virus win32 BHO-KD [Trj] à l'aide !!!! Résolu

Question

Bonjour,
je me retrouve victime d'un trojan ; avast indique "fichier infecté : C\windows\system32\browsel.dll\[UPX] "
il m'est impossible de le virer un message "accès refusé " s'affiche .pouvez vous m'aider ????

Regis59 · Answer

Bienvenue sur le forum d’entraide de CommentCaMarche.net 

Nous connaissons votre situation et nous vous conseillons de ne surtout pas vous inquiéter.
De plus, au vu du nombre croissant de désinfections effectuées sur le forum, nous vous demandons un peu de patience et surtout de ne pas créer plusieurs postes pour le même problème.
Merci de votre compréhension.

Télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 

Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre-le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
	
Lance le puis: 
Clique sur "do a system scan and save logfile" (cf démo) 
Faire un copier coller du log entier sur le forum

Démo : (Merci a Balltrap34 pour cette réalisation)   
http://pageperso.aol.fr/balltrap34/demohijack.htm
	
Bon courage

A+

sytron · Answer

merci pour vos conseils voici le rapport demandé voLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42:ici le rapport27, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\Program Files\Fichiers communs\PasenDommagement\mc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\Perso\LOCALS~1\Temp\Rar$EX00.079\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {3C6D5371-2F73-4EEF-B84C-35CED1CCB420} - C:\WINDOWS\system32\browsel.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32
sq1B5.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com; ad=http://reparateurdesysteme.com
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" dm=http://pasendommagement.com; ad=http://pasendommagement.com
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: (no name) - http://imagecache2.allposters.com/images/54/039_25908.jpg

Regis59 · Answer

Re,

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Regis59 · Answer

Oui??

