Infection StorageProtector

caro_stan -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je suis infectée depuis hier par StrorageProtector je ne sais pas du tout ce que je dois faire j'ai telechargé Hijackthis mais que dois faire ... merci beaucoup de votre aide.
Configuration: Windows XP
Internet Explorer 6.0

15 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  2. caro_stan
     
    alors j'ai essayé de suivre un de tes conseils avec justement ce rapport j'ai telechargé spybot et vundofix mon problème est à peu prés resolu mais j'ai tjs une croix rouge designant mon disque dur donc je te colle le rapport aprés toute ces manip si tu veux j'ai celui que j'ai fait avant . Merci de ton aide .

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:26:09, on 15/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Launch Manager\CtrlVol.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Launch Manager\CtrlVol .exe
    C:\Program Files\Launch Manager\WButton .exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX .EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Launch Manager\WButton .exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\tuspm.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\fccdcax.dll (file missing)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: (no name) - {71DDD377-938E-4430-B869-12F81F3C654E} - C:\WINDOWS\system32\tuspm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: XBTP05715 - {8A0AE7A6-14AA-4AEA-B461-0CF6DAFB0CF3} - C:\PROGRA~1\TextoWeb\Textobar.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qtsorcld.dll (file missing)
    O2 - BHO: {ea8ae45d-917a-ba09-2134-e6300f2c771c} - {c177c2f0-036e-4312-90ab-a719d54ea8ae} - C:\WINDOWS\system32\ypmfcyqh.dll
    O3 - Toolbar: TextoWeb - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F} - C:\Program Files\TextoWeb\Textobar.dll
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [34175fad] rundll32.exe "C:\WINDOWS\system32\barsuniq.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - Startup: Raccourci vers LaunchAp.lnk = C:\Documents and Settings\Caroline\Local Settings\Temp\TMP2F.tmp
    O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
    O20 - Winlogon Notify: fccdcax - fccdcax.dll (file missing)
    O20 - Winlogon Notify: qtsorcld - qtsorcld.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O24 - Desktop Component 0: (no name) - http://www.onetreehillweb.net/images/wallpapers/001_1024x768.jpg
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    F3 - REG:win.ini: load=C:\WINDOWS\system32\tuspm.exe
    O2 - BHO: (no name) - {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} - C:\WINDOWS\system32\fccdcax.dll (file missing)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: (no name) - {71DDD377-938E-4430-B869-12F81F3C654E} - C:\WINDOWS\system32\tuspm.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qtsorcld.dll (file missing)
    O2 - BHO: {ea8ae45d-917a-ba09-2134-e6300f2c771c} - {c177c2f0-036e-4312-90ab-a719d54ea8ae} - C:\WINDOWS\system32\ypmfcyqh.dll

    O4 - HKLM\..\Run: [34175fad] rundll32.exe "C:\WINDOWS\system32\barsuniq.dll",b
    O4 - Startup: Raccourci vers LaunchAp.lnk = C:\Documents and Settings\Caroline\Local Settings\Temp\TMP2F.tmp
    O20 - Winlogon Notify: fccdcax - fccdcax.dll (file missing)
    O20 - Winlogon Notify: qtsorcld - qtsorcld.dll (file missing)

    _______________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\ypmfcyqh.dll
    C:\WINDOWS\system32\barsuniq.dll
    C:\WINDOWS\system32\tuspm.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _________________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    __________________________

    recolle un rapport hijackhtis et dis tes soucis
    0
  4. caro_stan
     
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\ypmfcyqh.dll
    C:\WINDOWS\system32\ypmfcyqh.dll NOT unregistered.
    C:\WINDOWS\system32\ypmfcyqh.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\barsuniq.dll
    C:\WINDOWS\system32\barsuniq.dll NOT unregistered.
    C:\WINDOWS\system32\barsuniq.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\system32\tuspm.dll
    C:\WINDOWS\system32\tuspm.dll NOT unregistered.
    File move failed. C:\WINDOWS\system32\tuspm.dll scheduled to be moved on reboot.

