win 32 bho-kd(trj)

Question

Bonjour,a tous

je suis novice en informatique,je voudrais qu'une personneme donne une aide pour virer ce virus de m........ .Win 32:bho-kd(trj)

merçi d'avance

g!rly · Answer

salut g la frite, 

Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

et 

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

G la frite · Answer

bonjour girly et merçi de me repondre
je te poste le rapport hijackthisLogfile of HijackThis v1.99.1
Scan saved at 18:33:37, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\avast\aswUpdSv.exe
F:\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
F:\avast\ashDisp.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\svchost.exe
D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe
F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\Logiciels\opera\Opera.exe
F:\avast\ashMaiSv.exe
F:\avast\ashWebSv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\Applications\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AB95F36C-3337-475B-9661-776A764CF389} - C:\WINDOWS\system32\basesr.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [avast!] F:\avast\ashDisp.exe
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Applications\Utilitaires\Tune Up 2006\WinStylerThemeSvc.exe

G la frite · Answer

et aussi combofix merci

ComboFix 08-01-09.2 - Administrateur 2008-01-18 18:38:25.4 - NTFSx86
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.

2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Program Files\Avira
2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-10 08:09 . 2008-01-10 08:09 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-08 12:25 . 2008-01-08 12:25 <REP> d-------- C:\Program Files\Sierra On-Line
2008-01-08 12:25 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-01-08 12:25 . 1998-04-24 10:16 558,592 -ra------ C:\WINDOWS\system32\SierraNW.DLL
2008-01-08 12:25 . 1998-04-24 10:16 227,840 -ra------ C:\WINDOWS\system32\SNWValid.dll
2008-01-08 12:25 . 2000-04-04 13:44 44,544 -ra------ C:\WINDOWS\system32\gif89.dll
2008-01-08 12:25 . 2000-04-04 13:44 2,998 -ra------ C:\WINDOWS\system32\setup.ico
2008-01-08 12:14 . 2008-01-08 12:25 348 --a------ C:\WINDOWS\SIERRA.INI
2008-01-05 23:49 . 2008-01-05 23:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-05 23:47 . 2008-01-06 00:04 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-05 23:19 . 2008-01-05 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-05 23:19 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-05 23:19 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-05 23:19 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-05 23:19 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-05 23:19 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-05 22:46 . 2008-01-05 22:46 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-05 22:46 . 2008-01-05 22:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-05 22:46 . 2008-01-05 22:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-05 22:46 . 2008-01-05 22:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-05 20:39 . 2008-01-05 20:39 268 --ah----- C:\sqmdata01.sqm
2008-01-05 20:39 . 2008-01-05 20:39 244 --ah----- C:\sqmnoopt01.sqm
2008-01-05 11:12 . 2008-01-05 11:12 244 --ah----- C:\sqmnoopt00.sqm
2008-01-05 11:12 . 2008-01-05 11:12 232 --ah----- C:\sqmdata00.sqm
2008-01-04 10:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 21:53 . 2003-12-21 17:24 140,800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2008-01-03 21:53 . 2003-12-20 20:03 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2008-01-03 20:49 . 2008-01-03 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 18:00 . 2008-01-03 22:28 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 17:54 . 2008-01-05 23:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-01-03 17:27 . 2008-01-03 17:27 <REP> d-------- C:\Program Files\Yahoo!
2008-01-03 11:08 . 2008-01-03 11:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TrojanHunter
2008-01-03 10:31 . 2007-12-26 11:24 688 --a------ C:\WINDOWS\win.tmp
2008-01-03 10:31 . 2007-06-17 17:19 231 --a------ C:\WINDOWS\system.tmp
2008-01-02 08:30 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 17:12 . 2007-12-31 17:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Uwatec
2007-12-31 17:07 . 2007-12-31 17:07 1,771 --a------ C:\WINDOWS\SetupPestPatrolBeta.mif
2007-12-31 17:06 . 2003-09-24 11:29 665,088 --a------ C:\WINDOWS\LOOP.exe
2007-12-31 16:48 . 2007-12-31 16:48 <REP> d-------- C:\TLK GAMES
2007-12-31 00:17 . 2007-12-31 00:17 32 --a------ C:\WINDOWS\go
2007-12-31 00:10 . 2007-12-31 00:10 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-30 17:58 . 2008-01-03 23:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-30 11:44 . 2007-12-30 11:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-12-29 09:41 . 2007-09-14 05:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-25 19:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-25 19:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-25 19:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-25 17:11 . 2007-12-25 17:11 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-25 17:10 . 2007-12-25 17:12 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-12-25 16:43 . 2007-12-25 16:43 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-25 16:22 . 2007-12-25 16:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-25 16:22 . 2007-12-25 16:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-25 08:17 . 2007-12-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
2007-12-24 12:55 . 2007-12-24 12:55 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-24 12:55 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-24 12:55 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-24 12:55 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-24 12:53 . 2007-12-24 12:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 12:53 . 2007-12-24 12:54 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-23 09:07 . 2007-12-23 09:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-23 09:07 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-22 23:02 . 2007-12-22 23:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2007-12-20 07:34 . 2008-01-03 23:05 0 --a------ C:\TV.TRV
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\speech
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\Lhsp
2007-12-18 15:46 . 2007-12-18 15:46 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
2007-12-18 08:21 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 06:50 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-01-18 06:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-01-17 07:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-01-15 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-10 07:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 18:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 13:05 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-29 09:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 10:01 --------- d-----w C:\Program Files\PlayMP3z
2007-12-25 16:09 --------- d-----w C:\Program Files\Windows Live
2007-12-25 15:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 06:39 --------- d--h--w C:\Program Files\Fichiers communs\Carlson
2007-12-23 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-23 08:17 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-23 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-17 12:22 19,456 ----a-w C:\WINDOWS\system32\drivers\fskijyhl.dat
2007-12-17 08:39 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-17 08:23 --------- d-----w C:\Program Files\LimeWire
2007-12-17 08:04 --------- d-----w C:\Program Files\Adssite Games Collection
2007-12-16 07:21 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-06 20:48 46,592 ----a-w C:\WINDOWS\system32\mscfg.dll
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 11:07 28,856 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-30 11:07 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-28 11:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-25 08:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2007-11-20 08:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-12 16:27 88,556 ----a-w C:\Documents and Settings\Administrateur\Application Data\serial2.dat
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2001-10-05 09:53 21,866 ----a-w C:\Program Files\Fichiers communs\tppupd2k.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-17_19.08.46.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2008-01-18 06:35:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_69c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-18 15:46 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB95F36C-3337-475B-9661-776A764CF389}]
2004-08-20 00:09 84992 --a------ C:\WINDOWS\system32\basesr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 14:05 7557120]
"CloneCDElbyCDFL"="f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"avast!"="F:\avast\ashDisp.exe" [2007-12-04 14:00 79224]
"devenv"="C:\WINDOWS\system\smvss.exe" [2007-11-12 07:39 25088]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 14:52 675840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"DAEMON Tools"="D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"Anti-Blaxx Manager"="F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 16:35 225280]
"!AVG Anti-Spyware"="D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 10:45 63712]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 wsbloowd;wsbloowd;C:\WINDOWS\system32\drivers\fskijyhl.dat []
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-07 09:34]
S4 Userinit Logon Application;Userinit Logon Application;C:\WINDOWS\userinit.exe []