sytron · Answer

bonjour regis j'en suis resté au rapport de combofix dont voici le résComboFix 08-01-03.3 - Perso 2008-01-04 18:50:27.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.174 [GMT 1:00] Running from: C:\Documents and Settings\Perso\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\salesmonitor . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))))))) . 2008-01-02 23:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-02 23:41 . 2008-01-02 23:41 318,369 --a------ C:\HiJackThis.zip 2008-01-02 22:33 . 2008-01-02 22:33 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-02 21:10 . 2008-01-02 21:10 d-------- C:\Program Files\Yahoo! 2008-01-02 21:10 . 2008-01-02 21:11 d-------- C:\Program Files\CCleaner 2008-01-02 19:27 . 2008-01-02 19:27 d-------- C:\Program Files\SafeSoft 2008-01-02 16:27 . 2008-01-04 18:04 d-------- C:\Program Files\Spyware Doctor 2008-01-02 16:27 . 2008-01-02 16:27 d-------- C:\Documents and Settings\Perso\Application Data\PC Tools 2008-01-02 16:27 . 2008-01-02 16:29 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-02 16:27 . 2008-01-02 16:29 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-02 16:27 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-02 16:27 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-02 16:26 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-31 10:37 . 2007-12-31 10:37 d-------- C:\Program Files\Magentic 2007-12-31 10:37 . 2007-10-09 13:42 745,547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr 2007-12-26 14:22 . 2007-12-26 14:31 d--h----- C:\LG3G 2007-12-24 18:20 . 2007-12-24 18:20 d-------- C:\Documents and Settings\simon\Application Data\DivX 2007-12-24 14:30 . 2007-12-24 14:30 d-------- C:\Documents and Settings\Marie\Application Data\DivX 2007-12-23 10:58 . 2007-12-23 10:58 d-------- C:\Program Files\EA Sports 2007-12-23 09:31 . 2007-12-23 09:31 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-12-23 09:28 . 2007-12-23 09:30 d-------- C:\Program Files\GHOST Hunters Majesty Manor 2007-12-22 18:49 . 2007-12-22 18:49 d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment 2007-12-22 02:02 . 2007-12-22 02:02 d-------- C:\Documents and Settings\Perso\Application Data\DivX 2007-12-22 02:01 . 2007-12-22 02:01 d-------- C:\Documents and Settings\Perso\Application Data\LG Electronics 2007-12-22 01:59 . 2007-12-22 01:59 d-------- C:\lgupload 2007-12-22 01:54 . 2007-12-22 01:55 d-------- C:\Program Files\DivX 2007-12-22 01:53 . 2007-12-22 01:53 d-------- C:\Program Files\LG Electronics 2007-12-22 01:53 . 2007-07-11 10:45 21,632 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys 2007-12-22 01:53 . 2007-07-11 15:51 19,840 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys 2007-12-22 01:53 . 2007-07-11 10:40 12,416 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys 2007-12-22 01:52 . 2007-12-22 01:52 d-------- C:\Program Files\LG PC Suite 2 2007-12-22 01:51 . 2007-12-22 01:51 d-------- C:\Documents and Settings\Perso\Application Data\InstallShield 2007-12-13 15:25 . 2007-12-13 15:25 d-------- C:\Program Files\EA GAMES 2007-12-13 15:25 . 2005-02-26 06:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-12-08 08:42 . 2007-12-08 08:42 d-------- C:\Documents and Settings\Perso\Application Data\MSNInstaller 2007-12-07 07:04 . 2007-12-07 07:04 d-------- C:\Program Files\Skyline . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 17:15 --------- d-----w C:\Documents and Settings\Perso\Application Data\OpenOffice.org2 2008-01-04 17:08 --------- d-----w C:\Documents and Settings\Marie\Application Data\OpenOffice.org2 2008-01-04 16:00 --------- d-----w C:\Documents and Settings\Marie\Application Data\LimeWire 2008-01-04 15:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-04 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-26 21:20 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-12-26 20:31 --------- d-----w C:\Documents and Settings\J-P et Jordan\Application Data\LimeWire 2007-12-26 01:19 --------- d-----w C:\Documents and Settings\Perso\Application Data\LimeWire 2007-12-23 00:31 --------- d-----w