitaire\avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\utilitaire\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\utilitaire\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\utilitaire\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Merci d'avance

g!rly · Answer

salut chacha106,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

chacha106 · Answer

Bonjour Girly, alors voici le rapport de combofix: ComboFix 07-12-07.3 - ethan 2007-12-07 20:09:53.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.225 [GMT 1:00] Running from: C:\Documents and Settings\ethan\Bureau\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))))))) . 2007-12-07 13:49 . 2007-12-07 14:34 d-------- C:\WINDOWS\BDOSCAN8 2007-12-07 13:41 . 2007-12-07 13:41 d-------- C:\Program Files\Panda Security 2007-12-04 20:46 . 2007-12-04 20:47 d-------- C:\Program Files\AVG Anti-Spyware 7.5 2007-12-04 20:46 . 2007-12-04 20:46 d-------- C:\Documents and Settings\ethan\Application Data\Grisoft 2007-12-04 20:46 . 2007-12-04 20:46 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-04 20:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-04 20:12 . 2007-12-04 20:12 2,811,808 --a------ C:\upload_moi_TOSTAKY.tar.gz 2007-12-04 20:00 . 2007-12-04 20:02 d-------- C:\Program Files\Navilog1 2007-12-04 15:33 . 2007-12-07 15:59 d-------- C:\Program Files\Hijackthis Version Française 2007-12-03 21:09 . 2007-12-03 21:09 d-------- C:\Program Files\CCleaner 2007-11-16 19:29 . 2007-11-16 19:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-16 19:29 . 2007-11-16 19:29 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-15 12:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 14:46 --------- d-----w C:\Program Files\Google 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-12-03 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-15 11:41 --------- d-----w C:\Program Files\Java 2007-11-05 15:08 --------- d-----w C:\Program Files\Maya l'Abeille 2007-10-25 09:22 --------- d-----w C:\Program Files\Shareaza 2007-10-25 09:22 --------- d-----w C:\Documents and Settings\ethan\Application Data\Shareaza 2007-10-25 09:06 --------- d-----w C:\Program Files\Neuf 2007-10-18 13:05 --------- d-----w C:\Program Files\GIMP-2.0 2007-10-18 12:57 --------- d-----w C:\Program Files\GTK 2007-10-12 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-12 16:06 --------- d-----w C:\Program Files\SlySoft 2007-10-12 15:40 --------- d-----w C:\Program Files\Fichiers communs\aolshare 2007-10-12 15:40 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-10-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2005-05-23 18:46 284 ----a-w C:\Documents and Settings\ethan\Application Data\ViewerApp.dat 1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll 2005-07-26 12:07 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin 2005-04-20 16:57 56 --sh--r C:\WINDOWS\system32\BD8297FA5C.sys 2005-09-01 14:28 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PopUpStopperFreeEdition"="C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe" [2005-03-17 10:10] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPpromo psc 2175"="C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe" [2003-09-08 15:16] "AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2006-11-17 12:41] "InCD"="C:\Program Files\utilitaire ero\InCD\InCD.exe" [2005-01-03 10:41] "avast!"="C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe" [2007-12-04 14:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "TkBellExe"="realsched.exe" [] "Sin Espias"="C:\Program Files\SinEspias\No-Spy.exe" [] "stnospy"="C:\Program Files\SinEspias o-spy.exe" [] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12] "HostManager"="C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe" [2006-11-17 14:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-05 10:34] "!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-04-19 12:59] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\utilitaire\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe -osboot R1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\system32\drivers\prodrv04.sys S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys S3 Defender;Defender;\??\C:\Program Files\SinEspias\Defender.sys S3 PWIPENUM;PWIPENUM;\??\C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys S3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2005-07-28 13:56:53 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1114013460.job" - C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqfrucl.exe4-I . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-07 20:11:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-07 20:12:44 . --- E O F --- Merci encore de ton aide

g!rly · Answer

re,

relance hijack this et coche et fix les lignes ci dessous:

O4 - Global Startup: msupd14766.exe
O4 - Global Startup: Update_0711_KB091802.exe
O4 - Global Startup: Update_0711_KB091803.exe

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

puis :

Copie le texte ci-dessous :

File::
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\upload_moi_TOSTAKY.tar.gz
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\msupd14766.exe

Folder::
C:\Program Files\Navilog1

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 


Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

@+

chacha106 · Answer

Ok voilà déjà les rapports de combofix et hijackthis: ComboFix 07-12-07.3 - ethan 2007-12-07 21:11:13.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.212 [GMT 1:00] Running from: C:\Documents and Settings\ethan\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ethan\Bureau\Nouveau dossier\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\msupd14766.exe C:\upload_moi_TOSTAKY.tar.gz C:\WINDOWS\QTFont.for C:\WINDOWS\QTFont.qfn . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))))))) . 2007-12-07 13:49 . 2007-12-07 14:34 d-------- C:\WINDOWS\BDOSCAN8 2007-12-07 13:41 . 2007-12-07 13:41 d-------- C:\Program Files\Panda Security 2007-12-04 20:46 . 2007-12-04 20:47 d-------- C:\Program Files\AVG Anti-Spyware 7.5 2007-12-04 20:46 . 2007-12-04 20:46 d-------- C:\Documents and Settings\ethan\Application Data\Grisoft 2007-12-04 20:46 . 2007-12-04 20:46 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-04 20:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-04 15:33 . 2007-12-07 20:51 d-------- C:\Program Files\Hijackthis Version Française 2007-12-03 21:09 . 2007-12-03 21:09 d-------- C:\Program Files\CCleaner 2007-11-15 12:41 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 14:46 --------- d-----w C:\Program Files\Google 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-12-03 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-15 11:41 --------- d-----w C:\Program Files\Java 2007-11-05 15:08 --------- d-----w C:\Program Files\Maya l'Abeille 2007-10-25 09:22 --------- d-----w C:\Program Files\Shareaza 2007-10-25 09:22 --------- d-----w C:\Documents and Settings\ethan\Application Data\Shareaza 2007-10-25 09:06 --------- d-----w C:\Program Files\Neuf 2007-10-18 13:05 --------- d-----w C:\Program Files\GIMP-2.0 2007-10-18 12:57 --------- d-----w C:\Program Files\GTK 2007-10-12 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-12 16:06 --------- d-----w C:\Program Files\SlySoft 2007-10-12 15:40 --------- d-----w C:\Program Files\Fichiers communs\aolshare 2007-10-12 15:40 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-10-12 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2005-05-23 18:46 284 ----a-w C:\Documents and Settings\ethan\Application Data\ViewerApp.dat 1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll 2005-07-26 12:07 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin 2005-04-20 16:57 56 --sh--r C:\WINDOWS\system32\BD8297FA5C.sys 2005-09-01 14:28 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PopUpStopperFreeEdition"="C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe" [2005-03-17 10:10] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPpromo psc 2175"="C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe" [2003-09-08 15:16] "AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2006-11-17 12:41] "InCD"="C:\Program Files\utilitaire ero\InCD\InCD.exe" [2005-01-03 10:41] "avast!"="C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe" [2007-12-04 14:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "TkBellExe"="realsched.exe" [] "Sin Espias"="C:\Program Files\SinEspias\No-Spy.exe" [] "stnospy"="C:\Program Files\SinEspias o-spy.exe" [] "NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12] "HostManager"="C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe" [2006-11-17 14:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-05 10:34] "!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-04-19 12:59] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 2000 Series.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 2000 Series.lnk backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\utilitaire\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 09:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe -osboot R1 prodrv04;Star Force copy protection driver v4;C:\WINDOWS\system32\drivers\prodrv04.sys S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys S3 Defender;Defender;\??\C:\Program Files\SinEspias\Defender.sys S3 PWIPENUM;PWIPENUM;\??\C:\Program Files\Panicware\Pop-Up Stopper Anti-Spyware\PWIPENUM.SYS S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys S3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys S3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2005-07-28 13:56:53 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1114013460.job" - C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqfrucl.exe4-I . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-07 21:12:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-07 21:13:43 C:\ComboFix2.txt ... 2007-12-07 20:58 C:\ComboFix3.txt ... 2007-12-07 20:12 . --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 21:14:36, on 07/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\utilitaire ero\InCD\InCDsrv.exe C:\Program Files\utilitaire\avast\aswUpdSv.exe C:\Program Files\utilitaire\avast\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\utilitaire\avast\ashMaiSv.exe C:\Program Files\utilitaire\avast\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe C:\Program Files\utilitaire ero\InCD\InCD.exe C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe C:\Program Files\utilitaire\hp\Digital Imaging\bin\hpotdd01.exe C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=ENG R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\utilitaire ero\InCD\InCD.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\UTILIT~1\avast\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias o-spy.exe /autorun O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe" O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar oolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\utilitaire\avast\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\utilitaire\avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\utilitaire\avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\utilitaire\avast\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\utilitaire ero\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe merci