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DDDFC9C8-A0F8-E0CF-AF00-F0F423E36752}]
C:\WINDOWS\system32\svchast.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 19:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-11 09:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-11 13:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 09:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 19:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 13:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 19:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 09:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\wunauclt.exe
- {:\
"2007-12-23 13:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-18 16:39:45 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\Applications\Utilitaires\Tune Up 2006\SystemOptimizer.exe
"2008-01-18 16:54:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:41:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 18:41:54
ComboFix-quarantined-files.txt 2008-01-18 17:41:42
ComboFix2.txt 2008-01-17 21:58:55
ComboFix3.txt 2008-01-17 18:09:11
.
2007-12-12 17:43:52 --- E O F ---

g!rly · Answer

re,

supprime avast et garde antivir (2 antivirus = conflit)

puis instales l´un de ces deux par feu :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

puis 

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\basesr.dll
C:\WINDOWS\system\smvss.exe
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\wunauclt.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB95F36C-3337-475B-9661-776A764CF389}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"devenv"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

G la frite · Answer

je te poste les rappoorts du scan accompagné de l'autre rapport j'espere que je ne fais pa de betisesComboFix 08-01-09.2 - Administrateur 2008-01-18 19:39:14.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1361 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.

2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Program Files\Avira
2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-10 08:09 . 2008-01-10 08:09 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-08 12:25 . 2008-01-08 12:25 <REP> d-------- C:\Program Files\Sierra On-Line
2008-01-08 12:25 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-01-08 12:25 . 1998-04-24 10:16 558,592 -ra------ C:\WINDOWS\system32\SierraNW.DLL
2008-01-08 12:25 . 1998-04-24 10:16 227,840 -ra------ C:\WINDOWS\system32\SNWValid.dll
2008-01-08 12:25 . 2000-04-04 13:44 44,544 -ra------ C:\WINDOWS\system32\gif89.dll
2008-01-08 12:25 . 2000-04-04 13:44 2,998 -ra------ C:\WINDOWS\system32\setup.ico
2008-01-08 12:14 . 2008-01-08 12:25 348 --a------ C:\WINDOWS\SIERRA.INI
2008-01-05 23:49 . 2008-01-05 23:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-05 23:47 . 2008-01-06 00:04 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-05 23:19 . 2008-01-05 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-05 23:19 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-05 23:19 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-05 23:19 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-05 23:19 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-05 23:19 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-05 22:46 . 2008-01-05 22:46 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-05 22:46 . 2008-01-05 22:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-05 22:46 . 2008-01-05 22:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-05 22:46 . 2008-01-05 22:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-05 20:39 . 2008-01-05 20:39 268 --ah----- C:\sqmdata01.sqm
2008-01-05 20:39 . 2008-01-05 20:39 244 --ah----- C:\sqmnoopt01.sqm
2008-01-05 11:12 . 2008-01-05 11:12 244 --ah----- C:\sqmnoopt00.sqm
2008-01-05 11:12 . 2008-01-05 11:12 232 --ah----- C:\sqmdata00.sqm
2008-01-04 10:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 21:53 . 2003-12-21 17:24 140,800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2008-01-03 21:53 . 2003-12-20 20:03 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2008-01-03 20:49 . 2008-01-03 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 18:00 . 2008-01-03 22:28 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 17:54 . 2008-01-05 23:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-01-03 17:27 . 2008-01-03 17:27 <REP> d-------- C:\Program Files\Yahoo!
2008-01-03 11:08 . 2008-01-03 11:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TrojanHunter
2008-01-03 10:31 . 2007-12-26 11:24 688 --a------ C:\WINDOWS\win.tmp
2008-01-03 10:31 . 2007-06-17 17:19 231 --a------ C:\WINDOWS\system.tmp
2008-01-02 08:30 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 17:12 . 2007-12-31 17:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Uwatec
2007-12-31 17:07 . 2007-12-31 17:07 1,771 --a------ C:\WINDOWS\SetupPestPatrolBeta.mif
2007-12-31 17:06 . 2003-09-24 11:29 665,088 --a------ C:\WINDOWS\LOOP.exe
2007-12-31 16:48 . 2007-12-31 16:48 <REP> d-------- C:\TLK GAMES
2007-12-31 00:17 . 2007-12-31 00:17 32 --a------ C:\WINDOWS\go
