[trojandownloader.xs] à l'aide ! Résolu/Fermé

Question

Bonjour,
j'ai passé la nuit à essayer de me débarrasser de ce parasite, en vain. Si quelqu'un pouvait m'aider à vaincre "trojandownloader.xs" (a vrai dire, je ne sais pas si c'est le vrai nom ou juste une arnaque d'un certain site pour m'inciter a acheter un de leur anti-spywares)

Sinon, voici ce qui se passe avec mon pc :
Au lieu de mon fond d'écran habituel j'ai droit à un joli bleu accompagné du texte suivant 

"Warning ! Spyware threat has been detected on your PC.
Your computer has several fatal errors due to spyware activity.
etc.."

Régulièrement d infos bulles en anglais surgissent de la barre des tâches pour me dire que mon pc est infecté etc... Et quand je clique dessus, cela me renvoie à une page où je peux acheter des anti-spyware. 
j'ai essayé une bone douzaine de ces logiciels, sans succès.
Je vous poste mon log d'hijack, en espérant que vous puissiez m'aider...

------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:32, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
G:\Mes Documents 2\logiciels\utorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Downloads\HiJackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Microsoft Update] esplorer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] esplorer.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] esplorer.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Télécharger avec NetTransport - G:\Program Files\NetTransport\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - G:\Program Files\NetTransport\NTAddList.html
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

toutbio · Accepted Answer

salut a tous si vous avez le même problème et que vous utilisez avast antivirus (gratuit) utilisez aswclnr (gratuit cf site avast) moi il ni a plus de trace du virus salut a+

green day · Answer

Salut

pas mal ...

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

* Démarrer en mode sans echec 
* Double cliquer combofix.exe. 
* Appuyer sur la touche Y (Yes) pour démarrer le scan 
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp 

++

Utilisateur anonyme · Answer

bonjour

et si tu est toujours embêter utilise ceci

merci à il-mafioso pour ce très bon logiciel
télécharge ceci tu prend le fichier navilog.exe tu l'installe et tu fait 1

http://il.mafioso.pagesperso-orange.fr/Navifix/download.htm

ensuite tu poste le résultat

fromelh · Answer

voila le rapport de combofix... ca m'a pris un peu de temps, mais le trojan semblait ralentir les performances de ma machine. pour l'instant ca a l'air d'aller....

------------------------------------------

ComboFix 08-03-01.3 - Administrateur 2008-03-02 12:41:53.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.130 [GMT 1:00]
Endroit: G:\Downloads\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\#SharedObjects\2SME8ZJM\www.broadcaster.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Propriétaire\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Propriétaire\new.txt
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system\smss.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nvsvcd.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\Wpcap.dll
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_WINDOWS_LOG

((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-02 12:47 . 2008-03-02 12:50 <REP> d-------- C:\WINDOWS\system32\acespy
2008-03-02 12:47 . 2008-03-02 12:50 <REP> d-------- C:\Program Files\p2pnetworks
2008-03-02 12:47 . 2008-03-02 12:50 <REP> d-------- C:\Program Files\e-zshopper
2008-03-02 12:47 . 2008-03-02 12:50 <REP> d-------- C:\Program Files\amsys
2008-03-02 12:47 . 2008-03-02 12:50 <REP> d-------- C:\Program Files\akl
2008-03-02 12:47 . 2008-03-02 12:50 <REP> d-------- C:\Program Files\Accoona
2008-03-02 12:47 . 2008-03-02 12:50 <REP> d-------- C:\Program Files\3721
2008-03-02 12:38 . 2002-11-07 21:40 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-02 12:38 . 2002-11-07 20:31 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-03-02 12:38 . 2002-11-07 20:31 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-02 12:38 . 2004-06-23 02:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-03-02 12:38 . 2004-06-22 19:31 <REP> dra------ C:\Documents and Settings\Administrateur\Mes documents
2008-03-02 12:38 . 2004-06-23 02:56 <REP> dra------ C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-03-02 12:38 . 2004-06-23 02:56 <REP> dra------ C:\Documents and Settings\Administrateur\Favoris
2008-03-02 12:38 . 2002-11-07 21:49 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-02 12:38 . 2002-11-07 21:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\VERITAS
2008-03-02 12:38 . 2002-11-07 21:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-03-02 12:38 . 2002-11-07 21:39 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2008-03-02 04:58 . 2008-03-02 09:23 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 01:22 . 2008-03-02 01:22 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 01:13 . 2008-03-02 01:13 106 --a------ C:\WINDOWS\wininit.ini
2008-03-01 22:42 . 2008-03-01 22:42 89,099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-01 22:42 . 2008-03-01 22:42 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-01 07:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-01 07:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-01 07:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-29 12:19 . 2008-02-29 12:19 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-29 12:18 . 2008-02-29 12:22 <REP> d-------- C:\Program Files\Windows Live
2008-02-29 12:18 . 2008-02-29 12:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 09:45 . 2008-02-28 09:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-28 09:45 . 2008-02-28 09:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-27 16:20 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-27 16:20 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-27 16:20 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-27 16:20 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-15 18:39 . 2008-02-19 11:46 3,536 --a------ C:\drmHeader.bin
2008-02-03 18:44 . 2008-02-03 18:44 <REP> d-------- C:\Program Files\Restorer2000 Pro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 11:47 8,448 ----a-w C:\WINDOWS\ngd.dll
2008-03-02 04:51 --------- d-----w C:\Program Files\eMule
2008-03-02 03:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 03:41 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-02 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-01 13:25 --------- d-----w C:\Program Files\FlashGet
2008-02-29 11:22 --------- d-----w C:\Program Files\MSN Messenger
2008-02-25 17:03 --------- d-----w C:\Program Files\VideoLAN
2008-02-21 18:41 --------- d-----w C:\Program Files\DivX
2008-02-19 16:32 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-19 10:04 --------- d-----w C:\Program Files\PC Wizard 2004
2008-01-24 12:10 --------- d-----w C:\Program Files\PokerAcademy2
2008-01-23 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\PokerAcademy2
2005-05-13 16:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 -csha-r C:\WINDOWS\MOTA113.exe
2005-10-13 20:27 422,400 -csha-r C:\WINDOWS\x2.64.exe
2004-06-22 19:01 32 --sha-w C:\WINDOWS\{30E27BE1-E96B-4CF4-9C1D-9D57D6FACD33}.dat
2004-07-19 11:13 56 -csh--r C:\WINDOWS\system32\A392A3D701.sys
2005-10-07 18:14 308,224 -csha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 23:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24 2,945,024 -csha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2004-06-22 19:01 32 --sha-w C:\WINDOWS\system32\{41D3EBEC-A381-4698-859E-8FE810443017}.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 13:19 852038 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 19:40 143360]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 19:28 81920]
"nwiz"="nwiz.exe" [2003-07-28 13:19 323584 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-07-28 13:19 49152]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 13:19 4841472]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [2002-10-25 15:33 69632]
"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 20:56 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 21:30 188416]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 07:05 114688]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-08-12 01:02 180269]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-03 20:47 98304]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-20 00:09 160768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Update"="esplorer.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update"="esplorer.exe" []
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-19 15:07 54888]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON-9Online.LNK]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON-9Online.LNK
backup=C:\WINDOWS\pss\DSLMON-9Online.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\.nvsvc]
C:\WINDOWS\system\smss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a--c--- 2003-07-15 13:36 54512 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a--c--- 2003-07-15 13:42 60344 C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-07-03 20:47 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2005-12-20 15:35 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-12 01:02 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Fax"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Fichiers communs\\Synacast\\SynaLive\\PE.exe"=
"G:\\Mes Documents 2\\logiciels\\utorrent.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8285:TCP"= 8285:TCP:*:Disabled:ppLive
"3890:UDP"= 3890:UDP:*:Disabled:ppLive
"9420:TCP"= 9420:TCP:RSP
"4262:TCP"= 4262:TCP:*:Disabled:ppLive
"8726:UDP"= 8726:UDP:*:Disabled:ppLive