    Created on 01/15/2008 21:07

    L'icone du DD est toujours une croix ... à noter que je n'ai pas reussi à enlever un des fichiers :
    O2 - BHO: (no name) - {71DDD377-938E-4430-B869-12F81F3C654E} - C:\WINDOWS\system32\tuspm.dll

    Merci encore ...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    Relance Vundofix
    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\system32\tuspm.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis

    _______________________
    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    __________________________

    dis tes soucis
    0
  7. caro_stan
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:21:46, on 15/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Launch Manager\CtrlVol.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: XBTP05715 - {8A0AE7A6-14AA-4AEA-B461-0CF6DAFB0CF3} - C:\PROGRA~1\TextoWeb\Textobar.dll
    O3 - Toolbar: TextoWeb - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F} - C:\Program Files\TextoWeb\Textobar.dll
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O24 - Desktop Component 0: (no name) - http://www.onetreehillweb.net/images/wallpapers/001_1024x768.jpg
    0
  8. caro_stan
     
    ComboFix 08-01-15.4 - Caroline 2008-01-15 22:08:57.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.828 [GMT 1:00]
    Running from: C:\Documents and Settings\Caroline\Bureau\ComboFix.exe

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-12-15 to 2008-01-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-15 21:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-15 09:51 . 2008-01-15 09:51 206 --a------ C:\WINDOWS\wininit.ini
    2008-01-15 08:47 . 2008-01-15 22:00 <REP> d-------- C:\VundoFix Backups
    2008-01-15 08:23 . 2008-01-15 18:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-15 08:03 . 2008-01-15 08:03 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-12 23:31 . 2008-01-12 23:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-01-12 23:31 . 2008-01-12 23:31 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-01-09 18:04 . 2008-01-09 18:04 118 --a------ C:\WINDOWS\system32\MRT.INI
    2008-01-08 23:08 . 2008-01-08 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
    2008-01-08 23:06 . 2008-01-09 20:33 <REP> d-------- C:\Program Files\Last.fm
    2008-01-07 20:52 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2008-01-07 20:32 . 2008-01-07 20:32 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2008-01-07 20:22 . 2008-01-07 20:41 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-04 18:16 . 2008-01-04 18:16 <REP> d-------- C:\Documents and Settings\Caroline\Shared
    2008-01-04 18:16 . 2008-01-04 18:16 <REP> d-------- C:\Documents and Settings\Caroline\Incomplete
    2008-01-04 18:15 . 2008-01-04 18:15 <REP> d-------- C:\Program Files\LimeWire
    2008-01-04 18:15 . 2008-01-12 09:24 <REP> d-------- C:\Documents and Settings\Caroline\Application Data\LimeWire
    2008-01-04 16:29 . 2008-01-04 16:29 <REP> d-------- C:\Program Files\UltraVNC
    2008-01-04 16:29 . 2005-06-11 00:02 12,800 --a------ C:\WINDOWS\system32\vncdrv.dll
    2008-01-04 16:29 . 2004-06-26 15:22 6,016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS
    2008-01-04 16:29 . 2004-06-26 15:21 5,760 --a------ C:\WINDOWS\system32\vnchelp.dll
    2008-01-04 16:29 . 2004-06-26 15:22 4,736 --a------ C:\WINDOWS\system32\drivers\vncdrv.sys
    2008-01-04 16:29 . 2008-01-04 16:29 17 --a------ C:\WINDOWS\system32\'
    2008-01-04 14:23 . 2008-01-04 14:23 <REP> d-------- C:\Program Files\RealVNC
    2008-01-02 13:58 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-02 13:58 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-02 13:58 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-02 13:58 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-02 13:58 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-02 13:58 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-02 13:58 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-02 13:58 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-02 13:58 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-01 14:30 . 2008-01-03 19:51 414 ---hs---- C:\WINDOWS\system32\sbstgckq.ini
    2007-12-30 11:03 . 2007-12-30 11:03 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
    2007-12-30 11:01 . 2007-12-30 11:01 <REP> d-------- C:\Program Files\Real
    2007-12-30 11:01 . 2007-12-30 11:03 <REP> d-------- C:\Program Files\Fichiers communs\Real
    2007-12-29 17:35 . 2007-12-29 17:35 <REP> d-------- C:\Program Files\TVUPlayer
    2007-12-29 12:59 . 2007-12-29 12:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2007-12-29 11:39 . 2007-12-29 11:39 <REP> d-------- C:\Program Files\Bonjour