g!rly · Answer

re,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

puis

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0 

et pourquoi ne pas surfer avec firefox? = plus sur,  tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

et

instale

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

puis regarde ceci concerant avast :

Antivir vs Avast :

->http://forum.malekal.com/ftopic3528.php

alors desinstale avast et instal antivir

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner... 

une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level 

et fais un scan complet de ta machine avec antivir en mode sans echec et post le rapport ici 

donc post les deux rapports celui de sdfix et celui d´antivir

@+

chacha106 · Answer

Ok je vais installer les logiciels dont tu parles, voila le rapport SDfix:
SDFix: Version 1.117

Run by ethan on 07/12/2007 at 21:23

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\ethan\Bureau\SDFIXE~1\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 21:28:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 20 Apr 2005            56 ..SHR --- "C:\WINDOWS\system32\BD8297FA5C.sys"
Thu  1 Sep 2005         2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun  9 Oct 2005         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished! 
merci

g!rly · Answer

ok

fais la suite

@+

chacha106 · Answer

Salut Girly,
Désolée mais j'ai bossée plus tard que prévu aujourd'hui, donc voilà le scan du disque dur local d'antivir

AntiVir PersonalEdition Classic
Report file date: vendredi 7 décembre 2007  23:43

Scanning for 963523 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         ethan
Computer name:    TOSTAKY

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30    1575424 Bytes  30/11/2007 20:56:38
ANTIVIR3.VDF : 7.0.1.60     112128 Bytes  07/12/2007 20:56:38
AVEWIN32.DLL : 7.6.0.40    3064320 Bytes  07/12/2007 20:56:38
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03/08/2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 7 décembre 2007  23:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Program Files\Hijackthis Version Française\backups\backup-20071207-205154-234-msupd14766.exe
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '47bcf19e.qua'!
C:\Program Files\Hijackthis Version Française\backups\backup-20071207-205154-524-Update_0711_KB091803.exe
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '46c98a3f.qua'!
C:\Program Files\Hijackthis Version Française\backups\backup-20071207-205154-745-Update_0711_KB091802.exe
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '47bcf1e0.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
      [DETECTION] Is the Trojan horse TR/Agent.bux.1
      [INFO]      The file was moved to '47c7f2be.qua'!
C:\Program Files\Panda Security\TotalScan\SETA0.tmp
      [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
      [INFO]      The file was moved to '47adf291.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\msupd14766.exe.vir
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '47cef368.qua'!


End of the scan: samedi 8 décembre 2007  02:31
Used time:  2:48:42 min

The scan has been done completely.