C:\Documents and Settings\Marie\Application Data\Ahead 2007-12-22 00:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-20 14:59 --------- d-----w C:\Documents and Settings\simon\Application Data\LimeWire 2007-12-18 07:32 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe 2007-12-17 16:25 --------- d-----w C:\Documents and Settings\Marie\Application Data\EPSON 2007-12-06 19:11 19,456 ----a-w C:\WINDOWS\system32\drivers\oqadmywc.dat 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-11-27 15:11 --------- d-----w C:\Documents and Settings\simon\Application Data\Ahead 2007-11-27 13:16 --------- d-----w C:\Documents and Settings\simon\Application Data\Apple Computer 2007-11-24 23:58 --------- d-----w C:\Documents and Settings\Perso\Application Data\EPSON 2007-11-24 11:08 --------- d-----w C:\Program Files\iTunes 2007-11-24 11:08 --------- d-----w C:\Program Files\iPod 2007-11-24 11:07 --------- d-----w C:\Program Files\QuickTime 2007-11-19 12:53 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe 2007-11-18 16:28 --------- d-----w C:\Program Files\ReparateurDeSysteme 2007-11-17 16:38 --------- d-----w C:\Program Files\Fichiers communs\PasenDommagement 2007-11-17 14:58 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-15 11:16 --------- d-----w C:\Documents and Settings\Perso\Application Data\Skyline 2007-11-15 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline 2007-11-15 04:12 --------- d-----w C:\Documents and Settings\Perso\Application Data\reparateurdesysteme 2007-11-15 04:07 --------- d-----w C:\Program Files\Fichiers communs\ReparateurDeSysteme 2007-11-15 04:07 --------- d-----r C:\Documents and Settings\All Users\Application Data\reparateurdesysteme 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-11 08:45 --------- d-----w C:\Program Files\JoWooD 2007-11-09 09:23 --------- d-----w C:\Program Files\IncrediMail 2007-11-09 06:43 --------- d-----w C:\Program Files\Dcads Games Collection 2007-11-07 12:10 --------- d-----w C:\Program Files\Java 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-04_ 0.12.27.31 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-04 15:10:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5d4.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C6D5371-2F73-4EEF-B84C-35CED1CCB420}] 2006-03-02 13:00 98304 --a------ C:\WINDOWS\system32\browsel.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 10:44 208946] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 00:39 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 14:38 94208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2007-10-09 13:42 475180] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2007-11-22 17:10 787696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "AtiPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.exe" [2003-11-26 19:00 99840] "EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 13:09 102400] "Salestart(1)"="C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" [2007-10-09 15:09 589824] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24 1065800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] C:\Documents and Settings\Marie\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22] C:\Documents and Settings\Perso\Menu D‚marrer\Programmes\D‚marrage\ Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 14:17:06] OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-19 00:39:23] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R0 dwxdrquo;dwxdrquo;C:\WINDOWS\system32\drivers\oqadmywc.dat [] R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2007-08-18 15:13] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-08-18 15:13] R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2007-08-18 15:13] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-12-29 09:41:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 18:56:53 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll . Completion time: 2008-01-04 18:58:57 ComboFix-quarantined-files.txt 2008-01-04 17:58:50 ComboFix2.txt 2008-01-03 23:13:23 . 2007-12-13 02:02:57 --- E O F --- ultat ;