2007-12-31 00:10 . 2007-12-31 00:10 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-30 17:58 . 2008-01-03 23:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-30 11:44 . 2007-12-30 11:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-12-29 09:41 . 2007-09-14 05:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-25 19:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-25 19:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-25 19:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-25 17:11 . 2007-12-25 17:11 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-25 17:10 . 2007-12-25 17:12 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-12-25 16:43 . 2007-12-25 16:43 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-25 16:22 . 2007-12-25 16:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-25 16:22 . 2007-12-25 16:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-25 08:17 . 2007-12-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
2007-12-24 12:55 . 2007-12-24 12:55 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-24 12:55 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-24 12:55 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-24 12:55 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-24 12:53 . 2007-12-24 12:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 12:53 . 2007-12-24 12:54 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-22 23:02 . 2007-12-22 23:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2007-12-20 07:34 . 2008-01-03 23:05 0 --a------ C:\TV.TRV
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\speech
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\Lhsp
2007-12-18 15:46 . 2007-12-18 15:46 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
2007-12-18 08:21 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 06:50 77,353 ----a-w C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-01-18 06:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-01-17 07:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-01-15 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-10 07:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 18:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 13:05 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-29 09:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 10:01 --------- d-----w C:\Program Files\PlayMP3z
2007-12-25 16:09 --------- d-----w C:\Program Files\Windows Live
2007-12-25 15:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 06:39 --------- d--h--w C:\Program Files\Fichiers communs\Carlson
2007-12-23 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-23 08:17 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-23 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-17 12:22 19,456 ----a-w C:\WINDOWS\system32\drivers\fskijyhl.dat
2007-12-17 08:39 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-17 08:23 --------- d-----w C:\Program Files\LimeWire
2007-12-17 08:04 --------- d-----w C:\Program Files\Adssite Games Collection
2007-12-16 07:21 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-06 20:48 46,592 ----a-w C:\WINDOWS\system32\mscfg.dll
2007-12-03 11:07 28,856 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-30 11:07 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-28 11:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-25 08:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2007-11-20 08:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-12 16:27 88,556 ----a-w C:\Documents and Settings\Administrateur\Application Data\serial2.dat
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2001-10-05 09:53 21,866 ----a-w C:\Program Files\Fichiers communs\tppupd2k.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-17_19.08.46.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 18:06:32 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-18 18:39:09 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-17 18:06:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-18 18:39:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-17 18:06:32 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-18 18:39:09 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-17 18:06:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-18 18:39:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-17 18:06:33 6,766,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-18 18:39:09 6,766,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-17 18:06:33 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-18 18:39:09 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2008-01-18 06:35:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_69c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB95F36C-3337-475B-9661-776A764CF389}]
2004-08-20 00:09 84992 --a------ C:\WINDOWS\system32\basesr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 14:05 7557120]
"CloneCDElbyCDFL"="f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 14:52 675840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"DAEMON Tools"="D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"Anti-Blaxx Manager"="F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 16:35 225280]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 10:45 63712]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 wsbloowd;wsbloowd;C:\WINDOWS\system32\drivers\fskijyhl.dat []
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4ss.exe" [2007-04-26 10:21]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-07 09:34]
S4 Userinit Logon Application;Userinit Logon Application;C:\WINDOWS\userinit.exe []