S3 packet_2.1;Packet Driver v2.1;C:\WINDOWS\system32\drivers\packet.sys [2000-10-24 15:26]
S3 PentaxUsb;Pentax Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-03-17 05:59]
S3 PentaxVc;Pentax Video Capture;C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-03-17 06:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-02 08:42:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 12:51:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-02 12:55:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 11:54:54
.
2008-03-02 00:38:26 --- E O F ---

green day · Answer

bien, bon nettoyage déjà

# Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4 

* Double-cliquer sur VundoFix.exe afin de le lancer. 
* Cliquer sur le bouton Scan for Vundo. 
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo. 
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES 
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers. * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer. 
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp 

++

green day · Answer

ok,

Télécharge SDFix sur ton bureau 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
Redémarre ton ordinateur en mode sans échec 
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script. 
Appuie sur Y pour commencer le processus de nettoyage. 
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
Appuie sur une touche pour redémarrer le PC. 
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

++

fromelh · Answer

Tout d'abord le report de SDFix


[b]SDFix: Version 1.150 [/b]

Run by Administrateur on 02/03/2008 at 15:32

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper 

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted
C:\WINDOWS\system32\TFTP3640 - Deleted



Folder C:\Program Files\3721 - Removed
Folder C:\Program Files\Accoona - Removed
Folder C:\Program Files\akl - Removed
Folder C:\Program Files\amsys - Removed
Folder C:\Program Files\e-zshopper - Removed
Folder C:\Program Files\p2pnetworks - Removed
Folder C:\WINDOWS\system32\acespy - Removed


Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 15:42:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Fichiers communs\Synacast\SynaLive\PE.exe"="C:\Program Files\Fichiers communs\Synacast\SynaLive\PE.exe:*:Enabled:PE"
"G:\Mes Documents 2\logiciels\utorrent.exe"="G:\Mes Documents 2\logiciels\utorrent.exe:*:Enabled:utorrent"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft  Fax Console"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 13 May 2005       217,073 A.SHR --- "C:\WINDOWS\meta4.exe"
Mon 24 Oct 2005        66,560 A.SHR --- "C:\WINDOWS\MOTA113.exe"
Thu 13 Oct 2005       422,400 A.SHR --- "C:\WINDOWS\x2.64.exe"
Mon 19 Jul 2004            56 ..SHR --- "C:\WINDOWS\system32\A392A3D701.sys"
Fri  7 Oct 2005       308,224 A.SHR --- "C:\WINDOWS\system32\avisynth.dll"
Thu 14 Jul 2005        27,648 A.SHR --- "C:\WINDOWS\system32\AVSredirect.dll"
Sun 26 Jun 2005       616,448 A.SHR --- "C:\WINDOWS\system32\cygwin1.dll"
Tue 21 Jun 2005        45,568 A.SHR --- "C:\WINDOWS\system32\cygz.dll"
Sun 25 Jan 2004        70,656 A.SHR --- "C:\WINDOWS\system32\i420vfw.dll"
Thu 27 Apr 2006     2,945,024 A.SHR --- "C:\WINDOWS\system32\Smab.dll"
Mon 28 Feb 2005       240,128 A.SHR --- "C:\WINDOWS\system32\x.264.exe"
Sun 25 Jan 2004        70,656 A.SHR --- "C:\WINDOWS\system32\yv12vfw.dll"
Wed 30 Jun 2004         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 22 Oct 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 24 Jun 2004         1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg.reg"
Thu 24 Jun 2004         1,206 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\ccReg_old.reg"
Thu 24 Jun 2004        12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient_old.reg"
Thu 24 Jun 2004        12,368 A..HR --- "C:\Program Files\Fichiers communs\Symantec Shared\Registry Backup\CommonClient.reg"

[b]Finished![/b]



Ensuite, le rapport Hijack This


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:06, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\9Telecom\modem_ADSL_USB_Comtrend_CT-350\dslmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\Messenger\msmsgs.exe
G:\Mes Documents 2\logiciels\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.9online.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: DSLMON-9Online.LNK = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Télécharger avec NetTransport - G:\Program Files\NetTransport\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - G:\Program Files\NetTransport\NTAddList.html
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E15111B0-95AE-4C05-B91F-F4564057990C} (MovieSystem WAY) - http://servicesv4.moviesystem.com/cabs/msway.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

green day · Answer

ok, fais ce qui est indiqué ici :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

babaf76 · Answer

moi jai le meme pb de virus jai effectuer le combo fix voila le le rapport quelqu'un peut m'aider?
ComboFix 08-03-27.5 - fabien 2008-03-29 13:57:51.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1485 [GMT 1:00]
Endroit: C:\Documents and Settings\fabien\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\.protected
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\.protected
C:\Documents and Settings\fabien\Favoris\Error Cleaner.url
C:\Documents and Settings\fabien\Favoris\Privacy Protector.url
C:\Documents and Settings\fabien\Favoris\Spyware&Malware Protection.url
C:\Documents and Settings\fabien\Menu Démarrer\Programmes\Démarrage\.protected
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\WINDOWS\.protected
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\Installer\{5bd2d1b5-d756-4037-bf98-986e1905f5c3}
C:\WINDOWS\Installer\{5bd2d1b5-d756-4037-bf98-986e1905f5c3}\zip.dll
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\drivers\etc\.protected
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))))))
.