   4752 Scanning directories
 200278 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      6 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 200272 Files not concerned
    895 Archives were scanned
      1 Warnings
      0 Notes

Merci

g!rly · Answer

ok

aparemant ce n´est que des fichiers qui sont dans des quarantaines...

vide la quarantaine d´antivir .


fais ceci pour verifier :

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html   

@+

chacha106 · Answer

Ok pour avg antispy j'étais en train de le faire voici le rapport:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	20:19:14 08/12/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\ethan\Cookies\ethan@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\ethan\Cookies\ethan@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\ethan\Cookies\ethan@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\ethan\Cookies\ethan@revsci[1].txt -> TrackingCookie.Revsci : Nettoyé.
C:\Documents and Settings\ethan\Cookies\ethan@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\ethan\Cookies\ethan@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport

Merci

g!rly · Answer

ok
repost un nouveau hijack this stp

chacha106 · Answer

Voila le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 20:37:39, on 08/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe
C:\Program Files\utilitaire
ero\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\utilitaire\hp\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
C:\Program Files\kerio\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\kerio\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\kerio\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=ENG
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\utilitaire
ero\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe"  -osboot
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias
o-spy.exe /autorun
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\kerio\Personal Firewall\kpf4ss.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Merci

chacha106 · Answer

Salut Girly, alors je te mets à nouveau un raport antivir, et un rapport hijackthis

AntiVir PersonalEdition Classic
Report file date: vendredi 7 décembre 2007  23:43

Scanning for 963523 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         ethan
Computer name:    TOSTAKY

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30    1575424 Bytes  30/11/2007 20:56:38
ANTIVIR3.VDF : 7.0.1.60     112128 Bytes  07/12/2007 20:56:38
AVEWIN32.DLL : 7.6.0.40    3064320 Bytes  07/12/2007 20:56:38
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03/08/2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 7 décembre 2007  23:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Program Files\Hijackthis Version Française\backups\backup-20071207-205154-234-msupd14766.exe
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '47bcf19e.qua'!
C:\Program Files\Hijackthis Version Française\backups\backup-20071207-205154-524-Update_0711_KB091803.exe
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '46c98a3f.qua'!
C:\Program Files\Hijackthis Version Française\backups\backup-20071207-205154-745-Update_0711_KB091802.exe
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '47bcf1e0.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
      [DETECTION] Is the Trojan horse TR/Agent.bux.1
      [INFO]      The file was moved to '47c7f2be.qua'!
C:\Program Files\Panda Security\TotalScan\SETA0.tmp
      [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
      [INFO]      The file was moved to '47adf291.qua'!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\msupd14766.exe.vir
      [DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
      [INFO]      The file was moved to '47cef368.qua'!


End of the scan: samedi 8 décembre 2007  02:31
Used time:  2:48:42 min

The scan has been done completely.

   4752 Scanning directories
 200278 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      6 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 200272 Files not concerned
    895 Archives were scanned
      1 Warnings
      0 Notes

Logfile of HijackThis v1.99.1
Scan saved at 16:16:36, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\kerio\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\kerio\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\kerio\Personal Firewall\kpf4gui.exe
C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe
C:\Program Files\utilitaire
ero\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe
C:\Program Files\utilitaire\hp\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=ENG
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\utilitaire\hp\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\utilitaire
ero\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe"  -osboot
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias
o-spy.exe /autorun
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\kerio\Personal Firewall\kpf4ss.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Merci

g!rly · Answer

salut chacha106, 

vide la quarantaine d´antivir et supprime tout ce qu´il y a dans le fichier back up de hijack this

et fais analyser ceci :

realsched.exe

fais une recherche avec l´explorateur wimdows pour le trouver

et upload le ici

http://virusscan.jotti.org/de/

et post le resultat ici 

@+

chacha106 · Answer

Salut Girly,
J'ai supprimé les fichiers dont tu parlais, et ai scanner le fichier realsched.exe, voila le rapport du scan online:

 Service load:  	
0% 	  	  	100%
File: 	realsched.exe
Status: 	
OK
MD5: 	77ed13fd3196ebc7311ccd6899c7488c
Packers detected: 	
-
Bit9 reports: 	File not found
Scanner results
Scan taken on 10 Dec 2007 15:44:35 (GMT)
A-Squared 	
Found nothing
AntiVir 	
Found nothing
ArcaVir 	
Found nothing
Avast 	
Found nothing
AVG Antivirus 	
Found nothing
BitDefender 	
Found nothing
ClamAV 	
Found nothing
CPsecure 	
Found nothing
Dr.Web 	
Found nothing
F-Prot Antivirus 	
Found nothing
F-Secure Anti-Virus 	
Found nothing
Fortinet 	
Found nothing
Ikarus 	
Found nothing
Kaspersky Anti-Virus 	
Found nothing
NOD32 	
Found nothing
Norman Virus Control 	
Found nothing
Panda Antivirus 	
Found nothing
Rising Antivirus 	
Found nothing
Sophos Antivirus 	
Found nothing
VirusBuster 	
Found nothing
VBA32 	
Found nothing

Je te remetsun rapport hijakthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:04:36, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\kerio\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\kerio\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\kerio\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\utilitaire
ero\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe
C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=ENG
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\utilitaire
ero\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe"  -osboot
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias
o-spy.exe /autorun
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1166744164\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HPpromo psc 2175] "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqWRG.exe" /N "psc 2175" -r
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\UTILIT~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\utilitaire\picture package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\utilitaire\picture package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\utilitaire
ero\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\kerio\Personal Firewall\kpf4ss.exe
O23 - Service: SPYWAREfighterRP - Unknown owner - C:\Program Files\SPYWAREfighter\spfprc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Merci

g!rly · Answer

salut chacha

a l´aide de hijack this coche et fix ceci :

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/registration-free-antivirus?lang=ENG
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/as5/asinst.cab

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

met ta version de windows a jour 

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0 

et pourquoi ne pas surfer avec firefox? = plus sur,  tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

ta version de acrobat reader n´est pas a jour non plus, tu as la version 7.0 tu veux la version 8.1

desinstal ta version et instale la nouvelle a la place :

https://get2.adobe.com/reader/otherversions/

ou si tu prefere quelque chose de plus leger : foxit 

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

comment va ton pc?

@+

chacha106 · Answer

Ok,
 j'ai fixé les lignes concernées, je tourne maintenant avec firefox, la mise à jour adobe je vais l'installer et j'ai remis les mise à jour windows en route (elles se telechargeront à 18h) à priori mon pc va bien, j'ai refais des scans avecantivir, avg antispy et adaware et ils ne me trouvent plus rien.
Quand je vais dans local setting, je n'ai plus de fichier temp.tmd1,2,3......le trojan était détecté par avast dans ces fichiers. 
Merci beaucoup Girly, est ce que je dois faire autre chose avant de marquer la discussion en résolu?

g!rly · Answer

re,

as tu le rapport du dernier scan que tu as fais avec antivir?

si tu l´as post le ici stp

@+

chacha106 · Answer

Re, 
Voici le rapport d'antivir d'hier soir:


AntiVir PersonalEdition Classic
Report file date: dimanche 9 décembre 2007  16:46

Scanning for 963523 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         ethan
Computer name:    TOSTAKY

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30    1575424 Bytes  30/11/2007 20:56:38
ANTIVIR3.VDF : 7.0.1.60     112128 Bytes  07/12/2007 20:56:38
AVEWIN32.DLL : 7.6.0.40    3064320 Bytes  07/12/2007 20:56:38
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03/08/2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\ethan\LOCALS~1\Temp\8674672b.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 9 décembre 2007  16:46

Starting the file scan:

Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Le.Village.FRENCH.DVDRip.GGT.share by pArsinG.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Meet.The.Robinsons.FRENCH.DVDSCR.XViD-LAST.By.Agecanonix.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\My.Super.Ex.Girlfriend.FRENCH.DVDRiP.XviD-SUPEREX-AceBot.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Night.At.The.Museum.FRENCH.DVDRiP.XviD-GeT-AceBot.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Premonition.FRENCH.DVDRiP.XviD-iD-PoWeR.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Pretty girl in hardcore  action - www.EroTrix.org -  extreme horny anal pics orgy xxx sex porn erotic erotrix anal young .mpg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\rocco sifredi - savannah - threesome anal sex two stunning girls get fucked up the ass fo.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Sodomisée  a  3 Orgasmes (Porno Sexe Teens Bite Vagin Fellation Sperme Anus Sodomie Suce Anal Sex Chatte .mpeg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Tempelriddernes.Skat.FRENCH.DVDRiP.XViD-PiRAZ-UnitY.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Terreur.Sur.La.Ligne.French.Dvdrip.Xvid.Par.www.eMulenfer.org.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Ant.Bully.FRENCH.DVDRiP.XviD-ANTBULLY.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Cave.FRENCH.DVDRiP.XViD-GeT.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Covenant.FRENCH.DVDRiP.XviD-COVENANT-AceBot.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Descent.FRENCH.DVDRip.XviD-LOST-DiViDe.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Exorcism.Of.Emily.Rose.FRENCH.DVDRip.REPACK.1CD.XviD.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Last.Mimzy.FRENCH.DVDRip.XviD-TICKETS-PoWeR.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Messengers.FRENCH.DVDRiP.XviD-iD-AceBot.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\The.Zodiac.2005.FRENCH.DVDRiP.XViD-STS-SaTaN.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\THIS HOT COLLEGE CHICK IS A SUPER WILD FUCK#2 gangbangs group orgy double penetration sexy girls first xxx hardcore porn .mpg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Turbo-Power-Rangers-Dvdrip-Francais-1h35.test.by.emule-mania.com.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Un.long.dimanche.de.fiancailles.REPACK.FRENCH.DVDRIP.ORB.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\X-Men.The.Last.Stand.FRENCH.DVDRip.XviD-LOST.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\(03) [Bob Sinclar] What I want by Fireball (1).mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\[FILMS] - Le Magicien d'OZ - [DivX Fr].avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\[Hentai Fr] - Bible Black (Sexe & magie noir Vol 1).avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\30.Ans.Sinon.Rien.By.EVASiON.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\50 Cent ft. Justin Timberlake - She Wants It (Ayo Technology) .mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\A.la.recherche.du.bonheur.FRENCH.DVDRiP.REPACK.1CD.XViD-STS-ANGE.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Amy Winehouse - Me And Mr Jones.mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Amy Winehouse - Rehab.mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Amy Winehouse - You Know I'm No Good.mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Baby sittor.FRENCH.DVDRip.XViD.verifier.par.divxorama.net.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Backroom Facials - Linette (indian girl) - gangbangs group orgy double penetration sexy girls first xxx hardcore porn p.mpg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Backroom Facials - Young Busty Redhead - gangbangs group orgy double penetration sexy girls first xxx hardcore porn party.mpg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Barbecue.Party.2004.STV.FRENCH.INTERNAL.DVDRiP.XviD-CFL-SATAN.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Beetlejuice.-.DVDRIP.-.FR.-.DivXPro.5.02.-Sque.eze-.[Spartateur].avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Bob Sinclar David Guetta Shanna Tom Snare Fireball Tous Les Tubes De L'été 2007 En Mix'club Par Dj Tony.mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Brutal Double Penetration Blonde Nikki Cox - Euro Angels Hardball 6 - Anal Gangbang Facial Cumshot Oral Blowj.mpg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Charlie.et.La.Chocolaterie.DVDRip.Fr.Ripped.By.Nasty.INSERT INTO cdv_wfdownloads_downloads VALUES (2006).VERSION.FR.NON.C.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Click.FRENCH.DVDRip.XViD-SEQ.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Contre Enquete French Dvdrip Xvid-Unity.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\David Guetta - Love is Gone.mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Drunk Sister In Bed Nude Porno Sexy Bitch Ass Cunt Anal Asian Rape Spank Redhead Upskirt Nipple Celeb Hentai.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Eragon.PROPER.FRENCH.DVDRiP.REPACK.1CD.XViD-SnowTigerS-CyNiBO.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Fashion.Victime.FRENCH.DVDRip.XViD-SEQUENCE.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\film x de rocco sifredi.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Gauge Extreme!!! Gangbang Girl 32-Double anal!, anal creampie with another girl licking the cum out of her asshole-nasty .mpg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Half.Light.FRENCH.DVDRiP.XViD-NTK-SaTaN.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Houston rough - what a rape! [violent hard sex anal facial swallow pain facial cumshot] .mpg.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Ice.Princess.FRENCH.DVDSCR.XVID-GGT.avi.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Jenifer - Tourner ma page (1).mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Justin Timberlake - What Goes Around...Comes Around.mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\Koxie - Garçons (Gare aux cons).mp3.xml'
Begin scan in 'C:\Documents and Settings\ethan\Mes documents\Downloads\Metadata\La.Belle.au.bois.dormant[disney].DivX.5.Fr.www.divxofile.com.avi.xml'