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DDDFC9C8-A0F8-E0CF-AF00-F0F423E36752}]
C:\WINDOWS\system32\svchast.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 19:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-11 09:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-11 13:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 09:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 19:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 13:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 19:00:01 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-23 09:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\wunauclt.exe
- {:\
"2007-12-23 13:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\wunauclt.exe
"2008-01-18 16:39:45 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\Applications\Utilitaires\Tune Up 2006\SystemOptimizer.exe
"2008-01-18 17:54:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 19:40:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 19:41:33
ComboFix-quarantined-files.txt 2008-01-18 18:41:22
ComboFix2.txt 2008-01-18 17:41:55
ComboFix3.txt 2008-01-17 21:58:55
ComboFix4.txt 2008-01-17 18:09:11
.
2007-12-12 17:43:52 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 18:33:37, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\avast\aswUpdSv.exe
F:\avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
F:\avast\ashDisp.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\svchost.exe
D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe
F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\Logiciels\opera\Opera.exe
F:\avast\ashMaiSv.exe
F:\avast\ashWebSv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
D:\Applications\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AB95F36C-3337-475B-9661-776A764CF389} - C:\WINDOWS\system32\basesr.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [avast!] F:\avast\ashDisp.exe
O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\avast\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Applications\Avg anti virus\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Applications\Utilitaires\Tune Up 2006\WinStylerThemeSvc.exe

g!rly · Answer

re,

je crois pas que tu es fait comme je t´avais demandé 

recommence :

supprime avast et garde antivir (2 antivirus = conflit)

puis instales l´un de ces deux par feu :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/

puis

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\basesr.dll
C:\WINDOWS\system\smvss.exe
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\wunauclt.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB95F36C-3337-475B-9661-776A764CF389}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"devenv"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

G la frite · Answer

rebonjour girly et merçi de ta patiente
je te poste combofix et hitjackthis et te dis a demain et bonne nuitComboFix 08-01-09.2 - Administrateur 2008-01-18 23:21:50.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1628 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system\smvss.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\system32\basesr.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.