2008-03-28 23:07 . 2008-03-28 23:07 <REP> d-------- C:\Program Files\Avira
2008-03-28 23:07 . 2008-03-28 23:07 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-03-28 22:42 . 2008-03-28 22:59 <REP> d-------- C:\WINDOWS\AU_Temp
2008-03-28 22:42 . 2008-03-28 22:43 36,267,177 --a------ C:\WINDOWS\VPTNFILE.191
2008-03-28 22:42 . 2008-03-28 22:43 36,267,177 --a------ C:\WINDOWS\LPT$VPN.191
2008-03-28 22:35 . 2008-03-28 22:58 <REP> d-------- C:\fixwareout
2008-03-28 20:18 . 2008-03-28 22:58 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-03-26 23:23 . 2008-03-21 20:09 90,112 --a------ C:\WINDOWS\system32\uqzjcirr.exe
2008-03-26 17:31 . 2008-03-26 17:31 1,940,537 --a------ C:\WINDOWS\tsc.ptn
2008-03-26 17:31 . 2008-03-28 22:43 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-03-26 17:31 . 2008-03-26 17:31 333,576 --a------ C:\WINDOWS\TSC.exe
2008-03-26 17:31 . 2008-03-28 22:43 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-03-26 17:31 . 2008-03-26 17:31 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-03-26 17:31 . 2008-03-28 22:43 823 --a------ C:\WINDOWS\tsc.ini
2008-03-26 17:29 . 2008-03-26 17:29 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-03-26 17:29 . 2008-03-26 17:29 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-03-26 17:29 . 2008-03-26 17:29 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-03-26 17:29 . 2008-03-28 22:42 170 --a------ C:\WINDOWS\GetServer.ini
2008-03-24 19:45 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-24 19:45 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-03-24 19:45 . 2004-08-04 00:55 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-24 19:45 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-24 19:45 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-24 19:45 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-24 19:45 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-24 19:44 . 2005-07-30 04:56 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-24 19:44 . 2004-08-04 00:55 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-24 19:44 . 2004-08-04 00:54 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-24 19:44 . 2004-08-04 00:55 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-24 19:44 . 2004-08-04 00:55 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-03-24 19:44 . 2004-08-03 23:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-24 19:40 . 2004-12-18 09:58 245,820 --a------ C:\WINDOWS\system32\VM31bPrp.Ax
2008-03-24 19:40 . 2002-08-22 16:34 147,456 --a------ C:\WINDOWS\VMCap.exe
2008-03-24 19:40 . 2005-02-26 16:25 91,527 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2008-03-24 19:40 . 2003-05-15 17:17 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2008-03-24 19:40 . 2004-04-26 15:48 53,248 --a------ C:\WINDOWS\amcap.exe
2008-03-24 19:40 . 2004-06-09 15:37 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2008-03-23 18:32 . 2008-03-23 18:32 <REP> d-------- C:\Documents and Settings\fabien\Application Data\Grisoft
2008-03-23 18:32 . 2008-03-23 18:32 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-03-23 18:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-22 19:56 . 2008-03-22 19:56 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-03-22 17:22 . 2008-03-28 22:59 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-22 17:22 . 2008-03-22 17:23 <REP> d-------- C:\Documents and Settings\fabien\Application Data\PC-Cleaner
2008-03-22 14:30 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-22 14:30 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-22 14:30 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-22 14:30 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-22 14:30 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-22 14:30 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-22 14:30 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-22 14:30 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-22 10:56 . 2008-03-22 10:56 <REP> d-------- C:\Documents and Settings\fabien\Bureauvirii
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\BureauTrojan.Win32.BlackBird.exe
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\BureauFWebdEditor.exe
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\Bureaufwebd.exe
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\Bureaufkwp2.0.exe
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\Bureaufkwp1.5.exe
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\Bureaufilemanagerclient.exe
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\BureauEditorFKWP2.0.exe
2008-03-22 10:56 . 2008-03-22 10:56 4,096 --a------ C:\Documents and Settings\fabien\BureauEditorFKWP1.5.exe
2008-03-21 20:05 . 2008-03-21 18:16 245,760 --a------ C:\WINDOWS\altvxvm.dll
2008-03-21 20:05 . 2008-03-21 18:17 212,992 --a------ C:\WINDOWS\drnpfdxlwn.dll
2008-03-21 19:43 . 2008-03-21 19:43 <REP> d-------- C:\Documents and Settings\fabien\Application Data\Talkback
2008-03-21 19:42 . 2008-03-21 19:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-19 14:11 . 2008-03-19 14:11 <REP> d-------- C:\Documents and Settings\Murielle\Contacts
2008-03-19 14:09 . 2008-03-08 11:59 <REP> d-------- C:\Documents and Settings\Murielle\VS80-KB925674-X86
2008-03-19 14:09 . 2008-03-08 12:40 <REP> d--h----- C:\Documents and Settings\Murielle\Voisinage r‚seau
2008-03-19 14:09 . 2008-03-08 12:40 <REP> d--h----- C:\Documents and Settings\Murielle\Voisinage d'impression
2008-03-19 14:09 . 2008-03-08 11:53 <REP> d--h----- C:\Documents and Settings\Murielle\ModŠles
2008-03-19 14:09 . 2008-03-19 14:13 <REP> dr------- C:\Documents and Settings\Murielle\Mes documents
2008-03-19 14:09 . 2008-03-08 12:40 <REP> dr------- C:\Documents and Settings\Murielle\Menu D‚marrer
2008-03-19 14:09 . 2008-03-08 12:07 <REP> d-------- C:\Documents and Settings\Murielle\IXP000.TMP
2008-03-19 14:09 . 2008-03-19 14:09 <REP> dr------- C:\Documents and Settings\Murielle\Favoris
2008-03-19 14:09 . 2008-03-08 12:40 <REP> d-------- C:\Documents and Settings\Murielle\Bureau
2008-03-19 14:09 . 2008-03-19 14:09 <REP> d-------- C:\Documents and Settings\Murielle\Application Data\Styler
2008-03-11 22:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-11 22:05 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-11 22:05 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-11 07:21 . 2008-03-11 07:21 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-11 07:21 . 2008-03-11 07:21 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-03-10 23:30 . 2008-03-10 23:30 <REP> dr-h----- C:\Documents and Settings\fabien\Application Data\SecuROM
2008-03-10 23:30 . 2008-03-10 23:30 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-10 23:13 . 2008-03-10 23:13 <REP> d-------- C:\Program Files\KONAMI
2008-03-10 18:35 . 2008-03-10 18:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
2008-03-10 18:35 . 2006-12-08 03:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCDE.DLL
2008-03-10 18:35 . 2006-04-19 03:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCDE.DLL
2008-03-10 18:35 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-03-10 18:27 . 2008-03-10 18:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-03-10 18:26 . 2007-03-11 20:07 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
2008-03-10 18:24 . 2008-03-10 18:24 <REP> d-------- C:\Documents and Settings\fabien\Application Data\InstallShield
2008-03-10 18:09 . 2007-03-27 00:00 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2008-03-10 18:09 . 2008-03-10 18:09 25 --a------ C:\WINDOWS\CDE DX7400DEFGIPS.ini
2008-03-09 23:17 . 2008-03-09 23:17 <REP> d-------- C:\Documents and Settings\fabien\Application Data\Media Player Classic
2008-03-09 16:15 . 2008-03-09 16:15 <REP> d-------- C:\Documents and Settings\fabien\Application Data\Ahead
2008-03-09 16:11 . 2008-03-09 16:11 <REP> d-------- C:\Documents and Settings\fabien\Application Data\DivX
2008-03-09 15:30 . 2008-03-09 15:30 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-08 18:41 . 2008-03-08 18:42 <REP> d-------- C:\Program Files\DivX
2008-03-08 18:40 . 2008-03-08 18:40 <REP> d-------- C:\Documents and Settings\fabien\Application Data\vlc
2008-03-08 18:34 . 2008-03-09 18:25 <REP> d-------- C:\Documents and Settings\fabien\Contacts
2008-03-08 18:28 . 2008-03-28 22:58 <REP> d-------- C:\Documents and Settings\fabien\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 11:31 --------- d-----w C:\Program Files\eMule
2008-03-26 16:23 --------- d-----w C:\Program Files\MioNet
2008-03-20 17:58 --------- d-----w C:\Program Files\Azureus
2008-03-12 06:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-03-11 21:09 --------- d-----w C:\Program Files\Windows Live
2008-03-08 12:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-07 18:11 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-11 19:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-05 05:56 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-01-09 17:09 1 ----a-w C:\Documents and Settings\Administrateur\SI.bin
2007-11-10 12:51 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2007-06-12 05:51 92,064 ----a-w C:\Documents and Settings\Administrateur\mqdmmdm.sys
2007-06-12 05:51 9,232 ----a-w C:\Documents and Settings\Administrateur\mqdmmdfl.sys
2007-06-12 05:51 79,328 ----a-w C:\Documents and Settings\Administrateur\mqdmserd.sys
2007-06-12 05:51 66,656 ----a-w C:\Documents and Settings\Administrateur\mqdmbus.sys
2007-06-12 05:51 6,208 ----a-w C:\Documents and Settings\Administrateur\mqdmcmnt.sys
2007-06-12 05:51 5,936 ----a-w C:\Documents and Settings\Administrateur\mqdmwhnt.sys
2007-06-12 05:51 4,048 ----a-w C:\Documents and Settings\Administrateur\mqdmcr.sys
2007-06-12 05:51 25,600 ----a-w C:\Documents and Settings\Administrateur\usbsermptxp.sys
2007-06-12 05:51 22,768 ----a-w C:\Documents and Settings\Administrateur\usbsermpt.sys
2007-02-20 10:29 16,792 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2004-08-28 14:00 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\system32\user32.dll