Regis59 · Answer

Salut

Dans ajout suppression de programme, desinstalle ceci si presents:
ReparateurDeSysteme
PasenDommagement 

Dis moi quand c est fait.

A+

sytron · Answer

y'a pas ni l'un ni l'autre

Regis59 · Answer

Re,

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\WINDOWS\system32\drivers\oqadmywc.dat
C:\WINDOWS\system32\browsel.dll

Folder::
C:\Program Files\Fichiers communs\PasenDommagement
C:\Program Files\ReparateurDeSysteme
C:\Documents and Settings\Perso\Application Data\reparateurdesysteme
C:\Program Files\Fichiers communs\ReparateurDeSysteme
C:\Documents and Settings\All Users\Application Data\reparateurdesysteme 

Enregistre ce fichier sous le nom CFScript

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
[*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

sytron · Answer

MERCI MERCI MERCI  plus de virus  derniere question comment à t'il pu passer à travers d'avast ???
voici le dernier rapport de combo encore merci et à bientot .

ComboFix 08-01-03.3 - Perso 2008-01-04 23:36:26.4 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.141 [GMT 1:00]
Running from: C:\Documents and Settings\Perso\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Perso\Bureau\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\system32\browsel.dll
C:\WINDOWS\system32\drivers\oqadmywc.dat
.

\??\C:
tdetect.com\0\0
\??\C:\boot.ini\0\0
\??\C:
tldr\0\0
\??\C:\WINDOWS\0\0
\??\C:\WINDOWS\explorer.exe\0\0
\??\C:\WINDOWS\system32\csrss.exe\0\0
\??\C:\WINDOWS\system32\lsass.exe\0\0
\??\C:\WINDOWS\system32\services.exe\0\0
\??\C:\WINDOWS\system32\smss.exe\0\0
\??\C:\WINDOWS\system32\svchost.exe\0\0
\??\C:\WINDOWS\system32\userinit.exe\0\0
\??\C:\WINDOWS\system32\winlogon.exe\0\0
\??\C:\WINDOWS\system32\hal.dll\0\0
\??\C:\WINDOWS\system32
tdll.dll\0\0
\??\C:\WINDOWS\system32\config\0\0
\??\C:\WINDOWS\system32\drivers\0\0
\??\C:\WINDOWS\system32\wbem\0\0

matthew · Answer

j'ai le meme souci je t'envoi mon rapport hijacthis ,si tu pouvé m'aider ca m'arrangerer je suis nul!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:53, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Extrafilm FotoFacil\Agent.exe
C:\Program Files\Winamp\Winampa.exe
C:\windows\VM_STI.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\melanie\LOCALS~1\Temp\Rar$EX01.765\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media France Toolbar - {7009FCD4-05BE-44F4-9583-93FE419AB7B0} - C:\Program Files\Multi_Media_France	bMul0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France	bMul0.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\Extrafilm FotoFacil\Agent.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\windows\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www2.photostation.fr/aurigma/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe (file missing)
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