2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Program Files\Avira
2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-10 08:09 . 2008-01-10 08:09 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-08 12:25 . 2008-01-08 12:25 <REP> d-------- C:\Program Files\Sierra On-Line
2008-01-08 12:25 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-01-08 12:25 . 1998-04-24 10:16 558,592 -ra------ C:\WINDOWS\system32\SierraNW.DLL
2008-01-08 12:25 . 1998-04-24 10:16 227,840 -ra------ C:\WINDOWS\system32\SNWValid.dll
2008-01-08 12:25 . 2000-04-04 13:44 44,544 -ra------ C:\WINDOWS\system32\gif89.dll
2008-01-08 12:25 . 2000-04-04 13:44 2,998 -ra------ C:\WINDOWS\system32\setup.ico
2008-01-08 12:14 . 2008-01-08 12:25 348 --a------ C:\WINDOWS\SIERRA.INI
2008-01-05 23:49 . 2008-01-05 23:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-05 23:47 . 2008-01-06 00:04 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-05 23:19 . 2008-01-05 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-05 23:19 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-05 23:19 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-05 23:19 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-05 23:19 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-05 23:19 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-05 22:46 . 2008-01-05 22:46 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-05 22:46 . 2008-01-05 22:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-05 22:46 . 2008-01-05 22:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-05 22:46 . 2008-01-05 22:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-05 20:39 . 2008-01-05 20:39 268 --ah----- C:\sqmdata01.sqm
2008-01-05 20:39 . 2008-01-05 20:39 244 --ah----- C:\sqmnoopt01.sqm
2008-01-05 11:12 . 2008-01-05 11:12 244 --ah----- C:\sqmnoopt00.sqm
2008-01-05 11:12 . 2008-01-05 11:12 232 --ah----- C:\sqmdata00.sqm
2008-01-04 10:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 21:53 . 2003-12-21 17:24 140,800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2008-01-03 21:53 . 2003-12-20 20:03 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2008-01-03 20:49 . 2008-01-03 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 18:00 . 2008-01-03 22:28 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 17:54 . 2008-01-05 23:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-01-03 17:27 . 2008-01-03 17:27 <REP> d-------- C:\Program Files\Yahoo!
2008-01-03 11:08 . 2008-01-03 11:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TrojanHunter
2008-01-03 10:31 . 2007-12-26 11:24 688 --a------ C:\WINDOWS\win.tmp
2008-01-03 10:31 . 2007-06-17 17:19 231 --a------ C:\WINDOWS\system.tmp
2008-01-02 08:30 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 17:12 . 2007-12-31 17:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Uwatec
2007-12-31 17:07 . 2007-12-31 17:07 1,771 --a------ C:\WINDOWS\SetupPestPatrolBeta.mif
2007-12-31 17:06 . 2003-09-24 11:29 665,088 --a------ C:\WINDOWS\LOOP.exe
2007-12-31 16:48 . 2007-12-31 16:48 <REP> d-------- C:\TLK GAMES
2007-12-31 00:17 . 2007-12-31 00:17 32 --a------ C:\WINDOWS\go
2007-12-31 00:10 . 2007-12-31 00:10 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-30 17:58 . 2008-01-03 23:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-30 11:44 . 2007-12-30 11:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-12-29 09:41 . 2007-09-14 05:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-25 19:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-25 19:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-25 19:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-25 17:11 . 2007-12-25 17:11 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-25 17:10 . 2007-12-25 17:12 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-12-25 16:43 . 2007-12-25 16:43 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-25 16:22 . 2007-12-25 16:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-25 16:22 . 2007-12-25 16:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-25 08:17 . 2007-12-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
2007-12-24 12:55 . 2007-12-24 12:55 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-24 12:55 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-24 12:55 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-24 12:55 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-24 12:53 . 2007-12-24 12:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 12:53 . 2007-12-24 12:54 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-22 23:02 . 2007-12-22 23:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2007-12-20 07:34 . 2008-01-03 23:05 0 --a------ C:\TV.TRV
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\speech
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\Lhsp
2007-12-18 08:21 . 2004-03-09 01:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 22:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-01-17 07:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-01-15 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-10 07:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 18:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 13:05 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-29 09:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 10:01 --------- d-----w C:\Program Files\PlayMP3z
2007-12-25 16:09 --------- d-----w C:\Program Files\Windows Live
2007-12-25 15:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 06:39 --------- d--h--w C:\Program Files\Fichiers communs\Carlson
2007-12-23 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-23 08:17 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-23 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-17 12:22 19,456 ----a-w C:\WINDOWS\system32\drivers\fskijyhl.dat
2007-12-17 08:39 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-17 08:23 --------- d-----w C:\Program Files\LimeWire
2007-12-17 08:04 --------- d-----w C:\Program Files\Adssite Games Collection
2007-12-16 07:21 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-06 20:48 46,592 ----a-w C:\WINDOWS\system32\mscfg.dll
2007-12-03 11:07 28,856 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-30 11:07 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-28 11:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-25 08:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2007-11-20 08:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-12 16:27 88,556 ----a-w C:\Documents and Settings\Administrateur\Application Data\serial2.dat
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2001-10-05 09:53 21,866 ----a-w C:\Program Files\Fichiers communs\tppupd2k.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-17_19.08.46.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 18:06:32 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-18 22:13:44 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-17 18:06:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-18 22:13:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-17 18:06:32 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-18 22:13:44 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-17 18:06:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-18 22:13:44 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-17 18:06:33 6,766,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-18 22:13:45 6,766,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-17 18:06:33 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-18 22:13:45 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB95F36C-3337-475B-9661-776A764CF389}]
2004-08-20 00:09 84992 --a------ C:\WINDOWS\system32\basesr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 14:05 7557120]
"CloneCDElbyCDFL"="f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 14:52 675840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"DAEMON Tools"="D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"Anti-Blaxx Manager"="F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 16:35 225280]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 10:45 63712]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 wsbloowd;wsbloowd;C:\WINDOWS\system32\drivers\fskijyhl.dat []
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4ss.exe" [2007-04-26 10:21]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-07 09:34]
S4 Userinit Logon Application;Userinit Logon Application;C:\WINDOWS\userinit.exe []