2007-12-07 02:42 825344 f4fd487241d3ac291046a22cebd2cf71 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2004-08-28 14:00 876544 78188fb53c96e0636de67d6dd6ae4725 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2004-08-28 14:00 876544 78188fb53c96e0636de67d6dd6ae4725 C:\WINDOWS\system32\wininet.dll
2007-12-07 03:08 824832 4fc90bece54fac81b0090b94e27bfb6b C:\WINDOWS\system32\DllCache\wininet.dll

2004-08-28 14:00 507904 fb66744d525ea5df9a719f1db9b2dff4 C:\WINDOWS\system32\winlogon.exe

2004-08-28 14:00 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa C:\WINDOWS\system32\drivers\ndis.sys

2004-08-28 14:00 2437632 61381c1b4c0374569fbbf20ff9be199c C:\WINDOWS\system32\ntkrnlpa.exe

2004-08-28 14:00 2302976 eb0349334ecad45736daf747222b0f0d C:\WINDOWS\system32\ntoskrnl.exe

2004-08-28 14:00 1789952 addc47dfd517f2143d71e9310e414b50 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837A022B-C2C0-4EE3-B2AC-6B896C38B030}]
2008-03-21 18:17 212992 --a------ C:\WINDOWS\drnpfdxlwn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 14:00 25088]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29 220544]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00 182272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 21:59 1235456]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 14:00 36864]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TransBar"="C:\WINDOWS\system32\transbar.exe" [2004-08-28 14:00 139264]
"Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 11:48 307200]
"Look 'n' Stop"="C:\Program Files\Soft4Ever\looknstop\looknstop.exe" [2008-03-08 12:06 516164]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480]
"nwiz"="nwiz.exe" [2006-11-17 17:29 1622016 C:\WINDOWS\system32\nwiz.exe]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07 843776]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"antiviirus"="C:\Program Files\antiviirus.exe" [ ]
"uqzjcirr"="C:\WINDOWS\system32\uqzjcirr.exe" [2008-03-21 20:09 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-28 14:00 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-28 14:00 44544]
"nltide3"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-28 14:00 403968 C:\WINDOWS\system32\cmd.exe]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2004-08-28 14:00 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"altvxvm"= {A04C6768-5B0B-47E3-89E0-0E2CFE2EE6B7} - C:\WINDOWS\altvxvm.dll [2008-03-21 18:16 245760]
"bokpkov"= {1BF20490-74B7-4871-BB3D-9F84D8C5F952} - C:\WINDOWS\bokpkov.dll [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7561:TCP"= 7561:TCP:EMULE
"7571:UDP"= 7571:UDP:EMUle
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2004-08-28 14:00]
R0 Si3124;Si3124;C:\WINDOWS\system32\drivers\Si3124.sys [2004-08-28 14:00]
R0 Si3132r5;Si3132r5;C:\WINDOWS\system32\drivers\Si3132r5.sys [2004-08-28 14:00]
R0 Si3531;Si3531;C:\WINDOWS\system32\drivers\Si3531.sys [2004-08-28 14:00]
R1 lnsfw1;lnsfw1;C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-03-08 12:06]
R2 MioNet;MioNet Service;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-29 13:05:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 14:02:58
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Windows\System32\VttHooks.dll
-> C:\WINDOWS\altvxvm.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-29 14:06:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 13:06:48
Pre-Run: 87,538,257,920 octets libres
Post-Run: 87,445,188,608 octets libres

pierrotfcna · Answer

Bonjour j'ai le meme soucis avec ce virus et depuis hier je n'arrive pas a l'enlever. Je comprend pas tres tres bien la démarche avec les rapport et tous, si quelqu'un puet maider svp.
Merci d'avance

pierrotfcna · Answer

bonjour je poste le raport combofix si vous pouvez m'aider.