End of the scan: dimanche 9 décembre 2007  16:46
Used time: 00:03 min

The scan has been done completely.

      0 Scanning directories
     54 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
     54 Files not concerned
      0 Archives were scanned
      0 Warnings
      0 Notes

Merci

g!rly · Answer

le probleme c´est que tu n ´as scanné que 54 fichiers,

54 Files were scanned

si tu pouvais relancer un scan complet et poster le resultat ca serais mieux...

@+

chacha106 · Answer

Ok je relance le scan et je le poste dès qu'il termine désolée, 
Merci

g!rly · Answer

y a pas de mal

@+

chacha106 · Answer

Alors voici le scan d'antivir,
AntiVir PersonalEdition Classic
Report file date: lundi 10 décembre 2007  19:07

Scanning for 965575 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    TOSTAKY

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30    1575424 Bytes  30/11/2007 20:56:38
ANTIVIR3.VDF : 7.0.1.65     137728 Bytes  10/12/2007 15:03:23
AVEWIN32.DLL : 7.6.0.40    3064320 Bytes  07/12/2007 20:56:38
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03/08/2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: lundi 10 décembre 2007  19:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hposts08.exe' - '1' Module(s) have been scanned
Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned
Scan process 'Residence.exe' - '1' Module(s) have been scanned
Scan process 'SonyTray.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'hpobnz08.exe' - '1' Module(s) have been scanned
Scan process 'Shareaza.exe' - '1' Module(s) have been scanned
Scan process 'PSFree.exe' - '1' Module(s) have been scanned
Scan process 'hpqwrg.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!


End of the scan: lundi 10 décembre 2007  20:23
Used time:  1:15:47 min

The scan has been done completely.

   5827 Scanning directories
 210563 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 210563 Files not concerned
    883 Archives were scanned
      2 Warnings
      0 Notes

Peux tu me dire pourquoi il ne peut pas ouvrir ces fichiers pour les scanner STP,
Merci

g!rly · Answer

re,

ca m´a l´air d´etre bon maintenant

il n´ouvre pas ces fichiers :

C:\hiberfil.sys
[WARNING] The file could not be opened! -> si tu comprends l´anglais : https://www.softwarepatch.com/hiberfil-sys-xp/
c´est en faite un fichier a proprement dit d´hibernation du system qui permet de faire repartir le system apres l´avoir laissé inactif pour comme dit ici faire des economies d´energies....
C:\pagefile.sys -> http://www.commentcamarche.net/faq/sujet 952 windows fichier pagefile sys
[WARNING] The file could not be opened! 

@+

chacha106 · Answer

Salut Girly,
Je te remercis de ta patience et de ton aide qui m'a été précieuse, je marque le problème comme résolu,
à bientot et encore merci beaucoup
Chacha106

g!rly · Answer

de rien ;-)

bonnes fetes :D

bye`

chacha106 · Answer

Bonnes fêtes aussi,
Je reviendrai faire un petit coucou de temps en temps,
Bye

g!rly · Answer

Merci
bye`

Infection win32:Small-gen2 besoin d'aide - Page 2

Discussions similaires

Newsletters