*Newly Created Service* - SPF4
*Newly Created Service* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DDDFC9C8-A0F8-E0CF-AF00-F0F423E36752}]
C:\WINDOWS\system32\svchast.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-18 16:39:45 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\Applications\Utilitaires\Tune Up 2006\SystemOptimizer.exe
"2008-01-18 21:54:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 23:25:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 23:27:03
ComboFix-quarantined-files.txt 2008-01-18 22:26:57
ComboFix2.txt 2008-01-18 18:41:34
ComboFix3.txt 2008-01-18 17:41:55
ComboFix4.txt 2008-01-17 21:58:55
ComboFix5.txt 2008-01-17 18:09:11
.
2007-12-12 17:43:52 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 23:32:59, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4ss.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4gui.exe
F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\vsnp2std.exe
D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe
F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Applications\Logiciels\opera\Opera.exe
D:\Applications\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AB95F36C-3337-475B-9661-776A764CF389} - C:\WINDOWS\system32\basesr.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Applications\Utilitaires\Tune Up 2006\WinStylerThemeSvc.exe

g!rly · Answer

re,

j´ai oublié un detail :

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\basesr.dll
C:\WINDOWS\system32\drivers\fskijyhl.dat

driver::
wsbloowd

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB95F36C-3337-475B-9661-776A764CF389}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 


Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

G la frite · Answer

Salut Girly

Absent toute la journée et repart de suite. Je te poste les rapports combofix et hijackthis

J'espere que c bonComboFix 08-01-09.2 - Administrateur 2008-01-19 18:55:29.12 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1596 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Program Files\Avira
2008-01-18 18:03 . 2008-01-18 18:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-10 08:09 . 2008-01-10 08:09 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-08 12:25 . 2008-01-08 12:25 <REP> d-------- C:\Program Files\Sierra On-Line
2008-01-08 12:25 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\Roboex32.dll
2008-01-08 12:25 . 1998-04-24 10:16 558,592 -ra------ C:\WINDOWS\system32\SierraNW.DLL
2008-01-08 12:25 . 1998-04-24 10:16 227,840 -ra------ C:\WINDOWS\system32\SNWValid.dll
2008-01-08 12:25 . 2000-04-04 13:44 44,544 -ra------ C:\WINDOWS\system32\gif89.dll
2008-01-08 12:25 . 2000-04-04 13:44 2,998 -ra------ C:\WINDOWS\system32\setup.ico
2008-01-08 12:14 . 2008-01-08 12:25 348 --a------ C:\WINDOWS\SIERRA.INI
2008-01-05 23:49 . 2008-01-05 23:58 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-05 23:47 . 2008-01-06 00:04 <REP> d-------- C:\WINDOWS\Internet Logs
2008-01-05 23:19 . 2008-01-05 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-01-05 23:19 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-05 23:19 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-01-05 23:19 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-05 23:19 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-05 23:19 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-05 22:46 . 2008-01-05 22:46 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-05 22:46 . 2008-01-05 22:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-05 22:46 . 2008-01-05 22:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-05 22:46 . 2008-01-05 22:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-05 20:39 . 2008-01-05 20:39 268 --ah----- C:\sqmdata01.sqm
2008-01-05 20:39 . 2008-01-05 20:39 244 --ah----- C:\sqmnoopt01.sqm
2008-01-05 11:12 . 2008-01-05 11:12 244 --ah----- C:\sqmnoopt00.sqm
2008-01-05 11:12 . 2008-01-05 11:12 232 --ah----- C:\sqmdata00.sqm
2008-01-04 10:28 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 21:53 . 2003-12-21 17:24 140,800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2008-01-03 21:53 . 2003-12-20 20:03 5,504 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2008-01-03 20:49 . 2008-01-03 20:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-03 18:00 . 2008-01-03 22:28 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-03 17:54 . 2008-01-05 23:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-01-03 17:27 . 2008-01-03 17:27 <REP> d-------- C:\Program Files\Yahoo!
2008-01-03 11:08 . 2008-01-03 11:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TrojanHunter
2008-01-03 10:31 . 2007-12-26 11:24 688 --a------ C:\WINDOWS\win.tmp
2008-01-03 10:31 . 2007-06-17 17:19 231 --a------ C:\WINDOWS\system.tmp
2008-01-02 08:30 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-31 17:12 . 2007-12-31 17:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Uwatec
2007-12-31 17:07 . 2007-12-31 17:07 1,771 --a------ C:\WINDOWS\SetupPestPatrolBeta.mif
2007-12-31 17:06 . 2003-09-24 11:29 665,088 --a------ C:\WINDOWS\LOOP.exe
2007-12-31 16:48 . 2007-12-31 16:48 <REP> d-------- C:\TLK GAMES
2007-12-31 00:17 . 2007-12-31 00:17 32 --a------ C:\WINDOWS\go
2007-12-31 00:10 . 2007-12-31 00:10 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2007-12-30 17:58 . 2008-01-03 23:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-30 11:44 . 2007-12-30 11:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-12-29 09:41 . 2007-09-14 05:21 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-25 19:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-25 19:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-25 19:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-25 17:11 . 2007-12-25 17:11 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-12-25 17:10 . 2007-12-25 17:12 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-12-25 16:43 . 2007-12-25 16:43 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-25 16:22 . 2007-12-25 16:31 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-25 16:22 . 2007-12-25 16:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-25 08:17 . 2007-12-25 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Aspyr
2007-12-24 12:55 . 2007-12-24 12:55 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-12-24 12:55 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-24 12:55 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-24 12:55 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-24 12:53 . 2007-12-24 12:53 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-12-24 12:53 . 2007-12-24 12:54 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-22 23:02 . 2007-12-22 23:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Thunderbird
2007-12-20 07:34 . 2008-01-03 23:05 0 --a------ C:\TV.TRV
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\speech
2007-12-19 08:15 . 2007-12-19 08:15 <REP> d-------- C:\WINDOWS\Lhsp