ComboFix 08-04-01.2 - Choupi' 2008-04-02 12:17:13.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.695 [GMT 2:00]
Endroit: C:\Documents and Settings\Choupi'\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\Dvbpws.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-02 to 2008-04-02 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 12:02 . 2008-04-02 12:06 <REP> d-------- C:\Program Files\Navilog1
2008-04-02 11:07 . 2008-04-02 11:07 <REP> d-------- C:\_OTMoveIt
2008-04-02 00:54 . 2008-04-02 00:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 00:54 . 2008-04-02 10:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-02 00:52 . 2008-04-02 00:52 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Grisoft
2008-04-02 00:51 . 2008-04-02 00:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 00:51 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-02 00:13 . 2008-04-02 00:50 <REP> d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 21:42 . 2008-03-31 21:42 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-31 21:22 . 2008-03-31 21:22 <REP> d-------- C:\Program Files\CCleaner
2008-03-31 12:02 . 2008-03-31 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pknapczm
2008-03-31 12:02 . 2008-03-31 12:02 114,688 --a------ C:\WINDOWS\system32\dodgvwbc.exe
2008-03-31 11:34 . 2008-03-31 21:38 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\Eltima Software
2008-03-31 11:34 . 2008-04-02 00:32 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 13:33 . 2008-03-11 13:33 <REP> d-------- C:\Program Files\MSXML 4.0
2008-03-10 12:41 . 2008-03-10 12:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HP
2008-03-10 12:40 . 2008-03-10 12:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-10 12:39 . 2008-03-10 12:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-10 12:39 . 2007-03-30 17:29 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-03-10 12:39 . 2007-03-28 15:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-03-10 12:39 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-10 12:39 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-10 12:39 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-10 12:38 . 2007-03-17 08:39 958,464 -ra------ C:\WINDOWS\system32\hpotiop4.dll
2008-03-10 12:38 . 2007-03-17 08:39 675,840 -ra------ C:\WINDOWS\system32\hpowiax4.dll
2008-03-10 12:38 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-03-10 12:38 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-03-10 12:38 . 2007-03-17 08:39 303,104 -ra------ C:\WINDOWS\system32\hpovst11.dll
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-10 12:38 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-10 12:37 . 2008-04-02 11:41 <REP> d-------- C:\Documents and Settings\Choupi'\Application Data\HPAppData
2008-03-10 12:37 . 2008-03-10 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-10 12:35 . 2008-03-10 12:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-03-10 12:34 . 2008-03-10 12:34 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-10 12:33 . 2008-03-10 12:37 <REP> d-------- C:\Program Files\HP
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-10 12:33 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-10 12:31 . 2008-03-10 12:40 158,906 --a------ C:\WINDOWS\hpoins15.dat
2008-03-10 12:31 . 2007-09-20 22:05 1,039 --------- C:\WINDOWS\hpomdl15.dat
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 20:26 . 2008-03-08 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 23:03 --------- d-----w C:\Program Files\Seterra
2008-03-31 20:08 --------- d-----w C:\Program Files\eMule
2008-03-31 19:39 --------- d-----w C:\Program Files\denouvel
2008-03-31 09:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-26 17:14 --------- d-----w C:\Documents and Settings\Choupi'\Application Data\OpenOffice.org2
2008-03-08 18:27 --------- d-----w C:\Program Files\MSN Messenger
2008-03-08 18:26 --------- d-----w C:\Program Files\Windows Live
2008-02-11 07:39 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
2008-02-11 07:39 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
2008-02-08 11:53 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
2008-02-05 06:48 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
2008-01-17 12:24 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-01-13 16:23 738,304 ----a-w C:\WINDOWS\GPInstall.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"jamnveej"="C:\WINDOWS\system32\dodgvwbc.exe" [2008-03-31 12:02 114688]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:34 64512]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 18:09 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 13:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 06:58 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 03:56 16261632 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 06:51 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 06:02 786521]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 12:15 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 06:00 455168]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-08-08 15:15 634880]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 12:37 438272]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12 579584]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 21:18 208896]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 15:40 413696]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 12:19 223232]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 17:10 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 18:15 348160]
"emMON"="emMON.exe" [2006-05-30 22:24 61440 C:\WINDOWS\emMON.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"nokvkwiYxg"= C:\Documents and Settings\All Users\Application Data\pknapczm\fitglcxq.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 06:49]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S3 epindd;epindd;C:\WINDOWS\system32\drivers\epindd.sys [2006-01-12 18:20]
S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 15:46]
S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys []
S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys []
S3 USB28xxBGA;USB 2870 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 22:21]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-22 00:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 17:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CA533AV
*Newly Created Service* - MDMXSDK
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 12:21:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-02 12:22:02
ComboFix-quarantined-files.txt 2008-04-02 10:22:01
Pre-Run: 15,917,035,520 octets libres
Post-Run: 15,913,885,696 octets libres
.
2008-03-12 19:21:50 --- E O F ---

Utilisateur anonyme · Answer

bonjour pierrotfcna

creer ta propre question pour que l'ont d'aide

green day · Answer

Salut

Télécharge ceci : 

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm 

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum. 

++

darom · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:02:15, on 03/04/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\vktrxxpu\zglyruzy.exe
C:\ProgramData\dcdujgfw\bmxwdgvk.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Users\maurad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3S54NPID\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lequipe.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [vktrxxpu] C:\ProgramData\vktrxxpu\zglyruzy.exe
O4 - HKCU\..\Run: [emYWoy0B1C] C:\ProgramData\dcdujgfw\bmxwdgvk.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
pjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin
pjpi160_01.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

diol · Answer

depuis 2 jours il ya une fenetre qui apparait sur mon ordo. une fenetre d'alerte de trojandownloader et d'integrite du systeme et qui m'invite a cliquer sur un lien. j'ai regarder votre forum et voici ce que j'obtient comme rapport.
ComboFix 08-04-06.1 - diol 2008-04-07 16:42:53.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1070 [GMT 2:00]
Endroit: C:\Users\diol\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAKB7WVO\ComboFix[1].exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\diol\Desktopblackbird.jpg
C:\Users\diol\DesktopEditorFKWP1.5.exe
C:\Users\diol\DesktopEditorFKWP2.0.exe
C:\Users\diol\Desktopfilemanagerclient.exe
C:\Users\diol\Desktopfkwp1.5.exe
C:\Users\diol\Desktopfkwp2.0.exe
C:\Users\diol\Desktopfwebd.exe
C:\Users\diol\DesktopFWebdEditor.exe
C:\Users\diol\DesktopTrojan.Win32.BlackBird.exe
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\jusched.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.