    2007-12-29 11:09 . 2007-12-29 11:09 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2007-12-29 10:43 . 2007-12-29 10:43 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck .exe
    2007-12-29 10:43 . 2008-01-15 21:11 221,184 --a------ C:\WINDOWS\system32\LVCOMSX.EXE
    2007-12-29 10:17 . 2007-12-29 10:17 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-12-29 10:14 . 2007-12-29 10:14 134 --a------ C:\n.bat
    2007-12-27 23:53 . 2004-10-08 12:54 1,206,272 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
    2007-12-27 23:46 . 2007-12-27 23:46 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2007-12-27 23:46 . 2005-01-31 11:18 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2007-12-27 23:46 . 2005-01-31 11:20 211,712 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
    2007-12-27 23:46 . 2005-01-31 11:10 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
    2007-12-27 23:46 . 2005-01-31 11:08 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll
    2007-12-27 23:46 . 2005-01-31 11:00 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll
    2007-12-27 23:46 . 2004-10-08 12:46 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2007-12-27 23:46 . 2005-01-31 11:12 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2007-12-27 23:46 . 2005-01-31 09:37 9,255 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2007-12-27 23:44 . 2007-12-27 23:44 272 --a------ C:\WINDOWS\_delis32.ini
    2007-12-25 12:07 . 2007-12-25 12:07 <REP> d-------- C:\ConvertTemp
    2007-12-22 15:20 . 2007-12-22 15:20 <REP> d-------- C:\Documents and Settings\Caroline\Application Data\Samsung
    2007-12-22 15:18 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2007-12-22 15:13 . 2007-12-22 15:18 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-12-22 15:13 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-12-22 15:13 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-12-22 15:13 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-12-22 15:13 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-12-22 15:13 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-12-22 15:13 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-12-22 15:13 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
    2007-12-22 14:47 . 2008-01-13 12:27 3,766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-15 20:52 --------- d-----w C:\Program Files\Launch Manager
    2008-01-15 20:50 --------- d-----w C:\Program Files\iTunes
    2008-01-15 20:49 --------- d-----w C:\Program Files\QuickTime
    2008-01-15 18:49 --------- d-----w C:\Program Files\Corel
    2008-01-15 18:44 --------- d-----w C:\Program Files\BankPerfect
    2008-01-13 11:30 --------- d-----w C:\Documents and Settings\Caroline\Application Data\Corel
    2008-01-12 08:51 --------- d-----w C:\Program Files\eMule
    2008-01-12 08:15 --------- d-----w C:\Documents and Settings\Caroline\Application Data\Apple Computer
    2008-01-11 15:48 --------- d-----w C:\Program Files\Apple Software Update
    2008-01-07 19:46 --------- d-----w C:\Program Files\Windows Live
    2008-01-01 13:30 --------- d-----w C:\Documents and Settings\Caroline\Application Data\FrostWire
    2008-01-01 13:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-29 11:28 511,488 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
    2007-12-29 10:38 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2007-12-29 09:50 --------- d-----w C:\Program Files\MSN Games
    2007-12-29 09:48 --------- d-----w C:\Program Files\GrabIt
    2007-12-28 17:58 --------- d-----w C:\Documents and Settings\Caroline\Application Data\TVU networks
    2007-12-27 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-22 14:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-22 08:51 --------- d-----w C:\Documents and Settings\Caroline\Application Data\CoSoSys
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2004-08-05 12:00 60,416 --sha-w C:\WINDOWS\BricoPacks\SysFiles\69_msimn.exe
    2007-01-01 12:18 56 --sh--r C:\WINDOWS\system32\C3781B4FFB.sys
    .
    [code]<pre>
    ----a-w 32,768 2007-12-29 17:13:48 C:\Program Files\Launch Manager\LaunchAp .exe
    ----a-w 65,536 2007-12-29 09:43:27 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe
    ----a-w 406,016 2007-12-29 09:43:14 C:\WINDOWS\system32\PSDrvCheck .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((( snapshot@2008-01-15_21.57.15.74 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-15 21:03:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_14c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A0AE7A6-14AA-4AEA-B461-0CF6DAFB0CF3}]
    2006-09-21 15:39 671744 --a------ C:\PROGRA~1\TextoWeb\Textobar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6BE4714-2A3D-4977-BB07-45B3E3B8C87C}]
    C:\WINDOWS\system32\tuspm.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F}