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 17:49 28,991 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-19 12:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-01-17 07:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-01-15 12:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-10 07:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 18:06 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-30 13:05 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-29 09:25 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 10:01 --------- d-----w C:\Program Files\PlayMP3z
2007-12-25 16:09 --------- d-----w C:\Program Files\Windows Live
2007-12-25 15:37 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 06:39 --------- d--h--w C:\Program Files\Fichiers communs\Carlson
2007-12-23 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-23 08:17 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-23 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-17 12:22 19,456 ----a-w C:\WINDOWS\system32\drivers\fskijyhl.dat
2007-12-17 08:39 40,737 ----a-w C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-17 08:23 --------- d-----w C:\Program Files\LimeWire
2007-12-17 08:04 --------- d-----w C:\Program Files\Adssite Games Collection
2007-12-16 07:21 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2007-12-06 20:48 46,592 ----a-w C:\WINDOWS\system32\mscfg.dll
2007-11-30 11:07 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-28 11:14 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-25 08:04 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
2007-11-20 08:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-12 16:27 88,556 ----a-w C:\Documents and Settings\Administrateur\Application Data\serial2.dat
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
2001-10-05 09:53 21,866 ----a-w C:\Program Files\Fichiers communs\tppupd2k.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-17_19.08.46.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 18:06:32 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-19 11:41:36 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-17 18:06:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-19 11:41:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-17 18:06:32 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-19 11:41:36 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-17 18:06:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-19 11:41:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-17 18:06:33 6,766,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-19 11:41:36 6,766,592 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-17 18:06:33 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-19 11:41:36 143,360 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
+ 2008-01-18 18:30:40 18,718 ----a-r C:\WINDOWS\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-19 17:06:13 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-04-26 09:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
+ 2007-04-26 09:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2003-03-18 20:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB95F36C-3337-475B-9661-776A764CF389}]
2004-08-20 00:09 84992 --a------ C:\WINDOWS\system32\basesr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 14:05 7557120]
"CloneCDElbyCDFL"="f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 07:33 45056]
"CloneCDTray"="f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 15:17 73728]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 14:52 675840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"DAEMON Tools"="D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"Anti-Blaxx Manager"="F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe" [2005-10-26 16:35 225280]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 10:45 63712]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 18:06 249896]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"Alcmtr"=ALCMTR.EXE
"RTHDCPL"=RTHDCPL.EXE
"TPP Auto Loader"=C:\WINDOWS\TPPALDR.EXE
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