--

matthew · Answer

je suis t démarche que tu as proposé a sytron ,please regis 59 si t'en m'entend aide moi ComboFix 08-01-04.1 - melanie 2008-01-04 12:43:23.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.114 [GMT 1:00] Running from: C:\Documents and Settings\melanie\Mes documents\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\melanie\Application Data\MessengerSkinner C:\Documents and Settings\melanie\Application Data\MessengerSkinner\Userdata\defaultPack.cab C:\Documents and Settings\melanie\Application Data\MessengerSkinner\Userdata\languages.xml C:\Program Files\messengerskinner C:\windows\pack.epk C:\windows\system32\nvs2.inf c:\WINDOWS\system32\qdizfmbvqm.dat C:\windows\system32\qdizfmbvqm.exe C:\windows\system32\qdizfmbvqm_nav.dat c:\WINDOWS\system32\qdizfmbvqm_navps.dat . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))))))) . 2008-01-04 12:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 12:05 . 2008-01-04 12:05 d-------- C:\WINDOWS\LastGood 2008-01-04 12:05 . 2008-01-04 12:05 d-------- C:\Program Files\Panda Security 2008-01-03 22:30 . 2008-01-03 22:30 d-------- C:\Program Files\Zylom Games 2008-01-03 22:30 . 2008-01-03 22:30 d-------- C:\Documents and Settings\melanie\Application Data\Zylom 2008-01-03 22:30 . 2008-01-03 22:30 d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2008-01-02 16:04 . 2008-01-02 16:04 d-------- C:\Program Files\Trend Micro 2008-01-02 15:45 . 2008-01-02 15:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-02 15:21 . 2008-01-02 15:47 d-------- C:\Documents and Settings\melanie\.housecall6.6 2008-01-01 16:28 . 2008-01-01 16:28 d-------- C:\Program Files\Luxor 2007-12-29 20:40 . 2007-12-29 20:40 d-------- C:\Program Files\MumboJumbo 2007-12-26 13:08 . 19,456 C:\WINDOWS\system32\drivers\uhmjlkzy.dat 2007-12-26 10:14 . 2007-12-26 10:14 d-------- C:\Program Files\Adssite Games Collection 2007-12-26 10:14 . 2001-08-28 13:00 84,992 --a------ C:\WINDOWS\system32\cl.dll 2007-12-24 10:29 . 2007-12-24 10:29 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-20 17:17 . 2007-12-23 10:54 d-------- C:\Program Files\Wipeout XL 2007-12-19 19:12 . 2007-12-19 19:12 d-------- C:\Program Files\PDAmill 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Sounds 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\Trymedia 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\FireFly Studios 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\Astronoid 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\Absolutist.com 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\3D-WinBrick2001 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Players 2007-12-09 20:23 . 2007-12-09 20:23 d--h----- C:\Documents and Settings\melanie\InstallAnywhere . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-03 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-01 14:12 --------- d-----w C:\Program Files\Extrafilm FotoFacil 2007-12-31 15:59 --------- d-----w C:\Program Files\eMule 2007-12-26 09:16 40,737 ----a-w C:\windows\system32\rightonadz-uninst.exe 2007-12-26 09:15 79,875 ----a-w C:\windows\system32\adssite-remove.exe 2007-12-26 09:15 77,353 ----a-w C:\windows\system32\Adssite_sidebar_uninstall.exe 2007-12-26 09:12 --------- d-----w C:\Documents and Settings\melanie\Application Data\LimeWire 2007-12-24 12:02 --------- d-----w C:\Program Files\Mindscape 2007-12-24 12:01 --------- d-----w C:\Program Files\BoontyGames 2007-12-16 12:12 --------- d-----w C:\Program Files\Mes Jeux Téléchargés 2007-12-10 19:08 --------- d-----w C:\Program Files\Micro Application 2007-12-04 14:56 93,264 ----a-w C:\windows\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\windows\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\windows\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\windows\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\windows\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\windows\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\windows\system32\AVASTSS.scr 2007-12-03 12:34 282,624 ----a-w C:\windows\system32\Adssite_sidebar.dll 2007-12-01 08:59 --------- d-----w C:\Program Files\Alawar 2007-12-01 08:47 --------- d-----w C:\Program Files\AllFive XP 2007-11-29 18:14 --------- d-----w C:\Program Files\Ricochet Lost Worlds Recharged 2007-11-28 10:04 --------- d-----w C:\Program Files\MSN Games 2007-11-24 19:24 --------- d-----w C:\Documents and Settings\MATTHEW.DIMEK-5JR9VYYX\Application Data\CamTrack 2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-11-12 09:48 --------- d-----w C:\Documents and Settings\melanie\Application Data\Gaijin Ent 2007-11-12 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\AlawarGameBox 2007-11-05 11:30 --------- d-----w C:\Program Files\JoWooD Productions 2007-10-29 22:43 1,293,824 ----a-w C:\windows\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\windows\system32\wmasf.dll 2007-07-08 12:31 13,142 ----a-w C:\Documents and Settings\melanie\ZGUICFGW.DAT 2007-04-17 15:18 24,656 -c--a-w C:\Documents and Settings\melanie\Application Data\GDIPFONTCACHEV1.DAT 2000-01-07 09:53 696,320 ----a-w C:\Program Files\Fichiers communs\XCMHook.dll 2000-01-06 13:57 24,576 ----a-w C:\Program Files\Fichiers communs\XCPCMenu.exe 2006-02-11 21:25 104 --sh--r C:\windows\system32\[u]0[/u]1A5505DC2.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87DF4395-89F9-46D0-BF78-F5C80B77D28A}] 2001-08-28 13:00 84992 --a------ C:\windows\system32\cl.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-20 00:09 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 21:51 68856] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 08:06 204843] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-30 16:35 77824] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 08:42 35328] "ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2005-05-27 14:59 323584] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2006-03-27 21:09 24576] "BigDogPath"="C:\windows\VM_STI.exe" [2004-06-09 15:37 40960] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608] "qdizfmbvqm"="c:\windows\system32\qdizfmbvqm.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnk backup=C:\windows\pss\GStartup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk backup=C:\windows\pss\Kodak software updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk backup=C:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] C:\Program Files\Fichiers communs\CMEII\CMESys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 17:54 127022 --a--c--- C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\windows\System32\P2P Networking\P2P Networking.exe /AUTOSTART [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe /icon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent] C:\Program Files\webHancer\Programs\whAgent.exe R0 oyprzasc;oyprzasc;C:\windows\system32\drivers\uhmjlkzy.dat [] R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [2005-01-13 18:09] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17] S2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" [] S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;C:\windows\system32\DRIVERS\DC31VID.sys [] S3 PA7333I;Kodak Webcam Explorer Bulk Mode Device;C:\windows\system32\DRIVERS\DC31Bulk.sys [] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-07-22 15:09] S4 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\melanie\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [2008-01-04 12:17] *Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 12:53:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** .Completion time: 2008-01-04 12:56:05 ComboFix-quarantined-files.txt 2008-01-04 11:55:44 . 2007-12-22 02:13:44 --- E O F ---