    [HKEY_CLASSES_ROOT\clsid\{ffffffff-ffff-ffff-ffff-ffffffff2d1f}]
    [HKEY_CLASSES_ROOT\XBTB05715.XBTB05715.3]
    [HKEY_CLASSES_ROOT\TypeLib\{A131043C-8EC2-420D-909F-B3509F2AAA92}]
    [HKEY_CLASSES_ROOT\XBTB05715.XBTB05715]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFF2D1F}"= C:\Program Files\TextoWeb\Textobar.dll [2006-09-21 15:39 671744]

    [HKEY_CLASSES_ROOT\clsid\{ffffffff-ffff-ffff-ffff-ffffffff2d1f}]
    [HKEY_CLASSES_ROOT\XBTB05715.XBTB05715.3]
    [HKEY_CLASSES_ROOT\TypeLib\{A131043C-8EC2-420D-909F-B3509F2AAA92}]
    [HKEY_CLASSES_ROOT\XBTB05715.XBTB05715]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-15 21:11 1460560]
    "PMCS"="C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2008-01-15 21:11 163840]
    "Wbutton"="C:\Program Files\Launch Manager\WButton.exe" [2008-01-15 21:11 53248]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2008-01-15 21:11 221184]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-15 21:11 185896]
    "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [ ]
    "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [ ]
    "Pinnacle WebUpdater"="C:\Program Files\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    C:\Documents and Settings\Caroline\Menu D‚marrer\Programmes\D‚marrage\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-08 23:06:55]
    Raccourci vers HotkeyApp.lnk - C:\Program Files\Launch Manager\HotkeyApp.exe [2006-12-21 20:43:04]
    Raccourci vers WButton.lnk - C:\Program Files\Launch Manager\WButton.exe [2007-12-29 10:43:10]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^E-Compagnon.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\E-Compagnon.lnk
    backup=C:\WINDOWS\pss\E-Compagnon.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide de Microsoft Office OneNote 2003.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide de Microsoft Office OneNote 2003.lnk
    backup=C:\WINDOWS\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
    C:\Program Files\BitTorrent\bittorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
    --a------ 2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
    --a------ 2006-12-15 13:13 590728 C:\Program Files\CCleaner\ccleaner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyAway]
    C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    C:\Program Files\Windows Live\Messenger\MsnMsgr .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS]
    C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask .exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