R0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [2002-11-28 11:43]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R0 wsbloowd;wsbloowd;C:\WINDOWS\system32\drivers\fskijyhl.dat []
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4ss.exe" [2007-04-26 10:21]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-07 09:34]
S4 Userinit Logon Application;Userinit Logon Application;C:\WINDOWS\userinit.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DDDFC9C8-A0F8-E0CF-AF00-F0F423E36752}]
C:\WINDOWS\system32\svchast.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-18 16:39:45 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- D:\Applications\Utilitaires\Tune Up 2006\SystemOptimizer.exe
"2008-01-19 17:54:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 18:59:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 19:00:25
ComboFix-quarantined-files.txt 2008-01-19 18:00:19
ComboFix2.txt 2008-01-18 22:27:05
ComboFix3.txt 2008-01-18 18:41:34
ComboFix4.txt 2008-01-18 17:41:55
ComboFix5.txt 2008-01-17 21:58:55
.
2007-12-12 17:43:52 --- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 20:43:16, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\vsnp2std.exe
D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe
F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\WINDOWS\System32\svchost.exe
D:\Applications\emule v0.48a\eMule\emule.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Logiciels a Installer si tu veux\DVD Décrypter 3.5.4.0\DVD Decrypter\DVDDecrypter.exe
D:\Applications\Logiciels\opera\Opera.exe
D:\Applications\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AB95F36C-3337-475B-9661-776A764CF389} - C:\WINDOWS\system32\basesr.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "f:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "f:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Applications\daemon tools 4.00he\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] F:\Jeux Damien\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kerio(par feu)\kpf4ss.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Applications\Utilitaires\Tune Up 2006\WinStylerThemeSvc.exe

g!rly · Answer

salut,

ca n´as pas marché

peux tu faire analyser ceci 

C:\WINDOWS\system32\zllictbl.dat

ici et poster le resultat :

https://www.virustotal.com/gui/

@+

G la frite · Answer

Salut girly je te poste analyse virustotal| Sloven&#353;&#269;ina | Dansk | &#1056;&#1091;&#1089;&#1089;&#1082;&#1080;&#1081; | Român&#259; | Türkçe | Nederlands | &#917;&#955;&#955;&#951;&#957;&#953;&#954;&#940; | Svenska | Português | Italiano |  |  | Magyar | Deutsch | &#268;esky | Polski | Español | English 
 	Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...

Fichier zllictbl.dat reçu le 2008.01.20 19:14:12 (CET)
Situation actuelle:     terminé 
Résultat: 0/32 (0%) 
 Formaté 
Impression des résultats  Antivirus	Version	Dernière mise à jour	Résultat
AhnLab-V3	2008.1.19.10	2008.01.18	-
AntiVir	7.6.0.48	2008.01.20	-
Authentium	4.93.8	2008.01.20	-
Avast	4.7.1098.0	2008.01.20	-
AVG	7.5.0.516	2008.01.20	-
BitDefender	7.2	2008.01.20	-
CAT-QuickHeal	9.00	2008.01.19	-
ClamAV	0.91.2	2008.01.20	-
DrWeb	4.44.0.09170	2008.01.20	-
eSafe	7.0.15.0	2008.01.16	-
eTrust-Vet	31.3.5470	2008.01.18	-
Ewido	4.0	2008.01.20	-
FileAdvisor	1	2008.01.20	-
Fortinet	3.14.0.0	2008.01.20	-
F-Prot	4.4.2.54	2008.01.19	-
F-Secure	6.70.13260.0	2008.01.20	-
Ikarus	T3.1.1.20	2008.01.20	-
Kaspersky	7.0.0.125	2008.01.20	-
McAfee	5211	2008.01.18	-
Microsoft	1.3109	2008.01.20	-
NOD32v2	2808	2008.01.20	-
Norman	5.80.02	2008.01.20	-
Panda	9.0.0.4	2008.01.20	-
Prevx1	V2	2008.01.20	-
Rising	20.27.62.00	2008.01.20	-
Sophos	4.24.0	2008.01.20	-
Sunbelt	2.2.907.0	2008.01.17	-
Symantec	10	2008.01.20	-
TheHacker	6.2.9.191	2008.01.19	-
VBA32	3.12.2.5	2008.01.19	-
VirusBuster	4.3.26:9	2008.01.20	-
Webwasher-Gateway	6.6.2	2008.01.20	-
Information additionnelle
File size: 4212 bytes
MD5: 72a9281b64859999fd95c1191acc3290
SHA1: aa370ec716e380a658ca9a02fa2926010c70bdfe
PEiD: -



 ATTENTION: VirusTotal iest un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares. 
 
VirusTotal © Hispasec Sistemas -  Blog - Contact: info@virustotal.com

g!rly · Answer

re,

peux tu le refaire analyser ici :

http://virusscan.jotti.org/de/

@+

G la frite · Answer

salut Girly

 c pas en français ton truc comment faire
@+

g!rly · Answer

salut G la frite,

je sais c´est pas en francais, mais en haut tu as une case parcourir;  apres c´est le meme principe que sur virus total.

@+

Win 32 bho-kd(trj)

14 réponses

Votre réponse

Discussions similaires

Newsletters