Regis59 · Answer

Sytron,

C'est normal avast n'est plus aussi performant qu'avant, je te conseille de le changer pour antivir, cela t interresses?

matthew,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt

matthew · Answer

j'ai testé ta méthode mais le virus est toujours la! ComboFix 08-01-04.1 - melanie 2008-01-04 13:44:37.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.109 [GMT 1:00] Running from: C:\Documents and Settings\melanie\Mes documents\ComboFix.exe Command switches used :: C:\Documents and Settings\melanie\Bureau\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))))))) . 2008-01-04 12:39 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 12:05 . 2008-01-04 13:27 d-------- C:\Program Files\Panda Security 2008-01-03 22:30 . 2008-01-03 22:30 d-------- C:\Program Files\Zylom Games 2008-01-03 22:30 . 2008-01-03 22:30 d-------- C:\Documents and Settings\melanie\Application Data\Zylom 2008-01-03 22:30 . 2008-01-03 22:30 d-------- C:\Documents and Settings\All Users\Application Data\Zylom 2008-01-02 16:04 . 2008-01-02 16:04 d-------- C:\Program Files\Trend Micro 2008-01-02 15:45 . 2008-01-02 15:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-01-02 15:21 . 2008-01-02 15:47 d-------- C:\Documents and Settings\melanie\.housecall6.6 2008-01-01 16:28 . 2008-01-01 16:28 d-------- C:\Program Files\Luxor 2007-12-29 20:40 . 2007-12-29 20:40 d-------- C:\Program Files\MumboJumbo 2007-12-26 13:08 . 19,456 C:\WINDOWS\system32\drivers\uhmjlkzy.dat 2007-12-26 10:14 . 2007-12-26 10:14 d-------- C:\Program Files\Adssite Games Collection 2007-12-26 10:14 . 2001-08-28 13:00 84,992 --a------ C:\WINDOWS\system32\cl.dll 2007-12-24 10:29 . 2007-12-24 10:29 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-12-20 17:17 . 2007-12-23 10:54 d-------- C:\Program Files\Wipeout XL 2007-12-19 19:12 . 2007-12-19 19:12 d-------- C:\Program Files\PDAmill 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Sounds 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\Trymedia 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\FireFly Studios 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\Astronoid 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\Absolutist.com 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Program Files\3D-WinBrick2001 2007-12-15 17:07 . 2007-12-15 17:07 d-------- C:\Players 2007-12-09 20:23 . 2007-12-09 20:23 d--h----- C:\Documents and Settings\melanie\InstallAnywhere . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-03 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-01 14:12 --------- d-----w C:\Program Files\Extrafilm FotoFacil 2007-12-31 15:59 --------- d-----w C:\Program Files\eMule 2007-12-26 09:16 40,737 ----a-w C:\windows\system32\rightonadz-uninst.exe 2007-12-26 09:15 79,875 ----a-w C:\windows\system32\adssite-remove.exe 2007-12-26 09:15 77,353 ----a-w C:\windows\system32\Adssite_sidebar_uninstall.exe 2007-12-26 09:12 --------- d-----w C:\Documents and Settings\melanie\Application Data\LimeWire 2007-12-24 12:02 --------- d-----w C:\Program Files\Mindscape 2007-12-24 12:01 --------- d-----w C:\Program Files\BoontyGames 2007-12-16 12:12 --------- d-----w C:\Program Files\Mes Jeux Téléchargés 2007-12-10 19:08 --------- d-----w C:\Program Files\Micro Application 2007-12-04 14:56 93,264 ----a-w C:\windows\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\windows\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\windows\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\windows\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\windows\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\windows\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\windows\system32\AVASTSS.scr 2007-12-03 12:34 282,624 ----a-w C:\windows\system32\Adssite_sidebar.dll 2007-12-01 08:59 --------- d-----w C:\Program Files\Alawar 2007-12-01 08:47 --------- d-----w C:\Program Files\AllFive XP 2007-11-29 18:14 --------- d-----w C:\Program Files\Ricochet Lost Worlds Recharged 2007-11-28 10:04 --------- d-----w C:\Program Files\MSN Games 2007-11-24 19:24 --------- d-----w C:\Documents and Settings\MATTHEW.DIMEK-5JR9VYYX\Application Data\CamTrack 2007-11-13 10:25 20,480 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-11-12 09:48 --------- d-----w C:\Documents and Settings\melanie\Application Data\Gaijin Ent 2007-11-12 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\AlawarGameBox 2007-11-05 11:30 --------- d-----w C:\Program Files\JoWooD Productions 2007-10-29 22:43 1,293,824 ----a-w C:\windows\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\windows\system32\wmasf.dll 2007-07-08 12:31 13,142 ----a-w C:\Documents and Settings\melanie\ZGUICFGW.DAT 2007-04-17 15:18 24,656 -c--a-w C:\Documents and Settings\melanie\Application Data\GDIPFONTCACHEV1.DAT 2000-01-07 09:53 696,320 ----a-w C:\Program Files\Fichiers communs\XCMHook.dll 2000-01-06 13:57 24,576 ----a-w C:\Program Files\Fichiers communs\XCPCMenu.exe 2006-02-11 21:25 104 --sh--r C:\windows\system32\[u]0[/u]1A5505DC2.sys . ((((((((((((((((((((((((((((( snapshot@2008-01-04_12.54.35.60 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-04 12:38:38 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_590.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87DF4395-89F9-46D0-BF78-F5C80B77D28A}] 2001-08-28 13:00 84992 --a------ C:\windows\system32\cl.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-20 00:09 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 21:51 68856] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-01-23 08:06 204843] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-30 16:35 77824] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 16:05 81920] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-12-20 08:42 35328] "ExtraFilmHemmaAgent"="C:\Program Files\Extrafilm FotoFacil\Agent.exe" [2005-05-27 14:59 323584] "WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2006-03-27 21:09 24576] "BigDogPath"="C:\windows\VM_STI.exe" [2004-06-09 15:37 40960] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-11 16:54 190024] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnk backup=C:\windows\pss\GStartup.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk backup=C:\windows\pss\Kodak software updater.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk backup=C:\windows\pss\Logiciel Kodak EasyShare.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys] C:\Program Files\Fichiers communs\CMEII\CMESys.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 17:54 127022 --a--c--- C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking] C:\windows\System32\P2P Networking\P2P Networking.exe /AUTOSTART [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe /icon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent] C:\Program Files\webHancer\Programs\whAgent.exe R0 oyprzasc;oyprzasc;C:\windows\system32\drivers\uhmjlkzy.dat [] R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe [2005-01-13 18:09] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17] S2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" [] S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;C:\windows\system32\DRIVERS\DC31VID.sys [] S3 PA7333I;Kodak Webcam Explorer Bulk Mode Device;C:\windows\system32\DRIVERS\DC31Bulk.sys [] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-07-22 15:09] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-04 13:51:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-04 13:54:05 ComboFix-quarantined-files.txt 2008-01-04 12:53:36 ComboFix2.txt 2008-01-04 11:56:06 . 2007-12-22 02:13:44 --- E O F ---