    R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2002-10-29 14:25]
    R1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [2002-10-23 11:25]
    R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 15:22]
    R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 15:22]
    R3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-11-07 19:48]
    R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2002-11-28 17:04]
    S3 AVSim;Cx2388x Multifunction Helper driver;C:\WINDOWS\system32\DRIVERS\AVSim.sys [2006-01-04 16:35]
    S3 BDA_Capture_220;Digital TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_220.sys [2006-04-04 09:36]
    S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 6.5.4.0;C:\WINDOWS\system32\Drivers\BDA_Loader_220.sys [2006-12-27 19:37]
    S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-23 16:11]
    S3 OmniTV;Cx2388x AvStream Video Capture;C:\WINDOWS\system32\DRIVERS\OmniTV.sys [2006-01-04 16:35]
    S3 P1171VID;Creative WebCam Notebook #2;C:\WINDOWS\system32\DRIVERS\P1171Vid.sys [2004-03-19 02:00]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbbfbc2-919a-11db-bf5e-8503efb3cacf}]
    \Shell\AutoRun\command - G:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dbbfbc3-919a-11db-bf5e-000e355f2060}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-11 15:48:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-15 22:13:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-15 22:14:38
    ComboFix-quarantined-files.txt 2008-01-15 21:14:13
    ComboFix2.txt 2008-01-15 20:57:35
    .
    2008-01-09 17:04:57 --- E O F ---
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desisntalle via ton panneau de configuration si presents:

    XBTP05715 - TextoWeb\Textobar.dll

    _______________

    smit fraud fix (colle le rapport)

    1/ telecharger :

    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes. une fois le rapport effectué redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général)

    3/ puis refaire comme en 2/ mais sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veut nettoyer le registre mets oui en tapant 0 et entrée

    ___________________

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

     Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
     Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
     Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
    Manuel de clean :
    http://kerio.probb.fr/tuto-Clean-h37.html
    https://kerio.probb.fr/

    _____________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    secuser en ligne :
    http://www.secuser.com/outils/antivirus.htm
    0
  10. caro_stan
     
    Donc voici le rapport de smitfraud:
    SmitFraudFix v2.274

    Rapport fait à 8:30:24,42, 16/01/2008
    Executé à partir de C:\Documents and Settings\Caroline\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix.exe by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.53.252
    DNS Server Search Order: 212.27.53.254

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer=212.27.53.252,212.27.53.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer=212.27.53.252,212.27.54.252

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    le rapport de clean:
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 16/01/2008 a 9:26:04,71

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !

    Pour le scan en ligne aucun rapport mais d'aprés panda je ne suis pas infecté.

    A noté toujours le même problème de la croix rouge et un demarrage sans echec impossible meme avec utilisation de msconfig=> demarrage en mode diagnostique(possible mais pas mode sans echec) affichage de "Esc to cancel loading SPTD.sys"

    Voila sinon si on arrive pas tant pis je formaterai à moin que la croix rouge ne soit pas trés importante je m'y ferai pour le moment RAS l'ordinateur ne rame pas , aucuns messages d'infection tout beigne :) par contre une question quand spybot me demande si je dois accepter une modification je ne sais jamais quoi répondre donc je met tjs accepter peut etre que je ne devrai pas :s ...

    Merci en tout cas de ta patience ... c'est la premiere fois que je me fais infecté par un virus.
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le temps de la desisnfection desactive le tea timer de spybot

    _______________

    AVG antispyware

    https://www.01net.com/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
    ___________________

    remplace avast par antivir et colle un rapport

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

    __________________
    recolle un rapport hiajkcthis
    0
  12. caro_stan
     
    VG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 13:52:19 16/01/2008

    + Résultat de l'analyse:

    C:\Program Files\QuickTime\qttask.exe -> Dropper.Agent.dgo : Nettoyé.
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\Program Files\Fichiers communs\Real\Update_OB\realsched.exe.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\Program Files\Launch Manager\CtrlVol.exe.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\Program Files\Launch Manager\WButton.exe.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\Program Files\Spybot - Search & Destroy\TeaTimer.exe.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\LVCOMSX.EXE.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\RCX13.tmp.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\RCX21.tmp.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\system32\tuspm.exe.vir -> Dropper.Agent.dgo : Nettoyé.
    C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp -> Dropper.Agent.dgo : Nettoyé.
    C:\WINDOWS\system32\MRT.exe -> Dropper.Agent.dgo : Nettoyé.
    C:\Documents and Settings\Caroline\Cookies\caroline@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Caroline\Cookies\caroline@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Caroline\Cookies\caroline@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Caroline\Cookies\caroline@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.10:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.8:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.9:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.11:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.12:C:\Documents and Settings\Caroline\Application Data\Mozilla\Firefox\Profiles\d1h06n11.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Crack.exe -> Trojan.Agent.cmn : Nettoyé.