2008-04-07 16:45 . 2008-04-07 16:45 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-04-07 00:35 . 2006-10-26 20:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-04-06 16:59 . 2008-04-06 16:59 <REP> d-------- C:\Program Files\Norton Security Scan
2008-04-05 23:54 . 2008-04-05 23:54 <REP> d-------- C:\Users\diol\AppData\Roaming\muvee Technologies
2008-04-05 23:54 . 2008-04-05 23:54 <REP> d-------- C:\Users\All Users\TEMP
2008-04-05 23:54 . 2008-04-05 23:54 <REP> d-------- C:\ProgramData\TEMP
2008-04-05 20:12 . 2008-04-05 20:12 <REP> d-------- C:\Users\All Users\qrizrart
2008-04-05 20:12 . 2008-04-05 20:12 <REP> d-------- C:\Users\All Users\bsbctqhe
2008-04-05 20:12 . 2008-04-05 20:12 <REP> d-------- C:\ProgramData\qrizrart
2008-04-05 20:12 . 2008-04-05 20:12 <REP> d-------- C:\ProgramData\bsbctqhe
2008-04-04 17:44 . 2008-04-05 00:09 <REP> d-------- C:\Users\diol\AppData\Roaming\LimeWire
2008-04-04 17:44 . 2008-04-04 17:51 <REP> d-------- C:\Program Files\LimeWire
2008-04-03 17:21 . 2008-04-03 17:22 131,072 --a------ C:\Windows\System32\Ikeext.etl
2008-03-29 22:00 . 2008-03-29 22:00 <REP> d-------- C:\Program Files\FriendFinder
2008-03-28 02:22 . 2008-03-28 02:43 <REP> d-------- C:\Users\diol\AppData\Roaming\Notepad++
2008-03-28 02:22 . 2008-03-28 02:22 <REP> d-------- C:\Program Files\Notepad++
2008-03-24 00:14 . 2008-03-24 00:14 <REP> d-------- C:\Users\diol\Program Files
2008-03-23 18:22 . 2008-04-04 23:26 <REP> d-------- C:\Users\All Users\Downloaded Installations
2008-03-23 18:22 . 2008-04-04 23:26 <REP> d-------- C:\ProgramData\Downloaded Installations
2008-03-23 17:10 . 2008-04-07 16:46 <REP> d-------- C:\Users\diol\AppData\Roaming\DNA
2008-03-23 17:10 . 2008-03-23 17:10 <REP> d-------- C:\Users\diol\AppData\Roaming\BitTorrent
2008-03-23 17:10 . 2008-03-23 17:10 <REP> d-------- C:\Program Files\DNA
2008-03-21 00:13 . 2008-03-21 00:17 <REP> d-------- C:\site
2008-03-17 20:42 . 2008-03-17 20:42 127,034 -r------- C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-03-17 20:41 . 2007-07-19 02:39 1,278,104 --a------ C:\Windows\System32\drivers\LV302V32.SYS
2008-03-17 20:41 . 2007-07-19 02:43 490,008 --a------ C:\Windows\System32\LVUI2.dll
2008-03-17 20:41 . 2007-07-19 02:44 465,432 --a------ C:\Windows\System32\LVUI2RC.dll
2008-03-17 20:41 . 2007-07-19 02:40 416,280 --a------ C:\Windows\System32\lvcodec2.dll
2008-03-17 20:41 . 2007-07-19 02:40 195,096 --a------ C:\Windows\System32\lvci1110.dll
2008-03-17 20:41 . 2007-07-19 01:54 58,163 --a------ C:\Windows\System32\lvcoinst.ini
2008-03-17 20:41 . 2007-07-19 02:44 41,752 --a------ C:\Windows\System32\drivers\LVUSBSta.sys
2008-03-17 20:41 . 2007-07-19 01:55 19,344 --a------ C:\Windows\System32\Repository.reg
2008-03-17 20:41 . 2007-07-19 02:39 13,848 --a------ C:\Windows\System32\drivers\lv302af.sys
2008-03-17 20:38 . 2008-03-17 20:38 <REP> d-------- C:\Users\All Users\Logitech
2008-03-17 20:38 . 2008-03-17 20:38 <REP> d-------- C:\ProgramData\Logitech
2008-03-17 20:38 . 2008-03-17 20:42 <REP> d-------- C:\Program Files\Logitech
2008-03-17 20:38 . 2008-03-17 20:43 <REP> d-------- C:\Program Files\Common Files\LogiShrd
2008-03-17 20:37 . 2008-03-17 20:38 <REP> d-------- C:\Users\All Users\LogiShrd
2008-03-17 20:37 . 2008-03-17 20:38 <REP> d-------- C:\ProgramData\LogiShrd
2008-03-17 16:52 . 2008-03-17 19:11 230,424 --a------ C:\img2-001.raw
2008-03-17 16:36 . 2008-03-17 19:35 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-03-16 18:49 . 2008-03-16 18:49 <REP> d-------- C:\Users\Public\CyberLink
2008-03-16 18:49 . 2008-03-16 18:49 <REP> d-------- C:\Users\diol\AppData\Roaming\CyberLink
2008-03-16 18:49 . 2008-03-16 18:49 <REP> d-------- C:\Users\All Users\CyberLink
2008-03-16 18:49 . 2008-03-16 18:49 <REP> d-------- C:\ProgramData\CyberLink
2008-03-07 22:33 . 2007-07-17 19:07 10,371,072 --a------ C:\Windows\System32\drivers\snpstd3.sys
2008-03-07 22:33 . 2007-08-06 16:29 94,720 --a------ C:\Windows\System32\drivers\camfilt2.sys
2008-03-07 22:33 . 2007-04-20 17:26 57,344 --a------ C:\Windows\System32\vsnpstd3.dll
2008-03-07 22:33 . 2005-11-23 14:55 53,248 --a------ C:\Windows\System32\csnpstd3.dll
2008-03-07 22:33 . 2007-07-20 12:33 15,478 --a------ C:\Windows\snpstd3.ini
2008-03-07 22:33 . 2007-07-20 12:18 13,003 --a------ C:\Windows\snpstd3.src