Regis59 · Answer

matthew,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt

matthew · Answer

merci régis59 pour ton avis mais j'ai déja fait une page perso et personne me répondais et j'ai vu que tu as résolu son problème alors je te demande de l'aide perso!merci d'avance!

Regis59 · Answer

D'accord mais je ne peux le résoudre ici puisque ce n'est pas ton poste :-)
Donne le lien de ton poste et j y regarderais!

A+

Sebseb · Answer

Bonjour,

Je suis victime du virus Win32:BHO-KD[Trj]. Pouvez-vous m'aider svp???
Je suis carrément paumé... Voici le rapport de Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:53, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\LOGICIELS LT\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32
injaext.dll
O2 - BHO: (no name) - {46934699-5ED2-4F9D-8988-2755823360F7} - C:\WINDOWS\system32\auth.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\LOGICIELS LT\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

Regis59 · Answer

Bonjour,

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt

Regis59 · Answer

Salut

A partir de quel lien l as tu téléchargé?
As tu laissé la génération du "serial number" automatiquement?
Et enfin, as tu essayé une mise a jour?

A+

sytron · Answer

Salut regis;
j'ai téléchargé sur ce site et lorsque je fais une mise à jour , elle dure 2 à3 sec et dans le rapport il est dit :
07.01.2008,09:31:15 - Installation Directory: C:\Program Files\AntiVir PersonalEdition Classic\ Backup Dir:  Temp dir: 
07.01.2008,09:31:15 - Backup Directory: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\
07.01.2008,09:31:15 - Temp Directory: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4781e353\
07.01.2008,09:31:15 - Start the Update GUI... Displaymode: 0

07.01.2008,09:31:15 - Installation Directory: C:\Program Files\AntiVir PersonalEdition Classic\ Backup Dir:  Temp dir: 
07.01.2008,09:31:15 - Backup Directory: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\
07.01.2008,09:31:15 - Temp Directory: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_4781e353\
07.01.2008,09:31:15 - Start the Update GUI... Displaymode: 0

07.01.2008,09:31:17 - Keyfile: Key expired [DEMO Mode]

07.01.2008,09:31:18 - Registry entry created successfully: Software\H+BEDV\AntiVir PersonalEdition Classic V 7 |UpdateInProgress

07.01.2008,09:31:18 - Critical error: No valid license file available.
que faire ? merci

Regis59 · Answer

Re,

Ah ok, je vois.
Désinstalle le et installe celui ci:
http://www.01men.com/contenu/4483/01men_telecharger-logiciels-windows-Securite/13198-antivir-personal-edition-classic

A+

sytron · Answer

salut regis;
merci pour ton lien "activir" ca marche ! 
encore merci pour tout et à bientot !
sytron.

Regis59 · Answer

DE RIEN :-)

A+

matthew · Answer

regis mon poste a moi est trojan win32 bho kd si tu vveux bien m'aider!

Regis59 · Answer

ok

Virus win32 BHO-KD [Trj] à l'aide !!!!

25 réponses

Votre réponse

Discussions similaires

Newsletters