    Fin du rapport
    0
  13. caro_stan
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:54:17, on 16/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Launch Manager\CtrlVol.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
    O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
    O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  14. caro_stan
     
    AntiVir PersonalEdition Classic
    Report file date: mercredi 16 janvier 2008 13:18

    Scanning for 1046165 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: NEMO

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:08:03
    ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 12:08:03
    ANTIVIR3.VDF : 7.0.2.6 73216 Bytes 16/01/2008 12:08:03
    AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 16/01/2008 12:08:05
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 12:08:05
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 16 janvier 2008 13:18

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WButton.exe' - '1' Module(s) have been scanned
    Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
    Scan process 'LastFMHelper.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'CtrlVol.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'WButton.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    38 processes with 38 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '27' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\upload_moi_NEMO.tar.gz
    [0] Archive type: GZ
    --> upload_moi.tar
    [1] Archive type: TAR (tape archiver)
    --> _OTMoveIt/MovedFiles/WINDOWS/system32/barsuniq.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    --> _OTMoveIt/MovedFiles/WINDOWS/system32/ypmfcyqh.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    --> qoobox/Quarantine/C/Program Files/Fichiers communs/Real/Update_OB/realsched.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> qoobox/Quarantine/C/Program Files/iTunes/iTunesHelper.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> qoobox/Quarantine/C/Program Files/Launch Manager/CtrlVol.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> qoobox/Quarantine/C/Program Files/Launch Manager/WButton.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> qoobox/Quarantine/C/Program Files/Spybot - Search & Destroy/TeaTimer.exe.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> qoobox/Quarantine/C/WINDOWS/Fonts/a.zip.vir
    [2] Archive type: ZIP
    --> Crack.exe
    [DETECTION] Is the Trojan horse TR/Agent.cmn.1
    --> qoobox/Quarantine/C/WINDOWS/system32/ctfmon.exe.tmp.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> qoobox/Quarantine/C/WINDOWS/system32/LVCOMSX.EXE.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    --> qoobox/Quarantine/C/WINDOWS/system32/neshxroy.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    --> qoobox/Quarantine/C/WINDOWS/system32/nuqcgnmj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DUP
    --> qoobox/Quarantine/C/WINDOWS/system32/RCX13.tmp.vir
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21
    --> qoobox/Quarantine/C/WINDOWS/system32/RCX21.tmp.vir
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21
    --> qoobox/Quarantine/C/WINDOWS/system32/tuspm.exe.vir
    [DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.21
    [INFO] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '47f2f718.qua'!
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip
    [DETECTION] Contains suspicious code GEN/PwdZIP
    [INFO] The file was moved to '47f2f719.qua'!
    C:\Documents and Settings\Caroline\Bureau\SmitfraudFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\SmiUpdate.exe
    [DETECTION] Is the Trojan horse TR/VB.20480.D
    [INFO] The file was moved to '47f6ffd0.qua'!
    C:\Documents and Settings\Caroline\Bureau\SmitfraudFix\SmiUpdate.exe
    [DETECTION] Is the Trojan horse TR/VB.20480.D
    [INFO] The file was moved to '47f6ffd5.qua'!
    C:\Program Files\Mozilla Firefox\SmitfraudFix\SmiUpdate.exe
    [DETECTION] Is the Trojan horse TR/VB.20480.D
    [INFO] The file was moved to '47f70a9b.qua'!
    C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
    [DETECTION] Is the Trojan horse TR/Agent.bux.1
    [INFO] The file was moved to '47fc0aa8.qua'!
    C:\Program Files\Panda Security\TotalScan\pskavs.dll
    [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
    [INFO] The file was moved to '47f90aab.qua'!
    C:\Program Files\Trend Micro\HijackThis\backups\backup-20080115-205725-623.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47f10b5c.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\neshxroy.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DWB
    [INFO] The file was moved to '48010b8b.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\nuqcgnmj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.DUP
    [INFO] The file was moved to '47ff0b9c.qua'!
    C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000163.exe
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '47be0b64.qua'!
    C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000166.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\SmiUpdate.exe
    [DETECTION] Is the Trojan horse TR/VB.20480.D
    [INFO] The file was moved to '47be0b6c.qua'!
    C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000167.exe
    [DETECTION] Is the Trojan horse TR/VB.20480.D
    [INFO] The file was moved to '46c374ed.qua'!
    C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000169.exe
    [DETECTION] Is the Trojan horse TR/VB.20480.D
    [INFO] The file was moved to '47be0b6e.qua'!
    C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000170.dll
    [DETECTION] Is the Trojan horse TR/Agent.bux.1
    [INFO] The file was moved to '47be0b6d.qua'!
    C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000171.dll
    [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
    [INFO] The file was moved to '46c374ee.qua'!
    C:\System Volume Information\_restore{76062B01-35BB-4580-9D9A-53EAF72D37A1}\RP2\A0000172.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47be0b6f.qua'!
    C:\WINDOWS\system32\tuspm.dll
    [DETECTION] Is the Trojan horse TR/Vundo.DVD
    [INFO] The file was moved to '48010ea9.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\barsuniq.dll
    [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
    [INFO] The file was moved to '48000f33.qua'!
    C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ypmfcyqh.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47fb0f42.qua'!