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:36 --------- d-----w C:\ProgramData\Google Updater
2008-04-07 14:07 --------- d-----w C:\ProgramData\Symantec
2008-04-07 14:06 --------- d-----w C:\Users\diol\AppData\Roaming\skypePM
2008-04-06 22:37 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 14:35 --------- d-----w C:\ProgramData\HP Product Assistant
2008-04-06 13:57 --------- d-----w C:\Users\diol\AppData\Roaming\Skype
2008-04-05 23:03 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-05 23:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-05 21:54 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-05 21:54 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-05 21:54 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-05 21:54 --------- d-----w C:\Program Files\Symantec
2008-03-17 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 15:00 --------- d-----w C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-03-13 15:00 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-03-06 19:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 19:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 19:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-03-04 18:41 --------- d-----w C:\Users\diol\AppData\Roaming\ArcSoft
2008-03-04 16:35 --------- d-----w C:\Program Files\Philips
2008-03-04 15:41 --------- d-----w C:\Program Files\MioNet
2008-03-04 11:22 --------- d-----w C:\Program Files\Google
2008-03-01 11:45 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-01 11:45 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-01 11:36 --------- d-----w C:\ProgramData\Skype
2008-03-01 11:36 --------- d-----w C:\Program Files\Skype
2008-03-01 11:36 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-01 00:38 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-29 19:32 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 19:32 --------- d-----w C:\Program Files\Windows Live
2008-02-29 19:30 --------- d-----w C:\ProgramData\WLInstaller
2008-02-29 15:57 --------- d-----w C:\ProgramData\BVRP Software
2008-02-29 12:50 25,600 ----a-w C:\Users\diol\usbsermptxp.sys
2008-02-29 12:50 22,768 ----a-w C:\Windows\system32\drivers\usbsermpt.sys
2008-02-29 12:50 22,768 ----a-w C:\Users\diol\usbsermpt.sys
2008-02-29 08:41 --------- d-----w C:\ProgramData\WildTangent
2008-02-28 20:08 --------- d-----w C:\Users\diol\AppData\Roaming\WildTangent
2008-02-28 18:58 --------- d-----w C:\Users\diol\AppData\Roaming\HP
2008-02-28 17:36 --------- d-----w C:\Program Files\Microsoft Works
2008-02-28 17:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-28 16:17 --------- d-----w C:\ProgramData\WEBREG
2008-02-28 16:11 --------- d-----w C:\ProgramData\HP
2008-02-28 16:07 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-02-28 16:07 --------- d-----w C:\Program Files\HP
2008-02-28 16:06 --------- d-----w C:\Users\diol\AppData\Roaming\HPAppData
2008-02-28 16:03 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-02-28 16:02 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-28 15:55 --------- d-----w C:\Program Files\EasyBits For Kids
2008-02-28 15:46 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-28 13:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-28 13:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-28 13:31 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-02-28 13:31 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-28 13:31 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-28 13:31 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-02-28 13:31 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-28 13:31 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-28 13:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-28 13:31 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-02-28 13:30 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-02-28 13:30 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-02-28 13:30 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-02-28 13:30 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-02-28 13:30 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-02-28 13:29 3,505,848 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-28 13:29 3,472,056 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-28 13:27 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-28 13:27 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-28 13:26 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-28 13:26 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-28 13:21 --------- d-----w C:\Users\diol\AppData\Roaming\Hewlett-Packard
2008-02-28 13:20 --------- d-----w C:\Users\diol\AppData\Roaming\Symantec
2008-02-28 13:20 --------- d-----w C:\Users\diol\AppData\Roaming\ATI
2008-02-28 13:13 1,780 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_KJ281AA-ABF a6306.fr_YC_0Pavi_QCNX751_E81FRv3PrA1_49_ILivermore8_SECS_V1.0_B5.21_T071114_WUH0_L40C_M2047_J320_7Intel_8Pentium Dual E2140_91.6_#080228_N10EC8136_Z_G100294C7.MRK
2008-02-28 13:11 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-02-28 13:11 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-02-28 13:11 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-02-28 13:11 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-28 13:10 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-02-28 13:10 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-02-28 13:10 33,624 ----a-w C:\Windows\System32\wups.dll
2008-02-28 13:10 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-02-28 13:10 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-02-28 13:03 --------- d-sh--w C:\ProgramData\Modèles
2008-02-28 13:03 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-28 13:03 --------- d-sh--w C:\ProgramData\Favoris
2008-02-28 13:03 --------- d-sh--w C:\ProgramData\Bureau
2008-02-28 13:03 --------- d-sh--w C:\Program Files\Fichiers communs
2007-12-07 23:52 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 15:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-05 23:53 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 15:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-28 15:30 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 19:02 1783136]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 19:37 21898024]
"BitTorrent DNA"="C:\Users\diol\Program Files\DNA\btdna.exe" [2008-03-27 12:04 288576]
"qrizrart"="C:\ProgramData\qrizrart\nspklqpa.exe" [2008-04-05 20:12 102400]
"7NRm70wjsX"="C:\ProgramData\bsbctqhe\vgvwrgvs.exe" [2008-04-05 20:12 37376]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-08 10:09 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 17:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 15:52 4702208 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"VX1000"="C:\Windows\vVX1000.exe" [2007-04-10 23:46 709992]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 17:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 17:06 2027792]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 22:26:24 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-17 20:42:50 67128]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-02 20:47:50 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"msacm.l3codecp"= l3codecp.acm
"MSVideo8"= VfWWDM32.dll
"MSVideo"= vfwwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0C9743C3-5FF3-42E4-B565-8A5CA8671C3E}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7917DE18-04E9-47D1-B4FA-EE8A23B433B1}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E8F6D19-EB3F-4210-B063-91943CADBB74}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{188DA9D4-A45A-45E4-B1BA-8F610C6D97B9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B3F5D5AB-D188-4A5E-8C6A-C4172B703BF9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{E65756F3-9BD6-40B0-94D2-1273962D51E5}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{90C3CAA7-E7AF-45AB-9AD5-280E8DF86A24}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{65A148B0-AB02-44C5-9E8A-C5A2980B35AD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{5A1C2025-84F3-4A09-B898-2D350230C5CD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{007B1E73-AA4E-405D-B8E6-89B2994D9868}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6B0D4E5B-63FE-4C9D-80DA-3C3D04137F52}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B175D33D-F7BB-4539-9A14-98B6D43B9251}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9E2C88E8-2EEB-4833-871B-979375756C45}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{CD2809FE-1817-4323-A40F-9B4C4B8CAB87}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EF672416-D15E-412B-A31C-7D91DD7419FC}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{576878E7-820F-4D70-9257-6A8EEA39BDDF}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{0A9CA718-175A-412B-872E-34E6400CACBB}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B3004387-BDC5-4328-B5FF-0A5B1909D922}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080403.004\IDSvix86.sys [2008-03-20 22:37]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-15 00:16]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 12:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 08:50]
S3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2007-08-06 16:29]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 01:33]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 12:27]
S3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-05 23:04:07 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - diol.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 16:46:16
Windows 6.0.6000 NTFS

Balayage processus cachés ...

LVPrcSrv.exe [24284]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-07 16:47:15
ComboFix-quarantined-files.txt 2008-04-07 14:47:10
Pre-Run: 243,862,863,872 octets libres
Post-Run: 243,834,392,576 octets libres
.
2008-04-06 22:37:23 --- E O F ---

...............................................................................
et avec
Search Navipromo version 3.5.2 commencé le 07/04/2008 à 18:17:08,83

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "diol"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\Windows ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\ProgramData ***

*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

*** Recherche dossiers dans c:\users\diol\appdata\roaming\microsoft\windows\start menu\programs ***

*** Recherche dossiers dans C:\Users\diol\AppData\Local\virtualstore\Program Files ***

*** Recherche dossiers dans C:\Users\diol\AppData\Roaming ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\Windows\system32 *

* Recherche dans C:\Users\diol\AppData\Local\Microsoft *

* Recherche dans C:\Users\diol\AppData\Local\virtualstore\windows\system32 *

* Recherche dans C:\Users\diol\AppData\Local *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\Windows\system32 :

* Dans C:\Users\diol\AppData\Local\Microsoft :

* Dans C:\Users\diol\AppData\Local\virtualstore\windows\system32 :

* Dans C:\Users\diol\AppData\Local :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 07/04/2008 à 18:24:14,06 ***
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
<gras>Quelqu'un peut il m'aider a l'analyser ? et merci d'avance</gras>

nanye681 · Answer

J'aurai besoin de votre aide....
Depuis 2 jour j'ai la même fenetre qui s'ouvre comme fromelh... est ce que je dois faire la même manip...
Je vous joint le rapport que j'ai fait avec ComboFix.exe..

ComboFix 08-05-01.3 - Propriétaire 2008-05-03 12:25:31.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-03 to 2008-05-03 ))))))))))))))))))))))))))))))))))))
.

2008-05-03 12:01 . 2008-05-03 12:01 94,208 --a------ C:\WINDOWS\system32\twrklwhs.exe
2008-05-03 09:44 . 2008-05-03 09:44 4,096 --a------ C:\WINDOWS\system32\medup020.dll
2008-05-03 09:44 . 2008-05-03 09:44 4,096 --a------ C:\WINDOWS\system32\medup012.dll
2008-05-03 09:43 . 2008-05-03 09:43 94,208 --a------ C:\WINDOWS\system32\oletohcl.exe
2008-05-03 01:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-03 01:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-03 01:05 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-03 01:05 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-03 01:05 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-03 01:05 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-03 01:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-03 01:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-02 21:47 . 2008-05-02 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\glcnyjax
2008-05-02 21:40 . 2008-05-02 21:41 <REP> d-------- C:\Program Files\Fichiers communs\Corel
2008-05-02 21:27 . 2008-05-02 21:27 <REP> d-------- C:\Program Files\PsykonikCorp
2008-05-02 20:23 . 2008-05-02 21:40 <REP> d-------- C:\Program Files\Corel
2008-05-01 10:14 . 2008-05-03 00:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-01 07:40 . 2008-05-01 07:37 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-30 14:24 . 2008-04-30 14:24 <REP> d-------- C:\Documents and Settings\Propriétaire
\Application Data\Printer Info Cache
2008-04-27 21:06 . 2008-04-27 21:06 <REP> d-------- C:\Program Files\QuickTime
2008-04-27 21:06 . 2008-04-27 21:06 <REP> d-------- C:\Program Files\Magicbit
2008-04-27 18:36 . 2008-04-27 18:36 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-27 14:08 . 2008-04-27 14:08 <REP> d---s---- C:\Documents and Settings\LocalService\Favoris
2008-04-27 13:52 . 2008-04-27 14:14 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 16:22 . 2008-04-19 16:22 <REP> d-------- C:\Program Files\eRightSoft
2008-04-19 15:34 . 1999-12-17 11:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-04-19 12:28 . 2008-05-02 22:04 <REP> d-------- C:\Documents and Settings\Denis SCHIEBER\Application Data\Corel
2008-04-19 12:17 . 2008-04-19 12:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-04-13 12:23 . 2008-04-27 21:03 <REP> d-------- C:\Program Files\MediaCoder
2008-04-13 12:15 . 2008-04-19 12:40 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-04-13 12:15 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-04-13 12:15 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-04-13 12:15 . 2007-02-27 19:36 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-04-13 12:15 . 2007-02-27 19:36 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2008-04-13 12:15 . 2007-02-27 19:36 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-13 12:15 . 2007-02-27 19:36 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2008-04-13 12:15 . 2007-02-27 19:36 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2008-04-13 12:15 . 2007-02-27 19:36 38,912 --a------ C:\WINDOWS\system32\alf2cd.acm
2008-04-13 12:15 . 2007-02-27 19:36 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2008-04-07 23:35 . 2008-04-27 13:42 <REP> d-------- C:\WINDOWS\ShellNew
2008-04-07 22:46 . 2008-04-08 00:17 <REP> d-------- C:\Documents and Settings\Denis SCHIEBER\Application Data\OpenOffice.org2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 09:54 --------- d-----w C:\Program Files\BitComet
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\winlogonpc.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\taack.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\ssurf022.dll
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\sncntr.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\psoft1.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\psof1.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\ps1.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\netode.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\mwin32.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\msnbho.dll
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\hxiwlgpm.exe
2008-05-03 07:44 4,096 ----a-w C:\WINDOWS\system32\hoproxy.dll
2008-05-02 20:08 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-02 19:47 102,400 ----a-w C:\WINDOWS\system32\mxwvufir.exe
2008-04-30 12:28 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\U3
2008-04-19 13:34 --------- d-----w C:\Program Files\DivX
2008-04-19 10:54 --------- d-----w C:\Program Files\Lavasoft
2008-04-19 10:54 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Lavasoft
2008-04-19 10:27 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-07 21:12 --------- d-----w C:\Program Files\Java
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 07:29 --------- d-----w C:\Program Files\Google
2008-03-30 13:18 --------- d-----w C:\Program Files\BitTorrent
2008-03-30 13:01 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\BitTorrent
2008-03-30 09:43 --------- d-----w C:\Program Files\Windows Live
2008-03-30 09:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-29 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 21:24 81,920 ----a-w C:\Documents and Settings\Propriétaire\Application Data\ezpinst.exe
2008-03-17 21:24 47,360 ----a-w C:\Documents and Settings\Propriétaire\Application Data\pcouffin.sys
2008-03-17 21:24 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Vso
2008-03-17 21:09 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-16 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-15 20:18 --------- d-----w C:\Program Files\Elaborate Bytes
2008-03-09 17:05 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-03 12:13 39,424 ----a-w C:\WINDOWS\zipinst.exe
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-12 22:58 141,646 -c--a-w C:\Documents and Settings\Propriétaire\Application Data\mdb.bin
2008-02-10 11:37 71,326 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2008-02-10 11:37 5,376 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-07 14:15 408,576 ----a-w C:\WINDOWS\system32\Smab.dll
2007-08-20 18:15 5,632 -csha-w C:\Program Files\Thumbs.db
2006-11-04 09:12 5 --sha-w C:\WINDOWS\system32\bbdaaca6_s.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2007-06-02 21:05 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-06-02 21:05 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
2007-06-02 21:05 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-03_12.09.18.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-03 09:55:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 10:23:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AECB3C96-189C-35F9-9C0B-A3832B3C1839}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3E1A7455-8F94-40B1-A2A8-4FE1A5264F8B}"= "C:\WINDOWS\wxdbpfvo.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{3e1a7455-8f94-40b1-a2a8-4fe1a5264f8b}]
[HKEY_CLASSES_ROOT\wxdbpfvo.1]
[HKEY_CLASSES_ROOT\TypeLib\{C8DFBEB7-935F-4DC6-A9F9-DBDD0D32E54C}]
[HKEY_CLASSES_ROOT\wxdbpfvo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"flybledj"="C:\WINDOWS\system32\mxwvufir.exe" [2008-05-02 21:47 102400]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"omdpyfki"="C:\WINDOWS\system32\oletohcl.exe" [2008-05-03 09:43 94208]
"dcbpfock"="C:\WINDOWS\system32\twrklwhs.exe" [2008-05-03 12:01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-01-11 23:32:48 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"D0dLZdKRDN"= C:\Documents and Settings\All Users\Application Data\glcnyjax\ynmfqrmh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Documents and Settings\\Propriétaire\\Mes documents\\Driver\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12900:TCP"= 12900:TCP:BitComet 12900 TCP
"12900:UDP"= 12900:UDP:BitComet 12900 UDP

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 14:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 15:29]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-01-27 23:04]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 10:15]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - ADILOADER
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-02 19:07:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9461E81C-7810-4502-A6BA-7A528089CBA2}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 12:28:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-03 12:35:37
ComboFix-quarantined-files.txt 2008-05-03 10:35:16
ComboFix2.txt 2008-05-03 10:10:44

Pre-Run: 77,555,429,376 octets libres
Post-Run: 77,542,518,784 octets libres

203 --- E O F --- 2008-04-27 20:06:20

Merci de m'aidée

Utilisateur anonyme · Answer

bonsoir nanye681

cree ta propre question car ce topic est marqué résolu