    End of the scan: mercredi 16 janvier 2008 15:04
    Used time: 1:45:36 min

    The scan has been done completely.

    9048 Scanning directories
    270641 Files were scanned
    33 viruses and/or unwanted programs were found
    2 Files were classified as suspicious:
    1 files were deleted
    0 files were repaired
    20 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    270608 Files not concerned
    1329 Archives were scanned
    2 Warnings
    19 Notes

    rapport de Avira
    0
  15. caro_stan
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:58:32, on 16/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Launch Manager\CtrlVol.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\WButton.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe" /background
    O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Startup: Raccourci vers HotkeyApp.lnk = C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - Startup: Raccourci vers WButton.lnk = C:\Program Files\Launch Manager\WButton.exe
    O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
    O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://ptitnine.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - https://zone.msn.com/en/utility/handler404.aspx?404;http://zone.msn.com:80/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F22426-FB03-45B3-95BB-D88F045CF219}: NameServer = 212.27.53.252,212.27.53.254
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F456B10F-408E-4C2A-86BF-8FBED421BB7E}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desactive le tea timer de spybot le temps des scan

    ________________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [delus] C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
    O4 - HKCU\..\Run: [FlyAway] C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe

    _______________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\DOCUME~1\Caroline\LOCALS~1\Temp\delus.exe
    C:\DOCUME~1\Caroline\LOCALS~1\Temp\Rar$EX00.223\La Moumouche.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _________________________

    vire en allant dans poste de travail ce qui est dans movedfiles en allant dans poste de travail puis C...

    C:\_OTMoveIt\MovedFiles

    ____________________

    vire en allant dans poste de travail ce qui est dans Quarantine en allant dans poste de travail puis C...

    c/ qoobox/Quarantine

    ______________________

    vire ce qui est dans la sauvegarde de spybot , et en quarantaine dans antivir

    ________________________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans puis
    redemarre ton ordi
    puis réactive là
    (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

    __________________________

    recolle un scan antivir, un scan hijackthis et dis tes soucis actuels surtout
    0